Re: [swinog] Swisscom disables xxx website!?
Claudio Jeker schrieb: Are you willing to pay more? Shure im not. And sorry, this has nothing to do with cyberterror, this is just the good old russion buisiness network trying to blackmail or destroy some competitor. cyberterror things I think you watched too many 24 episodes. Are you realy shure? For the moment there are only related DDOS Attacks agains a little amount of websites. But in the future? In the future it can be another website with normal content. What about the other ISPs? This is a global issue. Actually what about Microsoft and all those other big shot software comapanies distributing crap and providing the hotbeds for the botnets? It would be interesting to know the sources from where the DDOS Attack against Swisscom came. And was it over peerings or from an upstream provider. I know if you can't work together with the provider from where the traffic came, then you have already filled pipes. I don't have a solution at the moment, but i don't think the problem will be only against xxx related sites. Adrian ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Swisscom disables xxx website!?
Ok this time it was only a xxx website. And next time? Sorry if a provider goes the way that he shut down some of his customer, because of a DDOS Attack it will be voulnerable also for other cyberterror things. And voulnerable means not on the technical way, but on the financial and political way. So it would be interesting how Swisscom would solve this challenge in the future. Adrian ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] RBL's (again) (Was: Anyone from Green here?)
Stanislav Sinyagin schrieb: I don't know anything about proper spammers. Greylisting has reduced the amount of incoming spam significantly, probably at 90-95%. Of course there are spambots which play around greylisting, but they aren't yet that widely used. Agreed. For my mail system at business i have at the moment a high amount of blocked mails by greylisting, swinog list and some other RBL lists. At the beginning of this week we had a high amount of blocked mails. Reason was probably a new wave of spam bot mails. Without the blocking system our mail gateway wouldn't be able to process the load. And no we don't have any complains since months! Nor for the greylisting , nor for the RBL blocking. Adrian ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Problems reaching large Websites
Same problem here tracert www.sf.tv from home Routenverfolgung zu a1133.g.akamai.net [80.67.84.74] über maximal 30 Abschnitte : 1 1 ms 1 ms 1 ms smc.senntec.ch [10.1.1.1] 2 3 ms 3 ms 3 ms eth0.r1.senn.ch [213.144.132.49] 312 ms13 ms13 ms lo0.lns1.bbcs.init7.net [213.144.128.205] 413 ms17 ms23 ms r1.core.init7.net [213.144.128.1] 512 ms13 ms13 ms tix2-nap.netarch.akamai.com [194.42.48.48] 6 * from switch Traceroute to 80.67.84.74 traceroute to 80.67.84.74 (80.67.84.74), 30 hops max, 40 byte packets 1 swiCS5-V108 (130.59.108.5) 0.267 ms 0.204 ms 0.194 ms 2 swiCS3-10GE-1-3 (130.59.15.189) 0.248 ms 0.212 ms 0.214 ms 3 swiEZ2-10GE-5-2 (130.59.36.18) 0.221 ms 0.212 ms 0.219 ms 4 swiIX1-10GE-1-1 (130.59.36.250) 0.386 ms 0.354 ms 0.340 ms 5 tix2-nap.netarch.akamai.com (194.42.48.48) 0.509 ms 0.504 ms 0.323 ms 6 * * * ; DiG 9.3.1 www.sf.tv @213.144.132.52 ; (1 server found) ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 53005 ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 9, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.sf.tv. IN A ;; ANSWER SECTION: www.sf.tv. 1779IN CNAME www.sf.tv.edgesuite.net. www.sf.tv.edgesuite.net. 21579 IN CNAME a1133.g.akamai.net. a1133.g.akamai.net. 20 IN A 80.67.84.74 a1133.g.akamai.net. 20 IN A 80.67.84.75 ;; AUTHORITY SECTION: g.akamai.net. 1778IN NS n5g.akamai.net. g.akamai.net. 1778IN NS n6g.akamai.net. g.akamai.net. 1778IN NS n7g.akamai.net. g.akamai.net. 1778IN NS n8g.akamai.net. g.akamai.net. 1778IN NS n0g.akamai.net. g.akamai.net. 1778IN NS n1g.akamai.net. g.akamai.net. 1778IN NS n2g.akamai.net. g.akamai.net. 1778IN NS n3g.akamai.net. g.akamai.net. 1778IN NS n4g.akamai.net. ;; Query time: 574 msec ;; SERVER: 213.144.132.52#53(213.144.132.52) ;; WHEN: Mon Jan 28 23:58:31 2008 ;; MSG SIZE rcvd: 287 ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] Microsoft in Troubles?
Hi all Has Microsoft a routing problem? The route to the akamai servers seems to be dropping. tracert -d www.microsoft.com Routenverfolgung zu lb1.www.ms.akadns.net [207.46.19.254] über maximal 30 Absch nitte: 1 1 ms 1 ms 1 ms 10.1.1.1 2 3 ms 3 ms 3 ms 213.144.132.49 314 ms14 ms17 ms 213.144.128.205 414 ms14 ms13 ms 213.144.128.30 5 *** Zeitüberschreitung der Anforderung. traceroute to lb1.www.ms.akadns.net (207.46.19.254), 30 hops max, 40 byte packets 1 swiCP2-V138 (130.59.138.2) 0.432 ms 0.399 ms 0.430 ms 2 swiEL2-10GE-1-1 (130.59.36.9) 0.323 ms 0.257 ms 0.250 ms 3 swiCE3-10GE-1-3 (130.59.37.65) 1.042 ms 1.007 ms 1.001 ms 4 so-1-1-0.ar2.CDG2.gblx.net (64.213.33.221) 26.600 ms 26.603 ms 26.656 ms 5 ge4-1-10G.ar2.SJC2.gblx.net (67.17.105.6) 180.637 ms 180.582 ms 180.631 ms 6 msn-1.ar2.SJC2.gblx.net (64.215.195.90) 182.340 ms 182.218 ms 182.243 ms 7 ge-0-3-0-46.sjc-64cb-1a.ntwk.msn.net (207.46.47.2) 182.284 ms 182.289 ms 182.271 ms 8 ge-1-0-0-0.bay-64c-1a.ntwk.msn.net (207.46.37.158) 182.986 ms 182.937 ms 182.978 ms 9 ten8-1.bay-76c-1d.ntwk.msn.net (207.46.40.106) 182.856 ms 182.826 ms 182.816 ms 10 ten9-3-905.bay-76c-1b.ntwk.msn.net (207.46.44.37) 182.960 ms 182.950 ms 182.867 ms 11 po8.bay-6nf-mcs-2b.ntwk.msn.net (64.4.62.78) 182.855 ms 182.874 ms 182.931 ms 12 * * po8.bay-6nf-mcs-2b.ntwk.msn.net (64.4.62.78) 182.920 ms !A 13 * po8.bay-6nf-mcs-2b.ntwk.msn.net (64.4.62.78) 183.718 ms !A * 14 * * * 15 po8.bay-6nf-mcs-2b.ntwk.msn.net (64.4.62.78) 183.920 ms !A * 182.935 ms !A 1 ge-5-2.hsa2.Geneva1.Level3.net (213.242.73.137) [AS 3356] 0 msec 0 msec 0 msec 2 so-5-0-0.mpls2.Geneva1.Level3.net (4.68.125.181) [AS 3356] 0 msec 0 msec 4 msec 3 ae-1-0.bbr2.Frankfurt1.Level3.net (212.187.128.29) [AS 3356] 8 msec 12 msec 12 msec 4 as-0-0.bbr1.SanJose1.Level3.net (64.159.1.133) 184 msec ae-0-0.bbr2.SanJose1.Level3.net (64.159.1.130) 256 msec 184 msec 5 vlan79.csw2.SanJose1.Level3.net (4.68.18.126) [AS 3356] 172 msec 180 msec 180 msec 6 ge-4-0-0-52.gar1.SanJose1.Level3.net (4.68.123.34) [AS 3356] 176 msec 176 msec 176 msec 7 65.57.86.6 176 msec 176 msec 176 msec 8 ge-6-3-0-46.pao-64cb-1b.ntwk.msn.net (207.46.46.67) 176 msec 176 msec 176 msec 9 ge-7-0-0-0.pao-64cb-1a.ntwk.msn.net (207.46.46.101) [MPLS: Label 151584 Exp 0] 176 msec 176 msec 176 msec 10 ge-7-1-0-0.bay-64c-1a.ntwk.msn.net (207.46.34.97) 176 msec 176 msec 180 msec 11 po3.bay-6nf-mcs-1a.ntwk.msn.net (64.4.62.134) 176 msec 176 msec 180 msec 12 * * !A Regards Adrian ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] blackholed network 212.243.197.6
Hi all Traceroute over ip plus to 212.243.197.6 seams to be dropped. tracert ns0.space4u.com Any idea what else is happening? Routenverfolgung zu ns0.space4u.com [212.243.197.6] über maximal 30 Abschnitte: 1 1 ms 1 ms 1 ms smc.senntec.ch [10.1.1.1] 2 3 ms 3 ms 3 ms eth0.r1.senn.ch [213.144.132.49] 3 2003 ms 107 ms 161 ms lo0.lns2.bbcs.init7.net [213.144.128.206] 4 138 ms25 ms12 ms r4.core.init7.net [213.144.128.4] 561 ms45 ms47 ms r1zrh.ce.init7.net [82.197.168.17] 631 ms41 ms 329 ms i79tix-015-gig2-17.bb.ip-plus.net [164.128.22.97 ] 7 153 ms 190 ms 220 ms i79zhh-015-xxx1-4.bb.ip-plus.net [138.187.129.73 ] 815 ms14 ms14 ms i75sgw-000-gig0-1.bb.ip-plus.net [138.187.130.42 ] 9 *** Zeitüberschreitung der Anforderung. 10 *** Zeitüberschreitung der Anforderung. 11 ^C same from switch traceroute to 212.243.197.6 (212.243.197.6), 30 hops max, 38 byte packets 1 swiCS5-V108 (130.59.108.5) 0.285 ms 0.208 ms 0.184 ms 2 swiCS3-10GE-1-3 (130.59.15.189) 0.251 ms 0.440 ms 0.221 ms 3 swiEZ2-10GE-5-2 (130.59.36.18) 0.267 ms 0.370 ms 0.229 ms 4 swiIX1-10GE-1-1 (130.59.36.250) 0.320 ms 0.309 ms 0.299 ms 5 tix-1.ip-plus.net (194.42.48.72) 0.777 ms 0.457 ms 0.357 ms 6 i79zhh-015-xxx1-4.bb.ip-plus.net (138.187.129.73) 0.456 ms 0.398 ms 0.388 ms 7 i75sgw-000-gig0-1.bb.ip-plus.net (138.187.130.42) 1.620 ms 1.723 ms 1.728 ms 8 * * * 9 * Adrian ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] AS6730 unreachable from some parts of the net ??
Another interesting point. If the DNS entries of sbb.ch are removed from the local dns cache, there is no way to send mail to this domain! Two IPs in the same subnet range! ; DiG 9.3.1 sbb.ch @merapi.switch.ch any ; (2 servers found) ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 22688 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;sbb.ch.IN ANY ;; AUTHORITY SECTION: sbb.ch. 43200 IN NS ns1.sbb.ch. sbb.ch. 43200 IN NS ns2.sbb.ch. ;; ADDITIONAL SECTION: ns1.sbb.ch. 43200 IN A 194.150.245.3 ns2.sbb.ch. 43200 IN A 194.150.245.4 ;; Query time: 29 msec ;; SERVER: 130.59.211.10#53(130.59.211.10) ;; WHEN: Fri May 11 17:46:35 2007 ;; MSG SIZE rcvd: 92 Adrian ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Relay bluewin.ch
Hi Can someone from bluewin's Relaying not allowed-department please contact me off-list? They seem to have a serious problem. The original message was received at Tue, 17 Jan 2006 23:43:59 +0100 from 217-162-48-xx.dclient.hispeed.ch [217.162.48.xx] - The following addresses had permanent fatal errors - [EMAIL PROTECTED] (reason: 550 RCPT TO:[EMAIL PROTECTED] Relaying not allowed) [EMAIL PROTECTED] (reason: 550 RCPT TO:[EMAIL PROTECTED] Relaying not allowed) - Transcript of session follows - ... while talking to mxbw.bluewin.ch.: RCPT To:[EMAIL PROTECTED] 550 RCPT TO:[EMAIL PROTECTED] Relaying not allowed 550 5.1.1 [EMAIL PROTECTED]... User unknown RCPT To:[EMAIL PROTECTED] 550 RCPT TO:[EMAIL PROTECTED] Relaying not allowed 550 5.1.1 [EMAIL PROTECTED]... User unknown No i'm not the cablecom customer but a collegue of me which asked. Adrian ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] [***Spam***] hispeed crap was Blutige Selbstjustiz
Hello It would be very nice if some of the listmembers which are using hispeed as provider, would check their computer with an actual virusscanner. Monday Received: from pefvfim.com (217-162-115-194.dclient.hispeed.ch [217.162.115.194]) by melitta.init7.net (8.13.4/8.13.4/Debian-1) with SMTP id j4GHhS7x017551; Mon, 16 May 2005 19:43:29 +0200 Today Received: from osndbb.ch (217-162-207-74.dclient.hispeed.ch [217.162.207.74]) by groundhog.init7.net (8.13.4/8.13.4/Debian-1) with SMTP id j4IGlOqj009620; Wed, 18 May 2005 18:47:26 +0200 Kind regards Adrian Senn -- |p mbox: [EMAIL PROTECTED] _ | |g mbox: [EMAIL PROTECTED] ASCII ribbon campaign ( )| |www: http://www.senn.ch/ - against HTML email X | | http://www.cevinet.ch/vCards / \| ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
