[swinog] Re: Research project on Sustainable Networking

[Rainer Duffner via swinog]

Am 2024-06-21 16:48, schrieb Romain Jacob via swinog:

Dear Urs,

Let me keep the list on to reply to some questions, as you are not the
first to ask:

* Most routers we are interested in have multiple power supply. Our
strategy is to use one measurement unit per PSU. That demands extra
hardware, but we wouldn't want to have two PSU connected to the same
power meter anyway as this would create a potential single point of
failure.
* Network connectivity for the Pi is required but DOES WORK BEHIND A
FIREWALL. The only requirement is that the Pi must be able to connect
to the Internet.

Thanks again to those who already reached out!




"the Internet" - you mean Port 443, any IP?


___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch

[swinog] Any users of SCION here?

[Rainer Duffner via swinog]

Hi,

and specifically the hardware the company behind it (anapaya) sells.





Best Regards
Rainer
___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch

[swinog] Re: strange failure from online.de MX

[Rainer Duffner via swinog]

Am 2023-03-23 09:41, schrieb Michael Righter via swinog:

Hi

A mail to @online.de is blocked on their site with this error. Never
seen such an error.
Anyone seen this before or knows a contact to them?

2023-03-21T09:00:04Z;EMIG;mx01.emig.kundenserver.de[217.72.192.66];400
EmiG fingerprint mismatch
2023-03-21T09:30:04Z;EMIG;mx00.emig.kundenserver.de[212.227.15.40];400
EmiG fingerprint mismatch
2023-03-21T10:00:04Z;EMIG;mx00.emig.kundenserver.de[212.227.15.40];400
EmiG fingerprint mismatch
2023-03-21T10:30:04Z;EMIG;mx01.emig.kundenserver.de[217.72.192.66];400
EmiG fingerprint mismatch
2023-03-21T11:00:03Z;EMIG;mx00.emig.kundenserver.de[212.227.15.40];400
EmiG fingerprint mismatch
2023-03-21T11:30:02Z;EMIG;mx01.emig.kundenserver.de[217.72.192.66];400
EmiG fingerprint mismatch

Thanks Michael
___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch



Seems to be this:

https://www.e-mail-made-in-germany.de/index.html

Is it a forwarded mail?

___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch

[swinog] Re: DNSSEC issue with swizzonic DNS servers?

[Rainer Duffner via swinog]

Am 2022-12-30 11:21, schrieb Benoît Panizzon via swinog:

Hi Markus


the name server from swizzonic is not supposed to provide you with a
answer to all the queries.


I guess if I point to our recursive validating caching NS and it does
not possess this data in it's cache, it will start by following from
the root by asking for _.numberportability.ch to avoid revealing which
host it is exactly looking for until it reaches the authoritative DNS
for that zone and then ask this one directly for the desired RR.

I guess this is where something is breaking the chain.

I also don't see why the swizzonic DNS which is the authoritative
primary should not answer to all queries.



If I want to or need to ask the (supposedly) authoritative server(s) 
about a domain, I add +norecurs.


I believe, if you disable recursive queries on the authoritative-server, 
it will not answer them, even if it technically could.


Does DNSSEC change that?

___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch

[swinog] Re: bluewein.ch - automatic spamtrap?

[Rainer Duffner via swinog]

> Am 14.07.2022 um 16:57 schrieb Claudio Kuenzler via swinog 
> :
> 
> Hello list,
> 
> We are seeing some "mean" behaviour when sending an e-mail to any e-mail 
> address ending in @bluewein.ch . Note the difference 
> between bluewin and bluewein...
> 
> As soon as an e-mail is sent from our relay to this domain, we get listed on 
> the UCEProtect-Level1 blocklist. Yes, we can discuss whether or not this is a 
> serious blacklist, but some mail providers actually use this service and then 
> block our legit e-mails. 
> 
> Now to this domain. On HTTP all seems in order, the domain is redirected to 
> bluewin.ch . But SMTP points to a separate mail server: 
> mail.ict-olten.ch . Behind ict-olten.ch 
>  seems to be nobody (no website, no other results so 
> far after a bit of research). 
> 
> Does anyone here in the list have information about the behaviour of this 
> domain and who is responsible for it? Obviously a typo "bluewein" instead of 
> "bluewin" happens pretty fast when users are registering and it's already the 
> second or third time within a month that we get blacklisted due to a typo 
> from users.
> 
> thanks for any hints and cheers,
> ck
> ___
> swinog mailing list -- swinog@lists.swinog.ch
> To unsubscribe send an email to swinog-le...@lists.swinog.ch


Maybe this guy:

https://www.moneyhouse.ch/de/company/graeppi-ict-projects-7019018421


„Mr ICT Projects, would you stand up, please?“


;-)



Rainer___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch

[swinog] UPC outbound relay - HELO hostname not in DNS. Can someone at UPC fix this?

[Rainer Duffner]

Hi,


our mailserver rejects mails from servers that don’t send a resolvable 
HELO-hostname.

As such, customers have been complaining about UPC:


 450 4.7.1 : Helo command rejected:


From this posting, although a bit dated:

https://www.mail-archive.com/swinog@lists.swinog.ch/msg06676.html 



it looks as if there is some sort of typo or it was simply forgotten to update 
DNS.


Can someone fix this?




Rainer


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Can somebody from Zattoo contact me?

[Rainer Duffner]

> Am 24.01.2022 um 15:36 schrieb Fabian Wenk :
> 
> Hello Rainer
> 
> On 24.01.2022 10:16, Rainer Duffner wrote:
>> one of our IP-Ranges is attributed by Zattoo to be in Germany, apparently.
>> In fact, the customer has reported that other services have reported the 
>> same problem in the last week.
> 
> Then this is probably not really a problem of Zattoo and more general with 
> geographical IP location data.
> 
>> I would like to understand why this is the case.
> 
> Maybe check the geo location from one of the affected IP address at 
> https://www.maxmind.com/ <https://www.maxmind.com/>. As far as I know they 
> are probably the most used service for Geo IP Data.
> 
> 
> Best regards,


Hi,

I checked with maxmind and whatismyip.com (which in itself checks at least two 
different databases).

Both report the IP to be in Switzerland.

The funny thing is that https://www.wieistmeineip.de locates this IP in 
Germany, too.

I would like to understand how that happens.



Regards
Rainer
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

[swinog] Can somebody from Zattoo contact me?

[Rainer Duffner]

Hi,

one of our IP-Ranges is attributed by Zattoo to be in Germany, apparently.

In fact, the customer has reported that other services have reported the same 
problem in the last week.

I would like to understand why this is the case.




Best Regards
Rainer

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] SafeHost AS21217 accused to leak routes for two hours to China Telecom AS4134 - anyone from SafeHost to comment?

[Rainer Duffner]

> Am 09.06.2019 um 13:32 schrieb Andreas Fink :
> 
> Interesting thas this happens at times where a certain bloody event in china 
> has its 30th birthday.
> Could well be a coincident to see how the world deals with it or an attempt 
> to censor it outside of china.
> ...
> or it might just be a stupid engineer's mistake...
> 




Coincidence?

https://www.safehost.com/en/news/335-safe-host-china-telecom-announce-strategic-partnership






___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Quad9 "does not collect", but .... it does.... (Was: Google DNS on Salt Mobile)

[Rainer Duffner]

> Am 01.11.2018 um 21:26 schrieb Jeroen Massar :
> 
> TLDR:


On a related note:

Does anyone run a resolver with QNAME-minimization enabled?

Any problems, common or specific to certain domains?




___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

[swinog] SIM Card Hijacking?

[Rainer Duffner]

Hi,


saw this article on vice.com mentioned elsewhere:

https://motherboard.vice.com/en_us/article/3ky5a5/criminals-recruit-telecom-employees-sim-swapping-port-out-scam


Does anyone know just how feasible that is in Switzerland?

I’m asking from a threat-assessment point of view, not because I want to do it 
myself ;-)

Changing my number from a corporate-managed Orange^wSalt account to another 
corporate-managed Swisscom account took a number of attempts, IIRC (I wasn’t 
too involved).

Does it make a difference if it’s a private account vs. a corporate-managed 
account?

Though, I guess for the intended purpose (taking over accounts secured with 
TFA), the change doesn’t need to stay in place for long - just enough to switch 
the credentials.






___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Brocade MLXe: Random Linecard Reboot - anyone else?

[Rainer Duffner]

> Am 18.09.2016 um 08:11 schrieb Fredy Kuenzler :
> 
> Friday night we observed several Brocade MLXe linecards rebooting (several 
> locations, i.e. Amsterdam, Frankfurt, Geneva), which caused network 
> instability due to flapping iBGP etc.
> 
> As of now we know that iWay and nine.ch suffered from similar issues in the 
> same time window, and we believe that they use also Brocade MLXe.
> 
> Tonight around 4 a.m. symptoms occurred again, on a lesser degree. nine.ch 
> reports it too.
> 
> For reference the tickets:
> http://www.init7.net/de/status/?ticket=10348
> https://status.nine.ch/en/messages/544
> https://www.iway.ch/iway/status/
> 
> Did anyone else observed similar symptoms?
> 
> Since these routers operate in various locations and ASNs but are the same 
> make/model I suppose it's a software security issue. Can malicious packets 
> force a linecard reboot?
> 



Coincidence?

https://twitter.com/schneierblog/status/775783898366160896


;-)





___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Zukunft von Abuse Desks (was: Reject von hotmail.com)

[Rainer Duffner]

> Am 18.03.2016 um 08:44 schrieb Benoit Panizzon  >:
> 
> Ich bin nicht bereit, täglich mehrere hundert Complaints via Webform
> mit Captcha einzureichen. Ich wüsste auch nicht, wie ich dies technisch
> machen sollte.




Amazon Mechanical Turk oder sonst irgendwie an eine Clickworker-Plattform 
outsourcen?
;-)



___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] DNS Admin tool

[Rainer Duffner]

> Am 06.02.2016 um 20:42 schrieb Stanislav Sinyagin :
> 
> Second that, and... Have a look at incognito.com  Name 
> Commander. It's a commercial tool that governs BIND servers.
> 
> Another option would be to outsource the whole DNS service to a team which 
> knows what they're doing :)
> 
> 


That’s sometimes a difficult decision.
Though few will count DNS as being a core-business, a lot of stuff depends on 
it.

And unless it’s a core-business, you will certainly not be able to run it as 
well as somebody like dyn.com or easydns.com .

It really depends on how much of an „ISP“ you consider yourself and how many 
zones you maintain (and how many queries you get to those zones).



___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] DNS Admin tool

[Rainer Duffner]

> Am 06.02.2016 um 17:34 schrieb Kägi Adrian :
> 
> Hi Swinog
> I guess all of us is in touch to administrate DNS Servers. And I guess Bind 
> will be a popular one.
> In our situation, different admins, with different skill make changes on zone 
> files. And some guys (. I cannot understand why.), don't like vi as 
> administration tool.
> We're looking for a web based Admin Tool, to manage our zone files on two 
> Bind DNS (Master, slave) Servers. If any possible, this tool should support 
> zone based admin rights for external customers.
> 
> What kind of tool do you use? Webmin? Plesk? vi?
> 
> I found a lot of outdated and unmaintained tools, quite frustrating.



Hi,

we use NicTool (http://www.nictool.com , 
https://github.com/msimerson/NicTool/releases 
 )
Though, it’s web interface is currently not public-facing.

The only thing it doesn’t do right now is DNSSEC.
Also, its privilege-system granularity stops at the zone level.
So, you can assign the rights for a complete forward- or reverse-zone, but not 
for a single IP of a reverse-zone.

The web interface itself is usable, but lacks i18n.

People can still shoot themselves in the foot - but the tool does a lot of 
checks in advance.


The cool thing is, it supports all kinds of DNS-servers, not just bind.



Rainer
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

[swinog] UPC-Cablecom and ip6.arpa

[Rainer Duffner]

Hi,

a customer with a UPC line has contacted us to ask how a PTR-record for his 
IPV6-address could be created.
Customer also asked for IPV6-resolvers…

Address/network in question is:

2a02:aa08:e000:b00:: /56

Currently, it looks like this range isn’t delegated.

dig -x 2a02:aa08:e000::

;  DiG 9.9.4-rpz2.13269.14-P2  -x 2a02:aa08:e000::
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 30794
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.e.8.0.a.a.2.0.a.2.ip6.arpa. IN 
PTR

;; AUTHORITY SECTION:
0.a.2.ip6.arpa. 899 IN  SOA pri.authdns.ripe.net. dns.ripe.net. 
1434384236 3600 600 864000 7200


Or am I wrong?

Maybe somebody from UPC can contact me off-list to direct me to the people 
responsible for UPC-Cablecoms reverse-DNS-infrastructure…


Thanks in advance.





___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] New .exe virus in.zip file via mail

[Rainer Duffner]

 Am 16.04.2015 um 16:54 schrieb Mike Kellenberger 
 mike.kellenber...@escapenet.ch mailto:mike.kellenber...@escapenet.ch:
 
 Hi all
 
 I've been contacted by a couple of customers which caught a new virus in the 
 last few days, sent by e-mail in a .zip file containing an .exe. (yes, there 
 are still people out there who open these kind of attachments if they come 
 from a known address)
 
 The .zip file passes our AV on the mailserver (Kaspersky) as well as our 
 desktop AV (Symantec) with the newest definitions.
 
 Once infected, it spreads via e-mail (probably through the outlook e-mail 
 profile, it authenticates nicely against our mailserver anyway) blasting out 
 hundreds of mails in a single short session only to sleep again until the 
 next day...
 
 Has anybody else seen this? Is there a name or details or cure fo it yet?


virustotal will tell you a name, which you can google.

Antivirus is a bit of a placebo and snake oil - but surprisingly, a lot of 
people still believe in its value for them while the only value it really has 
is for those who sell signature-updates...

I’m pretty sure you can also block exe’s in zips - AFAIK, google has recently 
started blocking exes, too.

https://support.google.com/mail/answer/6590?hl=en 
https://support.google.com/mail/answer/6590?hl=en

Bugs in „popular“ office-productivity software would in practice require to 
block .doc, .xsl, .ppt etc.
So, it’s not usually done.

I’d be glad that the thing was so noisy. If it was an APT-style attack, you’d 
only realize it months later (or not at all, until MELANI and SWITCH contact 
you, or worse: the press).
Or maybe there’s an APT going on in the background and this was only the decoy 
;-)




___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Auskunft über Personendaten / deutsches Recht anwendbar?

[Rainer Duffner]

 Am 23.12.2014 um 13:06 schrieb Q-X GmbH - Pascal Wagenhofer 
 wagenho...@q-x.ch mailto:wagenho...@q-x.ch:
 
 Hallo SWINOGer
  
 I hope, you’re enjoying already the holidays somewhere around.
  
 We’re having here a little difficulties with a german lawyer. We’re offering 
 shared hosting services. One of our customers is sharing links to 
 uploaded.net http://uploaded.net/, which contains music, which might be 
 copyright protected.
  
 The german law agency is now requesting the data of the owner which – 
 apparently – we cannot provide due to restrictions of the data protection law 
 of Switzerland. They’re supplying us this 
 judgement:http://www.justiz.nrw.de/nrwe/olgs/koeln/j2011/6_U_87_10urteil20110325.html
  
 http://www.justiz.nrw.de/nrwe/olgs/koeln/j2011/6_U_87_10urteil20110325.html 
 .
  
 Question to the community:
 1.   What are you doing in such situations? (Yes, appart from contact 
 your lawyer ;-) ).
 2.   Did you have similar issues and how did you handle them?
  
 I wish you merry Christmas and a happy new year.



How much jurisdiction does a German court have in Switzerland anyway?

Can’t you ask them to go to a Swiss court in Lausanne or wherever that stuff is 
handled?

Oh wait, that would mean additional cost (like working with a lawyer in 
Switzerland, of all things), most likely without a ROI in the end.
So, it’s easier trying to intimidate the hosting-company.


If what whois provides is not enough - tough luck.




Rainer




___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] 3G Repeater

[Rainer Duffner]

Am Thu, 31 Jul 2014 08:28:17 +0200
schrieb Miguel Elias mig...@kabelsalat.ch:


 But some times, it isn't at all bad, to have this lonesome island with
 no reception. :)
 



Yep. 
They could rent it out as an offline-holiday apartment ;-)


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Intel X540 Driver Documentation

[Rainer Duffner]

Am Tue, 25 Feb 2014 09:32:16 +
schrieb steven.glog...@swisscom.com:

 Hi Everyone,
 
 I have a friend working on the Intel X540 driver for BSD and he needs
 some documentation.
 
 He wrote me:
 
 
 
 We are working on intel X540  driver and are in need of some
 documentation, which seems not to be so readily available,
 
 We need to get the
 
 X540 datasheet – chapter 18 –  Apparently this is intentionally not
 published.
 http://www.intel.co.uk/content/www/uk/en/network-adapters/10-gigabit-network-adapters/ethernet-x540-faq.html?wapkw=x540+datasheet
 
 Do you know anyone who could get us this chapter
 
 
 
 Anyone who could help me out here? If so, PM me directly.
 
 
 
 -steven



I suggest posting to freebsd-stable.
AFAIK, Intel has paid staff working on the FreeBSD drivers and they do
post and read on that list.
They should be able to put you in touch with the right people quickly.




___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Fun with Fiber

[Rainer Duffner]

Am Mon, 18 Mar 2013 14:59:08 +0100
schrieb Andre Oppermann opperm...@networx.ch:

 On 18.03.2013 14:48, Pim van Pelt wrote:
  Hoi,
 
  2013/3/18 Andre Oppermann opperm...@networx.ch:
  The Netflix guys wiring up a fully loaded ASR9010 with 118 single
  mode fibers:
 
http://www.youtube.com/watch?v=tyb-nnRNwfw
  Cool!
  Their CDN boxes are almost stock FreeBSD 9.1 based, contain some
  35 HDDs at 4TB plus a couple of SSDs and push about 15Gbit/s *each*
  during the evening hours.  They are limited by HDD (seek)
  bandwidth.
  
  Do you think they use ZFS+L2ARC as the filesystem of their content
  push system?
 
 IIRC they use plain UFS2 on the disks.  They don't care about disks
 dying, so no RAID.  The availability of the content is controlled
 from upper layers.  So if a disk dies requests for that content get
 redirected to another box with the same content.  Only the popular
 movies and shows are stored on the CDN boxes.  The long tail is
 served from AWS S3.
 



Described in more detail here:


http://lists.freebsd.org/pipermail/freebsd-stable/2012-June/068129.html


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] massive amount of hanging web connection

[Rainer Duffner]

Am Thu, 26 Apr 2012 17:24:05 +0200 (CEST)
schrieb Silvan M. Gebhardt gebha...@openfactory.ch:

 Good Evening, 
 
 
 
 We currently face an excessive amount of open/closing connections on
 our webservers (dozends of servers showing the same thing) and it is
 going to all different domains and different files, looks like
 massive connection aborts going on. 
 
 
 
 Does anyone know if a large ADSL/Cableprovider is having problems? We
 do not see packet drops at our Firewalls at all 


Only Swiss IP-ranges?

It could also be something like slowloris.


Rainer


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Cisco Devices for Sale / 2x Cisco ASA5520 / CiscoWS-C4507R + some modules

[Rainer Duffner]

Mickey Coggins schrieb:
 Alternatively:
 do you know company near Zurich, which makes business with
 buying/selling used hardware in this class ?
 

 I would also be interested in knowing about such a company - I have
 several tons (literally) of IT equipment I'd like to get rid of.

   

Well, if all else fails:

http://www.swicorecycling.ch/d/entsorgen_unternehmen.asp


SCNR
;-)


Rainer


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] DNS virtual Appliance

[Rainer Duffner]

Am 08.12.2009 um 22:35 schrieb Reza Kordi:

 At least Marc had an Idea.

 Thanks anyway


Anybody tried pfDNS?
I always want to try it, but never get around.
It's an appliance in the style of pfSense but for (IIRC) tinydns.




Rainer

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Video Streaming

[Rainer Duffner]

Mateo Meier schrieb:

 Hi guys,

  

 Does anyone has any experience with on demand online video streaming ?

  

 Regards

 Mateo

  

  

  



Flash or MPEG?

We haven't done MPEG, but Flash, you can do with NGINX. Quite nicely,
actually.

What kind of traffic are you estimating?



Rainer

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] killer app for IPv6

[Rainer Duffner]

Stanislav Sinyagin wrote:

   
 forcing will not work, we all know that. The users have to be attracted by 
 some 
 new possibilities which they didn't have with ipv4.

 Free and completely legal movie downloads and spam-free email could be such 
 a driver. 

   

How does that work on IPV6 anyway?
I read that RBLs will be dead in IPV6-land, due to the fact that the
address-space can't be packed in a database anymore..
Currently, RBLs are an important part of our spam-defence.

 What else? Everything else we already have with ipv4, why bother buying 
 new modems, tweaking settings on my windows PC, spending hours on support 
 lines? :)
   

People love to do that, apparently. Why else would there exist so much
literature around those subjects?
;-)



Rainer


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] killer app for IPv6

[Rainer Duffner]

Jeroen Massar schrieb:
 Rainer Duffner wrote:
 [..]
   
 How does that work on IPV6 anyway?
 I read that RBLs will be dead in IPV6-land, due to the fact that the
 address-space can't be packed in a database anymore..
 

 The person who writes that does not realize how much easier it becomes.

 RBLs will simply take a scheme of:

 Register in db a max of   5 spamming IPs in the database per /64,
50 spamming /64's per /48
   500 spamming /48's per /32

 The '5' is variable of course. Too much spam, just block the whole /32
 unless they clean it up. Veyy easy.

 Heck for that matter similar system could be employed for IPv4:

   

Spamhaus does that, AFAIK.


 Register in db a max of  5 spamming IPs in the database per /24,
   50 spamming /24's per ASN

 Tada, block out the whole ASN when it hits the threshold. Then again,
 there won't be much mail coming out of there in those cases.

 Also, politically all /48's should be registered in WHOIS, which is of
 course a good thing. It seems though that there is no enforcement there
 and most ISPs don't care at all though.

   
 Currently, RBLs are an important part of our spam-defence.
 

 You do mean as a scoring method I hope...

   


Yes, but we also block. Mostly dynamic IPs and stuff on the swinog/IX-RBL.
On my own mailserver, I block all Asian IPs ;-)



Rainer

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] ip abuse ?

[Rainer Duffner]

. . schrieb:
 Hi swinog

 today i recieved the following mail:
 
   


Last time I looked, German courts and policy-officers didn't have much
ruling over Swiss companies.
Did that change?
Advise him to get a court order from a Swiss judge.
For bonus points, point out that he should use the -- 
(dash-dash-space) as a signature-separator ;-))



Rainer

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Fwd: Re: Hackerparagraph

[Rainer Duffner]

Ihsan Dogan schrieb:


 Instead of educating politicians it would make more sense, if the IT
 people would be more involved in politics. The IT industry is doing more
 for the GDI (BIP) than the farmers, but unfortunately we are not organized.

   


We also have no means to deliver kilo-gallons of slurry to the
front-door of the parliament ;-)
Also, farmers have much more means to apply pressure to the public -
it's not easy to replace their goods  services on short-notice and they
are mostly self-employed.
Our work has been commoditized to the point where we are replaceable
almost immediately - and most of us are employees. Those who are not are
replaceable even easier
And all the heavy-lifting of the infrastructure is done by big
corporations that never go on strike or deny service to their customers
(which is the usual way pressure groups like garbage-men and farmers get
their agenda through).

A part of reality is also, of course, that most of what we do is not
really essential - superfluous luxury so to speak.
People need food, water, shelter (and garbage-collection). People can
survive without email (though we work hard to convince them otherwise) ;-)


Rainer



___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Fwd: Re: Hackerparagraph

[Rainer Duffner]

Michael Naef schrieb:
 On Monday 23 March 2009, Rainer Duffner wrote:
 [..]
   
 People can survive without email
 

 I am tempted to doubt that. The reactions to mail outage suggest 
 the contrary ;-)

   

Well, it depends.
I survived a week without email on my holiday.
;-)
But our customers' business sort-of depends on email-availability, yes.

Can you eat/drink email?
Can you breath email?
Can you email the garbage away?
;-)

Nope, it's fully virtual.
Email's non-availability is only an issue, if you're the only one
without it.
If everybody else didn't have it, it wouldn't be such a problem.



Rainer

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Advice from cc needed

[Rainer Duffner]

d...@nts.ch schrieb:
 Hi folks

 Can a cablecom techie contact me offlist? I'm in war with the swissonline.ch
 spam protection.
   


Did you get anything out of this?
The mailsystem is in Austria now, AFAIK and it seems to be easier to
press water out of a stone than to get any feedback at all from them
;-)

FYI: we now configured our relays to send exactly one message at once,
so that their gateway doesn't think we're spamming them, just because a
large number of users forward their mail (which contains some spam,
because we have to forward that, too) from their personal domains to
their hispeed accounts.



Rainer
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] trouble to reach a DNS-server from a single network in switzerland

[Rainer Duffner]

Am 12.11.2008 um 20:28 schrieb Stephan Wolf:

 rebel-management.com


Yeah, works fine from here to.
And from my colo-box in Nuremberg.

Try one of the various public nslookup tools on the web, if you don't  
trust your local resolver.
Or setup a quick dnscache installation and go directly via the root- 
servers.



Rainer
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] IRC Server dead ?

[Rainer Duffner]

Stanislav Sinyagin schrieb:
 From: Andre Timmermann [EMAIL PROTECTED]
 

   
 Am Mittwoch, den 08.10.2008, 03:55 -0700 schrieb Stanislav Sinyagin:
 
 yes, Venty, everyone wants to know what you talk about in your 
 private communications.
   
 Yihaaa, the *ng I don't have anything to hide-statement.
 

 nope, it's the other thing: If I need to hide something, I use the right 
 tools :)

 so, if I go once and buy 1000 paper knives, I will not pay by my plastic card 
 and won't use any Supercard or Cumulus :-)
   


Well, in the former GDR (DDR, East Germany), when they had elections,
people could use the polling booth to mark the ballot paper in privacy.
But most people choose not to - it looked too much as if they had
something to hide and might want to vote with No (GDR was famous for
99.9% results.

What people don't seem to get is that privacy is something you've got
to maintain while you don't really need it - because if you let it erode
to the point that it no longer exists, it's too late and you can't
reclaim it without large and painful sacrifices.




Rainer


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] IRC Server dead ?

[Rainer Duffner]

Stanislav Sinyagin schrieb:
 From: Martin Ebnoether [EMAIL PROTECTED]
 


   
 All that is needed to take Skype down is an automatic windows
 update of some thousand computers.

 Remember last summer?
 http://ars.userfriendly.org/cartoons/?id=20070819
 

 hey Venty, long time no see :)

 if you remember, back in 2003-2004 there were viruses which knocked down 
 hundreds 
 of thousands of windows PCs. So what, we're still using that :)

   

Well, you maybe - I don't ;-)
But then, I also didn't use Windows in 2003, either...
Nowadays, the viruses don't knock down the Windows-boxes, they just use
them as Spam-Zombies or attack-drones or whatever the people that rent
them want to use them for.


 If the tool serves my needs, I don't really care if it's open source - I'm 
 not 
 going to compile anything on my desktop anyway. And if it collects any 
 marketing 
 stats, so what, everyone is doing that, and we're helping them (Coop Supercard
 for example).


I don't have any of those, either.


  There's nothing bad about companies knowing better what I might 
 buy from them :-)
   

I think you are oversimplifying and trivializing what these databases
can be used for.
Nowadays, these giant databases of consumer buying-behavior are probably
also used to find potential terrorists.
Who bought box-cutters and what did they buy with them?
Who bought box-cutters only?
Who bought the other items alone that the people buying box-cutters and
other items bought?

It's hilarious, but that's how some people actually believe the war
against terror can be won.

Also, I think you should do some reading regarding the Skype application.
I think that if it wasn't for its widespread use, most AV-programs would
consider it malware.
The executable itself is packed and encrypted and actively tries to
avoid debugging/reverse-engineering by in-memory debuggers.
The communication itself is encrypted with an unknown encryption-method.
And of course, yes, no source code is available (for the general public).

I did sign up for an account and used it for a few times - but just
because I didn't have time to setup my own Jabber server and experiment
with iChat ;-)
I've got a _very_ bad feeling using this app - it's just scary.



Rainer

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] RBL's (again) (Was: Anyone from Green here?)

[Rainer Duffner]

Jeroen Massar schrieb:
 Marc SCHAEFER wrote:
 [..]
   
 I am a heavy users of those RBL lists, they offer quite a bit of
 protection (but not as much as you might think, and with
 

 You should use RBL's only for *scoring*; not for decision making and
 then directly rejecting based on it.

   

In Switzerland, you can whitelist most of the known-good (dynamic) IP 
address ranges (and important mailservers) quite easily with a mixture 
of the list provided by the swinog-RBL and some historic data.
There rest is dealt with a few customer-support tickets.
That's the beauty of Switzerland - it's so small ;-)


Rainer
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] RBL's (again) (Was: Anyone from Green here?)

[Rainer Duffner]

Am 11.09.2008 um 20:28 schrieb [EMAIL PROTECTED]:

 great idea,
 whitelisting every system on the world which sends confirmation  
 email ..
 it will be an big efford for that small country to convince the rest  
 of the world
 ;-)


To be precise:
I use dnsbl.sorbs.net to blacklist all dynamic IPs (and the RBL from  
spamcop, and also the swinog RBL - I would use spamhaus, but they  
blocked us because we make too many requests and we can't afford their  
prices). Then, I use the list on the SWINOG-RBL homepage to whilelist  
all the swiss dynamic IPs (and some other big systems, plus various  
IPs clients requested us to whitelist over the years) - because those  
are the one's that may actually want to relay through our system or  
send us mail legitimately.
senderbase.org helps finding IPs of outbound relays, too.

I don't use greylisting - IMO, it's a system that doesn't work large- 
scale, in a similar way TMDA or other please reply to this email or  
click on this link-systems don't work in practise.

To be vaguely on topic - most of our customers have static IPs, and  
it's not a problem to set the PTR to another value.
But we also don't boast 10+ customers, like www.green.ch does -  
maybe they're afraid of having to change 100k PTRs, if they set a  
precedent?
;-)

IT would be so easy - it's just users and customers that make it  
difficult :-)))



Rainer
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] searching a manageable fanless gigabit switch

[Rainer Duffner]

Am 08.07.2008 um 22:13 schrieb Peter Rohrer:

 Hello

 I'm looking for a manageable fanless gigabit Ethernetswitch with
 VLan-Tagging, SNMP and 16-24 port.
 Unfortunately, everything I've seen so far has either no SNMP, no
 VLAN-Tagging or a noisy fan.

 Do you know any such device?



Maybe HP's 1800-24G, available at (amongst others...) digitec.ch

Web-managed, but apparently it does VLANs.
I own a 1800-8G (same-same, but with 8 ports) - but I must confess I  
didn't have time to do much with it.

I'd give the 1800-8G a try and see if it does what you want, then buy  
the 1800-24G (which costs a bit more than double the price of the  
1800-8G).



Regards,
Rainer
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Firewall recommendation for a rack of webservers?

[Rainer Duffner]

Beat Siegenthaler schrieb:

Rainer Duffner wrote:

http://pfsense.org/index.php?option=com_contenttask=viewid=44Itemid=50 


and start with that.  But the customer would also like to see some non
open-source-based solutions... :




I'd go for a Netscreen model -


The funny thing about this: Netscreen and pfSense are both xBSD-based 
;-). Nokia is BSD-Based... Checkpoint (SPLAT) is Linux-based...

In this case You will be forced to deploy M$-ISA ;-)



I thought only the Juniper router stuff was FreeBSD-based (they recently 
donated a MIPS reference implementation).
AFAIK, Nokia moved to Linux, too, some time ago. But previously, they 
could give you Checkpoint on BSD. In a way.


pfSense is FreeBSD6 ;-)


Rainer
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Bluewin SMTP Policy

[Rainer Duffner]

Jeroen Massar schrieb:


Just display the captcha from the signup on $pornsite, a person will 
fill it in for you, captcha bypassed. If it is interesting and cheap 
for then to abuse it, they will.



Do you have a current, working example for that?
(Just for research purposes, of course)
;-



Rainer
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] SwiNOG-BE61 - Beer Event 61 - 5th of May 2008 @ Hooters / ZH

[Rainer Duffner]

[EMAIL PROTECTED] schrieb:

hi everybody

well... new beer event, new location.
let's try the hooters ,-)
will food be a irrelevant fact? ,-)

the facts for the next event:
-
Date:   5th of May 2008

Time:   starting around 18.30 o'clock

Location:   @ the Hooters beside Helvetiaplatz
(www.hooters.ch)

Registration deadline:  03.05.2008 16:00:00

  


Hi,

ich hab' vergessen, mich anzumelden - ist ja auch nicht immer sicher, ob 
ich kommen kann. Bzw. letztes mal hab' ichs komplett vergessen


Hätte trotzdem Interesse, vorbeizuschauen.

Ginge das?


cu,
Rainer

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] VDSL/Zyxel P2802 HWL not 'strong' enough for a small company LAN?

[Rainer Duffner]

Manuel Krummenacher schrieb:
 I personally would buy an Alix board from pcengines.ch (costs about CHF
 150 with 3 LAN interfaces), install pfSense on it, switch the Zyxel to
 bridge mode and be happy. ;-) With the Alix, you would also gain extra
 benefits like complex packet filter rules, traffic shaping, traffic graphs
 etc. (see pfsense.com for full feature list).
   


Seconded.
I've got a previous-generation WRAP board with pfSense (just upgraded to
the recently released 1.2).
It should be noted that pfSense also does IPSEC and OpenVPN SSL-VPN
and a host of other things.
I'm not sure how much bandwidth the Alix-boards can shuffle, but my WRAP
is supposed to max out somewhere in the 30MBit range.
You can also install it on an old PC and temporary replace the Zyxel, to
get some idea about the current traffic pattern.



Rainer



___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: AW: [swinog] Log centralisation / mining

[Rainer Duffner]

Michele Capobianco schrieb:
 Too bad that Splunk does not run on Windows :(

 We are a Windows Company and if i tell them that we want to run a Linux 
 Server, our Management would kill me ;)
   


Then, don't expect a free (OSS) solution ;-)
I'd look into some of the UTM (Unified Threat Management) or
(specialized) IDS solutions.
I haven't tried it, but if I'd have a budget, I'd take a look at
Tenable's log-correlation products:
http://www.tenablesecurity.com/
They actually don't run on Windows, either, but they can analyze
Windows-logs.

See these links:
http://www.networkintrusion.co.uk/consoles.htm

BTW: I'd be interested to hear from people running one of those.


 Is there anything out in the Net for Log management witch is Windows Based?
   

I guess there is a system-management solution from MSFT, too.
Call your MSFT-sales rep ;-)



cheers,
Rainer
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog