[swinog] Re: Research project on Sustainable Networking

[Rainer Duffner via swinog]

Am 2024-06-21 16:48, schrieb Romain Jacob via swinog:

Dear Urs,

Let me keep the list on to reply to some questions, as you are not the
first to ask:

* Most routers we are interested in have multiple power supply. Our
strategy is to use one measurement unit per PSU. That demands extra
hardware, but we wouldn't want to have two PSU connected to the same
power meter anyway as this would create a potential single point of
failure.
* Network connectivity for the Pi is required but DOES WORK BEHIND A
FIREWALL. The only requirement is that the Pi must be able to connect
to the Internet.

Thanks again to those who already reached out!




"the Internet" - you mean Port 443, any IP?


___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch

[swinog] Any users of SCION here?

[Rainer Duffner via swinog]

Hi,

and specifically the hardware the company behind it (anapaya) sells.





Best Regards
Rainer
___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch

[swinog] Re: strange failure from online.de MX

[Rainer Duffner via swinog]

Am 2023-03-23 09:41, schrieb Michael Righter via swinog:

Hi

A mail to @online.de is blocked on their site with this error. Never
seen such an error.
Anyone seen this before or knows a contact to them?

2023-03-21T09:00:04Z;EMIG;mx01.emig.kundenserver.de[217.72.192.66];400
EmiG fingerprint mismatch
2023-03-21T09:30:04Z;EMIG;mx00.emig.kundenserver.de[212.227.15.40];400
EmiG fingerprint mismatch
2023-03-21T10:00:04Z;EMIG;mx00.emig.kundenserver.de[212.227.15.40];400
EmiG fingerprint mismatch
2023-03-21T10:30:04Z;EMIG;mx01.emig.kundenserver.de[217.72.192.66];400
EmiG fingerprint mismatch
2023-03-21T11:00:03Z;EMIG;mx00.emig.kundenserver.de[212.227.15.40];400
EmiG fingerprint mismatch
2023-03-21T11:30:02Z;EMIG;mx01.emig.kundenserver.de[217.72.192.66];400
EmiG fingerprint mismatch

Thanks Michael
___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch



Seems to be this:

https://www.e-mail-made-in-germany.de/index.html

Is it a forwarded mail?

___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch

[swinog] Re: DNSSEC issue with swizzonic DNS servers?

[Rainer Duffner via swinog]

Am 2022-12-30 11:21, schrieb Benoît Panizzon via swinog:

Hi Markus


the name server from swizzonic is not supposed to provide you with a
answer to all the queries.


I guess if I point to our recursive validating caching NS and it does
not possess this data in it's cache, it will start by following from
the root by asking for _.numberportability.ch to avoid revealing which
host it is exactly looking for until it reaches the authoritative DNS
for that zone and then ask this one directly for the desired RR.

I guess this is where something is breaking the chain.

I also don't see why the swizzonic DNS which is the authoritative
primary should not answer to all queries.



If I want to or need to ask the (supposedly) authoritative server(s) 
about a domain, I add +norecurs.


I believe, if you disable recursive queries on the authoritative-server, 
it will not answer them, even if it technically could.


Does DNSSEC change that?

___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch

[swinog] Re: Contact: geoiplookup.net

[rainer]

Am 2022-10-13 08:46, schrieb Benoit Panizzon:

Short update on that issue...


Does anyone know who operates geoiplookup.net and how to contact them?


It looks like they source their Data from MaxMind but are solver
implementing corrections and therefore lacking behind corrections
published there.

The issue we have is not with content, but with services.

There is one SIP telephone service provider which fences his customers
to Swiss IP addresses only and provides services to businesses.

So if the static routed IP addresses of the business customer is locate
outside Switzerland, this is an effective denial of service to the
telephony of that customer.

This happens for the 3rd time within only a couple of weeks to the
same customer of us now.

The TSP in question blames us for assigning foreign ip addresses to the
customer in question and recommends the customer should get a new
Swiss ip range from us. This of course is not feasible, as this would
require lots of changes on the customer side.

Customer in question has an own transparent RIPE entry with country: ch
since 2016!
The range in question was never (since 2003, ripe does not provide
prior data) assigned to an ISP or customer outside Switzerland.

What I am trying to do now, is set up an ISP bulk location feed to
MaxMind and trying to persuade them to put a lock on our ip ranges
so only we can provide locations for those and noone else. (Has anyone
done this successfully?)

I am also pressing them to disclose how the same ip ranges now
repeatedly got put back to Germany shortly after we successfully
submitted corrections.

But all I get now is:

* Please use the online correction form.

* Thank you for submitting the correction, which we will push in our
  next update.


We also had a case like this, except it was gambling (and Zattoo, IIRC).

A single IP in our AS was assigned to Germany, for whatever reason.

I think we contacted the gambling-company's geo-fence provider (it was 
some other outfit than Maxmind, specializing in gambling and stuff like 
that) via Twitter who seemed to have a better connection to Maxmind (the 
original source of the data) and it got fixed, eventually.


It was very stressful


But it could be worse:
https://www.theguardian.com/technology/2016/aug/09/maxmind-mapping-lawsuit-kansas-farm-ip-address


Rainer




___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch

[swinog] Re: bluewein.ch - automatic spamtrap?

[Rainer Duffner via swinog]

> Am 14.07.2022 um 16:57 schrieb Claudio Kuenzler via swinog 
> :
> 
> Hello list,
> 
> We are seeing some "mean" behaviour when sending an e-mail to any e-mail 
> address ending in @bluewein.ch . Note the difference 
> between bluewin and bluewein...
> 
> As soon as an e-mail is sent from our relay to this domain, we get listed on 
> the UCEProtect-Level1 blocklist. Yes, we can discuss whether or not this is a 
> serious blacklist, but some mail providers actually use this service and then 
> block our legit e-mails. 
> 
> Now to this domain. On HTTP all seems in order, the domain is redirected to 
> bluewin.ch . But SMTP points to a separate mail server: 
> mail.ict-olten.ch . Behind ict-olten.ch 
>  seems to be nobody (no website, no other results so 
> far after a bit of research). 
> 
> Does anyone here in the list have information about the behaviour of this 
> domain and who is responsible for it? Obviously a typo "bluewein" instead of 
> "bluewin" happens pretty fast when users are registering and it's already the 
> second or third time within a month that we get blacklisted due to a typo 
> from users.
> 
> thanks for any hints and cheers,
> ck
> ___
> swinog mailing list -- swinog@lists.swinog.ch
> To unsubscribe send an email to swinog-le...@lists.swinog.ch


Maybe this guy:

https://www.moneyhouse.ch/de/company/graeppi-ict-projects-7019018421


„Mr ICT Projects, would you stand up, please?“


;-)



Rainer___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch

[swinog] UPC outbound relay - HELO hostname not in DNS. Can someone at UPC fix this?

[Rainer Duffner]

Hi,


our mailserver rejects mails from servers that don’t send a resolvable 
HELO-hostname.

As such, customers have been complaining about UPC:


 450 4.7.1 : Helo command rejected:


From this posting, although a bit dated:

https://www.mail-archive.com/swinog@lists.swinog.ch/msg06676.html 
<https://www.mail-archive.com/swinog@lists.swinog.ch/msg06676.html>


it looks as if there is some sort of typo or it was simply forgotten to update 
DNS.


Can someone fix this?




Rainer


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Can somebody from Zattoo contact me?

[Rainer Duffner]

> Am 24.01.2022 um 15:36 schrieb Fabian Wenk :
> 
> Hello Rainer
> 
> On 24.01.2022 10:16, Rainer Duffner wrote:
>> one of our IP-Ranges is attributed by Zattoo to be in Germany, apparently.
>> In fact, the customer has reported that other services have reported the 
>> same problem in the last week.
> 
> Then this is probably not really a problem of Zattoo and more general with 
> geographical IP location data.
> 
>> I would like to understand why this is the case.
> 
> Maybe check the geo location from one of the affected IP address at 
> https://www.maxmind.com/ <https://www.maxmind.com/>. As far as I know they 
> are probably the most used service for Geo IP Data.
> 
> 
> Best regards,


Hi,

I checked with maxmind and whatismyip.com (which in itself checks at least two 
different databases).

Both report the IP to be in Switzerland.

The funny thing is that https://www.wieistmeineip.de locates this IP in 
Germany, too.

I would like to understand how that happens.



Regards
Rainer
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

[swinog] Can somebody from Zattoo contact me?

[Rainer Duffner]

Hi,

one of our IP-Ranges is attributed by Zattoo to be in Germany, apparently.

In fact, the customer has reported that other services have reported the same 
problem in the last week.

I would like to understand why this is the case.




Best Regards
Rainer

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Handling of UCE / RBL while minor misconfigurations

[rainer]

Am 2020-10-08 15:53, schrieb Markus Wild:



No, I hate SPF because it breaks basic SMTP relaying, or in more
enduser speak: redirected mails. Mail is _NOT_ always
delivered directly from origin to target, it is quite frequent, that
mails get redirected to 3rd party systems.
Some SPF advocates just accept their mails failing because they
consider mail redirects to be evil. Fine. To really fix
those redirect issues, _all_ possibly relaying servers would have to
adopt some kind of sender rewriting scheme, which
as far as I recall, can blow up sender email addresses to sizes that
will exceed RFC standards in very few iterations.
Also, in these cases the relaying server will originate 3rd party
mails with its own domain name, possibly turning
it into a spam funnel. So, for me, SPF is broken by design, and no
amount of additional tinkering around its pitfalls
will fix that.




Mail-forwarding creates a host of other problems, thus we discourage it.

If you accept a spam-mail (for whatever reason) and it gets forwarded, 
the other side may decide that you are the spammer and block your IP.


Arguably, this can be minimized with better ingress spam control (and 
maybe egress spam control) - but you never know what somebody on the 
other side may deem to be spam and what not.


The large mail-providers will tighten the screws ever more so slightly, 
so people will have to learn how to fix their mail (or use a 3rd-party 
service that send from a subdomain...).


There's a reason that even UBS and Credit-Suisse, who long seemed unable 
to add SPF records (and still refuse to add DKIM records) now have at 
least SPF records.




___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

[swinog] Looking for DNS admin @sunrise.net

[rainer]

Hi,

I have an issue with a missing PTR record.

I would be glad if somebody could contact me.



Thanks in advance,
Rainer


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] SafeHost AS21217 accused to leak routes for two hours to China Telecom AS4134 - anyone from SafeHost to comment?

[Rainer Duffner]

> Am 09.06.2019 um 13:32 schrieb Andreas Fink :
> 
> Interesting thas this happens at times where a certain bloody event in china 
> has its 30th birthday.
> Could well be a coincident to see how the world deals with it or an attempt 
> to censor it outside of china.
> ...
> or it might just be a stupid engineer's mistake...
> 




Coincidence?

https://www.safehost.com/en/news/335-safe-host-china-telecom-announce-strategic-partnership






___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Quad9 "does not collect", but .... it does.... (Was: Google DNS on Salt Mobile)

[Rainer Duffner]

> Am 01.11.2018 um 21:26 schrieb Jeroen Massar :
> 
> TLDR:


On a related note:

Does anyone run a resolver with QNAME-minimization enabled?

Any problems, common or specific to certain domains?




___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] mirror.switch.ch to be closed down

[rainer]

Am 2018-08-22 15:40, schrieb Fredy Kuenzler:

SWITCH announced that they plan to close down mirror.switch.ch. See
announcement http://mirror.switch.ch/

I personally think this is very sad. In the name of the community I
would like to thank SWITCH for their support over all these years.

However I would like to start the discussion how we can keep
mirror.switch.ch alive as a community effort.

Can the decision makers at SWITCH please explain the preconditions?
Funding for new hardware? Throw in some bandwidth? Colocation? Server
management?




Are there any stats as to what bandwidth it needed?

I seem to remember that when they stopped mirroring the FreeBSD FTP 
server it was because mirroring the server took more bandwidth than the 
downloads of the mirrored content.


There's contact information here:

https://www.switch.ch/services/mirror/




___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

[swinog] SIM Card Hijacking?

[Rainer Duffner]

Hi,


saw this article on vice.com mentioned elsewhere:

https://motherboard.vice.com/en_us/article/3ky5a5/criminals-recruit-telecom-employees-sim-swapping-port-out-scam


Does anyone know just how feasible that is in Switzerland?

I’m asking from a threat-assessment point of view, not because I want to do it 
myself ;-)

Changing my number from a corporate-managed Orange^wSalt account to another 
corporate-managed Swisscom account took a number of attempts, IIRC (I wasn’t 
too involved).

Does it make a difference if it’s a private account vs. a corporate-managed 
account?

Though, I guess for the intended purpose (taking over accounts secured with 
TFA), the change doesn’t need to stay in place for long - just enough to switch 
the credentials.






___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Brocade MLXe: Random Linecard Reboot - anyone else?

[Rainer Duffner]

> Am 18.09.2016 um 08:11 schrieb Fredy Kuenzler :
> 
> Friday night we observed several Brocade MLXe linecards rebooting (several 
> locations, i.e. Amsterdam, Frankfurt, Geneva), which caused network 
> instability due to flapping iBGP etc.
> 
> As of now we know that iWay and nine.ch suffered from similar issues in the 
> same time window, and we believe that they use also Brocade MLXe.
> 
> Tonight around 4 a.m. symptoms occurred again, on a lesser degree. nine.ch 
> reports it too.
> 
> For reference the tickets:
> http://www.init7.net/de/status/?ticket=10348
> https://status.nine.ch/en/messages/544
> https://www.iway.ch/iway/status/
> 
> Did anyone else observed similar symptoms?
> 
> Since these routers operate in various locations and ASNs but are the same 
> make/model I suppose it's a software security issue. Can malicious packets 
> force a linecard reboot?
> 



Coincidence?

https://twitter.com/schneierblog/status/775783898366160896


;-)





___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Zukunft von Abuse Desks (was: Reject von hotmail.com)

[Rainer Duffner]

> Am 18.03.2016 um 08:44 schrieb Benoit Panizzon  >:
> 
> Ich bin nicht bereit, täglich mehrere hundert Complaints via Webform
> mit Captcha einzureichen. Ich wüsste auch nicht, wie ich dies technisch
> machen sollte.




Amazon Mechanical Turk oder sonst irgendwie an eine Clickworker-Plattform 
outsourcen?
;-)



___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] DNS Admin tool

[Rainer Duffner]

> Am 06.02.2016 um 20:42 schrieb Stanislav Sinyagin :
> 
> Second that, and... Have a look at incognito.com  Name 
> Commander. It's a commercial tool that governs BIND servers.
> 
> Another option would be to outsource the whole DNS service to a team which 
> knows what they're doing :)
> 
> 


That’s sometimes a difficult decision.
Though few will count DNS as being a core-business, a lot of stuff depends on 
it.

And unless it’s a core-business, you will certainly not be able to run it as 
well as somebody like dyn.com or easydns.com .

It really depends on how much of an „ISP“ you consider yourself and how many 
zones you maintain (and how many queries you get to those zones).



___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] DNS Admin tool

[Rainer Duffner]

> Am 06.02.2016 um 17:34 schrieb Kägi Adrian :
> 
> Hi Swinog
> I guess all of us is in touch to administrate DNS Servers. And I guess Bind 
> will be a popular one.
> In our situation, different admins, with different skill make changes on zone 
> files. And some guys (. I cannot understand why.), don't like vi as 
> administration tool.
> We're looking for a web based Admin Tool, to manage our zone files on two 
> Bind DNS (Master, slave) Servers. If any possible, this tool should support 
> zone based admin rights for external customers.
> 
> What kind of tool do you use? Webmin? Plesk? vi?
> 
> I found a lot of outdated and unmaintained tools, quite frustrating.



Hi,

we use NicTool (http://www.nictool.com <http://www.nictool.com/>, 
https://github.com/msimerson/NicTool/releases 
<https://github.com/msimerson/NicTool/releases> )
Though, it’s web interface is currently not public-facing.

The only thing it doesn’t do right now is DNSSEC.
Also, its privilege-system granularity stops at the zone level.
So, you can assign the rights for a complete forward- or reverse-zone, but not 
for a single IP of a reverse-zone.

The web interface itself is usable, but lacks i18n.

People can still shoot themselves in the foot - but the tool does a lot of 
checks in advance.


The cool thing is, it supports all kinds of DNS-servers, not just bind.



Rainer
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

[swinog] UPC-Cablecom and ip6.arpa

[Rainer Duffner]

Hi,

a customer with a UPC line has contacted us to ask how a PTR-record for his 
IPV6-address could be created.
Customer also asked for IPV6-resolvers…

Address/network in question is:

2a02:aa08:e000:b00:: /56

Currently, it looks like this range isn’t delegated.

dig -x 2a02:aa08:e000::

; <<>> DiG 9.9.4-rpz2.13269.14-P2 <<>> -x 2a02:aa08:e000::
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 30794
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.e.8.0.a.a.2.0.a.2.ip6.arpa. IN 
PTR

;; AUTHORITY SECTION:
0.a.2.ip6.arpa. 899 IN  SOA pri.authdns.ripe.net. dns.ripe.net. 
1434384236 3600 600 864000 7200


Or am I wrong?

Maybe somebody from UPC can contact me off-list to direct me to the people 
responsible for UPC-Cablecoms reverse-DNS-infrastructure…


Thanks in advance.





___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] New .exe virus in.zip file via mail

[Rainer Duffner]

> Am 16.04.2015 um 16:54 schrieb Mike Kellenberger 
> mailto:mike.kellenber...@escapenet.ch>>:
> 
> Hi all
> 
> I've been contacted by a couple of customers which caught a new virus in the 
> last few days, sent by e-mail in a .zip file containing an .exe. (yes, there 
> are still people out there who open these kind of attachments if they come 
> from a known address)
> 
> The .zip file passes our AV on the mailserver (Kaspersky) as well as our 
> desktop AV (Symantec) with the newest definitions.
> 
> Once infected, it spreads via e-mail (probably through the outlook e-mail 
> profile, it authenticates nicely against our mailserver anyway) blasting out 
> hundreds of mails in a single short session only to sleep again until the 
> next day...
> 
> Has anybody else seen this? Is there a name or details or cure fo it yet?


virustotal will tell you a name, which you can google.

Antivirus is a bit of a placebo and snake oil - but surprisingly, a lot of 
people still believe in its value for them while the only value it really has 
is for those who sell signature-updates...

I’m pretty sure you can also block exe’s in zips - AFAIK, google has recently 
started blocking exes, too.

https://support.google.com/mail/answer/6590?hl=en 


Bugs in „popular“ office-productivity software would in practice require to 
block .doc, .xsl, .ppt etc.
So, it’s not usually done.

I’d be glad that the thing was so noisy. If it was an APT-style attack, you’d 
only realize it months later (or not at all, until MELANI and SWITCH contact 
you, or worse: the press).
Or maybe there’s an APT going on in the background and this was only the decoy 
;-)




___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Auskunft über Personendaten / deutsches Recht anwendbar?

[Rainer Duffner]

> Am 23.12.2014 um 13:06 schrieb Q-X GmbH - Pascal Wagenhofer 
> mailto:wagenho...@q-x.ch>>:
> 
> Hallo SWINOGer
>  
> I hope, you’re enjoying already the holidays somewhere around.
>  
> We’re having here a little difficulties with a german lawyer. We’re offering 
> shared hosting services. One of our customers is sharing links to 
> uploaded.net <http://uploaded.net/>, which contains music, which might be 
> copyright protected.
>  
> The german law agency is now requesting the data of the owner which – 
> apparently – we cannot provide due to restrictions of the data protection law 
> of Switzerland. They’re supplying us this 
> judgement:http://www.justiz.nrw.de/nrwe/olgs/koeln/j2011/6_U_87_10urteil20110325.html
>  
> <http://www.justiz.nrw.de/nrwe/olgs/koeln/j2011/6_U_87_10urteil20110325.html> 
> .
>  
> Question to the community:
> 1.   What are you doing in such situations? (Yes, appart from contact 
> your lawyer ;-) ).
> 2.   Did you have similar issues and how did you handle them?
>  
> I wish you merry Christmas and a happy new year.



How much jurisdiction does a German court have in Switzerland anyway?

Can’t you ask them to go to a Swiss court in Lausanne or wherever that stuff is 
handled?

Oh wait, that would mean additional cost (like working with a lawyer in 
Switzerland, of all things), most likely without a ROI in the end.
So, it’s easier trying to intimidate the hosting-company.


If what whois provides is not enough - tough luck.




Rainer




___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] 3G Repeater

[Rainer Duffner]

Am Thu, 31 Jul 2014 08:28:17 +0200
schrieb Miguel Elias :


> But some times, it isn't at all bad, to have this lonesome island with
> no reception. :)
> 



Yep. 
They could rent it out as an "offline-holiday" apartment ;-)


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Intel X540 Driver Documentation

[Rainer Duffner]

Am Tue, 25 Feb 2014 09:32:16 +
schrieb :

> Hi Everyone,
> 
> I have a friend working on the Intel X540 driver for BSD and he needs
> some documentation.
> 
> He wrote me:
> 
> 
> 
> We are working on intel X540  driver and are in need of some
> documentation, which seems not to be so readily available,
> 
> We need to get the
> 
> X540 datasheet – chapter 18 –  Apparently this is intentionally not
> published.
> http://www.intel.co.uk/content/www/uk/en/network-adapters/10-gigabit-network-adapters/ethernet-x540-faq.html?wapkw=x540+datasheet
> 
> Do you know anyone who could get us this chapter
> 
> 
> 
> Anyone who could help me out here? If so, PM me directly.
> 
> 
> 
> -steven



I suggest posting to freebsd-stable.
AFAIK, Intel has paid staff working on the FreeBSD drivers and they do
post and read on that list.
They should be able to put you in touch with the right people quickly.




___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Fun with Fiber

[Rainer Duffner]

Am Mon, 18 Mar 2013 14:59:08 +0100
schrieb Andre Oppermann :

> On 18.03.2013 14:48, Pim van Pelt wrote:
> > Hoi,
> >
> > 2013/3/18 Andre Oppermann :
> >> The Netflix guys wiring up a fully loaded ASR9010 with 118 single
> >> mode fibers:
> >>
> >>   http://www.youtube.com/watch?v=tyb-nnRNwfw
> > Cool!
> >> Their CDN boxes are almost stock FreeBSD 9.1 based, contain some
> >> 35 HDDs at 4TB plus a couple of SSDs and push about 15Gbit/s *each*
> >> during the evening hours.  They are limited by HDD (seek)
> >> bandwidth.
>  >
> > Do you think they use ZFS+L2ARC as the filesystem of their content
> > push system?
> 
> IIRC they use plain UFS2 on the disks.  They don't care about disks
> dying, so no RAID.  The availability of the content is controlled
> from upper layers.  So if a disk dies requests for that content get
> redirected to another box with the same content.  Only the popular
> movies and shows are stored on the CDN boxes.  The long tail is
> served from AWS S3.
> 



Described in more detail here:


http://lists.freebsd.org/pipermail/freebsd-stable/2012-June/068129.html


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] NIC

[Rainer Duffner]

Am 03.09.2012 um 20:34 schrieb Pim van Pelt :

> 2012/9/3 Lukas Eisenberger :
>> Anybody else also having problems reaching www.nic.ch?
> --- www.nic.ch ping statistics ---
> 5 packets transmitted, 5 received, 0% packet loss, time 4005ms
> rtt min/avg/max/mdev = 4.436/4.562/4.783/0.126 ms
> 
> --- www.nic.ch ping6 statistics ---
> 5 packets transmitted, 5 received, 0% packet loss, time 4005ms
> rtt min/avg/max/mdev = 16.920/18.038/19.724/1.359 ms
> 
> telnet to IPv4 and IPv6 port 80 works.
> 
> $ curl -I www.nic.ch
> HTTP/1.1 302 Found
> Date: Mon, 03 Sep 2012 18:34:00 GMT
> Server: Apache
> Location: http://www.nic.ch/reg/
> 
> Works for me -- AS15169.


Yep.
But:

"Wegen Wartungsarbeiten ist das Registrierungssystem zur Zeit ausser Betrieb."


And it took ages to get to that page.




___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] massive amount of hanging web connection

[Rainer Duffner]

Am Thu, 26 Apr 2012 17:24:05 +0200 (CEST)
schrieb "Silvan M. Gebhardt" :

> Good Evening, 
> 
> 
> 
> We currently face an excessive amount of open/closing connections on
> our webservers (dozends of servers showing the same thing) and it is
> going to all different domains and different files, looks like
> massive connection aborts going on. 
> 
> 
> 
> Does anyone know if a large ADSL/Cableprovider is having problems? We
> do not see packet drops at our Firewalls at all 


Only Swiss IP-ranges?

It could also be something like slowloris.


Rainer


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Blocking Malware distribution sites

[rainer]

> On Thursday 11 November 2010 11:08:16 mailinglis...@p-guhl.ch
> wrote:
>> Besides that: How do you make sure (legally) that any of your
>> e-mails really got through?
>
> Quite a challenge to send an E-Mail to a domain with non-existent
> NS and therefor no MX RRs... Or does switch give me a call? Or
> maybe you send a telegram?

AFAIK, the mails are sent immediately before inactivating the domain.
(They already do that for domains they delete (late payments etc.), so we
can clean out our DNSs)

There was a recent event at the SWITCH HQ, where all this was discussed.
SWITCH basically promised not to "rush" anything.
If the ISP vetos a deactivation (e.g. because it's a subdomain of his main
domain), the process is supposed to stop at that point.
The idea is to remove the "ignorants" only, as each case is looked at
specifically and individually.
SWITCH only works 9-5-5, so the 24h period is really "next business day".

The process was tried out a couple of months ago.


That's what I took home from the event.
Mis-handling of individual cases is still possible, of course ;-)




Regards,
Rainer


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] BÜPF...again ; )

[rainer]

> We probably all followed the discussion in Germany about the
> "Bundestrojaner" and how it failed.
>
> And of course, a trojan spying on citizens is a major impact in privacy,
> which is not acceptable.

Try to argue about that with people who have a facebook-account.
Last count: 500 000 000+.
Privacy is something, only old people seem to care about.

> However I don't think, that it's possible to create such a trojan and
> use it, because of the following facts:
>
> - It's not very easy to put a trojan in a system of a prudent user, who
> updates regularly and doesn't open every mail or document received.
> - Virusscanners will soon know the trojan
> - The swiss government doesn't have enough power to force antivirus
> software creators to ignore the trojan.

Maybe not the Swiss government.
But I'd like to point out that we already have an infrastructure for
lawful inspection ("LI") of telephone calls (it's actually a thriving
industry...).
As such, there are even standardization-bodies for it.
Do you think that it's impossible an industry-standard for LI of
individual PCs might emerge?
AV-vendors are global companies, mostly. Just like telcos, they'd have to
implement what governments order them to do.

Even for "normal" malware, the detection-rate of AV-software is mediocre
to the point that it's barely above placebo-level.
How would you know that a certain AV-software does not detect a trojan?
With the exception of clamav, no AV-engine is open-source, neither are the
signatures.
And even clamav is now owned by a commercial company (Sourcefire,
incidentially the company behind the only open source Intrusion Detection
System).

> - Not all criminals use Windows ;-)

Indeed, but most do. And rootkits exist for Linux + BSD, too.

What politicians don't seem (or simply don't want) to understand is that
the problem of these LI-technology lie in the huge potential for abuse and
misuse.
Politicians sometimes seem to live in an ideal world, where there is no
corruption and no abuse of power (or they are simply not negatively
affected by it...).



Rainer


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Subliminal advertising / Spam from our domain registry switch/nic.ch

[rainer]

> Um... after only surfing their webpage for 30 seconds I found this:
>
> Aus den Statuten:

[...]

> So according to their own documents, they have no commercial interest
> (never laughed so hard).


Well, you can take in millions, but still not make a profit:

http://www.techdirt.com/articles/20100708/02510310122.shtml


;-)



Rainer



___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] IronPort E-Mail Reputation

[rainer]

> Hi Patrick,
>
> From my past experience delivering very often very big newsletters...
>
> Some advices to deliver mass of mails:
>

> 7) Educate your users for strong passwords.

This is useful (info/info anybody...?).
But nowadays, most credentials get actively stolen by trojans - however
strong they are.

The problem is the original backdoor/virus infection.
Which leads us back to square one of the Spam-problem: users.



Rainer


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Geolocating IP's

[rainer]

> actually there's usually much more information than just country code.
> At least sites like http://adultfriendsfinder.com/  show my town quite
> precisely, and my IP is a part of a
> huge Cablecom pool.

Maybe there's a super-cookie left on your harddisk, from the last time you
logged in ;-)

SCNR.


Rainer


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Geolocating IP's

[rainer]

> hello everybody
>
> Is anybody of you aware, how the most popular services (Google, Zattoo,
> Facebook, etc) are matching geographic locations to ip-adresses ?

I don't expect somebody from Google coming forward ;-)

My guess(es):
 - Google: they built their own database, based on data available from
commercial providers (maxmind)
 - Facebook: dito, of course with less engineering effort than Big G.
 - Zattoo: probably uses Maxmind's dataset with little local modifications


There's not much you can do IMO. If some website thinks you are in country
X, and refuses to provide certain services as a result, the only solution
is to complain to the website directly and ask them to update their
databases.
I don't think people can read the RIPE databases in realtime.



Rainer


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Port 25 Blockade @ Swisscom (Bluewin)

[rainer]

>> steven.glog...@swisscom.com wrote:
>> Hi everyone
>> Will we start to block completely port 25 in the future? No,
>> absolutely not.
>
> I rather have that you actively block port 25 without any inspection and
> just like you are offering now allow people to request the port to be
> opened. This avoids the whole legal issue with doing a MITM.
>

People are just too ... uneducated... to really get to the grips with this
port 587-stuff.
Blocking port 25 for *everybody* will just help to induce one shitstorm of
a support-nightmare. It doesn't even make a difference if you have a
grace-period or not (people ignore this stuff anyway).
Steven can probably provide numbers about how many people are still using
25 vs. 587.
It's probably millions.
What happens if millions of people call the support-hotline?

Yep, I hate the privacy implications. But with 100k abuse complaints/month
- what would you do, besides going postal?

The only thing that could be done is a government-mandate to cut-off
people with zombies in their LANs from the net and have a state-licensed
PC-techie come over and clean-out the PC(s). For 200 CHF per hour. Plus 37
CHF court costs and administrative fees. ;-)


It works for cars, so it should work for PCs, too, right?
;-)



Rainer


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Cisco Devices for Sale / 2x Cisco ASA5520 / CiscoWS-C4507R + some modules

[Rainer Duffner]

Mickey Coggins schrieb:
>> Alternatively:
>> do you know company near Zurich, which makes business with
>> buying/selling used hardware in this class ?
>> 
>
> I would also be interested in knowing about such a company - I have
> several tons (literally) of IT equipment I'd like to get rid of.
>
>   

Well, if all else fails:

http://www.swicorecycling.ch/d/entsorgen_unternehmen.asp


SCNR
;-)


Rainer


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] DNS virtual Appliance

[Rainer Duffner]

Am 08.12.2009 um 22:35 schrieb Reza Kordi:

> At least Marc had an Idea.
>
> Thanks anyway


Anybody tried pfDNS?
I always want to try it, but never get around.
It's an appliance in the style of pfSense but for (IIRC) tinydns.




Rainer

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Video Streaming

[Rainer Duffner]

Mateo Meier schrieb:
>
> Hi guys,
>
>  
>
> Does anyone has any experience with on demand online video streaming ?
>
>  
>
> Regards
>
> Mateo
>
>  
>
>  
>
>  
>


Flash or MPEG?

We haven't done MPEG, but Flash, you can do with NGINX. Quite nicely,
actually.

What kind of traffic are you estimating?



Rainer

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] killer app for IPv6

[Rainer Duffner]

Jeroen Massar schrieb:
> Rainer Duffner wrote:
> [..]
>   
>> How does that work on IPV6 anyway?
>> I read that RBLs will be dead in IPV6-land, due to the fact that the
>> address-space can't be packed in a database anymore..
>> 
>
> The person who writes that does not realize how much easier it becomes.
>
> RBLs will simply take a scheme of:
>
> Register in db a max of   5 spamming IPs in the database per /64,
>""   """" 50 spamming /64's per /48
>""   """"500 spamming /48's per /32
>
> The '5' is variable of course. Too much spam, just block the whole /32
> unless they clean it up. Veyy easy.
>
> Heck for that matter similar system could be employed for IPv4:
>
>   

Spamhaus does that, AFAIK.


> Register in db a max of  5 spamming IPs in the database per /24,
>""   """"50 spamming /24's per ASN
>
> Tada, block out the whole ASN when it hits the threshold. Then again,
> there won't be much mail coming out of there in those cases.
>
> Also, politically all /48's should be registered in WHOIS, which is of
> course a good thing. It seems though that there is no enforcement there
> and most ISPs don't care at all though.
>
>   
>> Currently, RBLs are an important part of our spam-defence.
>> 
>
> You do mean as a scoring method I hope...
>
>   


Yes, but we also block. Mostly dynamic IPs and stuff on the swinog/IX-RBL.
On my own mailserver, I block all Asian IPs ;-)



Rainer

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] killer app for IPv6

[Rainer Duffner]

Stanislav Sinyagin wrote:
>
>   
> forcing will not work, we all know that. The users have to be attracted by 
> some 
> new possibilities which they didn't have with ipv4.
>
> Free and completely legal movie downloads and spam-free email could be such 
> a driver. 
>
>   

How does that work on IPV6 anyway?
I read that RBLs will be dead in IPV6-land, due to the fact that the
address-space can't be packed in a database anymore..
Currently, RBLs are an important part of our spam-defence.

> What else? Everything else we already have with ipv4, why bother buying 
> new modems, tweaking settings on my windows PC, spending hours on support 
> lines? :)
>   

People love to do that, apparently. Why else would there exist so much
literature around those subjects?
;-)



Rainer


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Swisscom "disables" xxx website!?

[rainer]

> why everone is talking only about swisscom?

Because they are the biggest
Large target -> easy shot.
Or was that a rhetorical question?
;-)

> what about cablecom/upc, sunrise, thenet, init7, etcetc...
> what are you doing against that?
> would be interesting to see, what is everyone doing to prevent
> cyberterror?

The same, I must assume.
(I.e.: get rid of the problem by null-routing the targeted IP).
But I'm glad that 20min actually went forward with the story.
Wouldn't have surprised me if the guy had to shop the story around.

> (this might be probably an interesting topic for swinog-20...).
>
> beside DoS attacks there are other possiblities. what if someone is nuking
> telehouse? what if someone putting fire into an exchange? what if someone
> breaks into an exchange and steals hardware armed/unarmed (already happend
> in if i'm not wrong chicago)

Well, it will only happen if there is some profit to make and this is the
easiest way to reach the goal.
Cui bono?

> this topic is sooo huuuge ,-)

Indeed.



cheers,
Rainer

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Swisscom "disables" xxx website!?

[rainer]

> why everone is talking only about swisscom?

Because they are the biggest
Large target -> easy shot.
Or was that a rhetorical question?
;-)

> what about cablecom/upc, sunrise, thenet, init7, etcetc...
> what are you doing against that?
> would be interesting to see, what is everyone doing to prevent
> cyberterror?

The same, I must assume.
(I.e.: get rid of the problem by null-routing the targeted IP).
But I'm glad that 20min actually went forward with the story.
Wouldn't have surprised me if the guy had to shop the story around.

> (this might be probably an interesting topic for swinog-20...).
>
> beside DoS attacks there are other possiblities. what if someone is nuking
> telehouse? what if someone putting fire into an exchange? what if someone
> breaks into an exchange and steals hardware armed/unarmed (already happend
> in if i'm not wrong chicago)

Well, it will only happen if there is some profit to make and this is the
easiest way to reach the goal.
Cui bono?

> this topic is sooo huuuge ,-)

Indeed.



cheers,
Rainer

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] ip abuse ?

[Rainer Duffner]

. . schrieb:
> Hi swinog
>
> today i recieved the following mail:
> 
>   


Last time I looked, German courts and policy-officers didn't have much
ruling over Swiss companies.
Did that change?
Advise him to get a court order from a Swiss judge.
For bonus points, point out that he should use the "-- "
(dash-dash-space) as a signature-separator ;-))



Rainer

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Fwd: Re: "Hackerparagraph"

[Rainer Duffner]

Michael Naef schrieb:
> On Monday 23 March 2009, Rainer Duffner wrote:
> [..]
>   
>> People can survive without email
>> 
>
> I am tempted to doubt that. The reactions to mail outage suggest 
> the contrary ;-)
>
>   

Well, it depends.
I survived a week without email on my holiday.
;-)
But our customers' business sort-of depends on email-availability, yes.

Can you eat/drink email?
Can you breath email?
Can you email the garbage away?
;-)

Nope, it's fully virtual.
Email's non-availability is only an issue, if you're the only one
without it.
If everybody else didn't have it, it wouldn't be such a problem.



Rainer

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Fwd: Re: "Hackerparagraph"

[Rainer Duffner]

Ihsan Dogan schrieb:
>
>
> Instead of educating politicians it would make more sense, if the IT
> people would be more involved in politics. The IT industry is doing more
> for the GDI (BIP) than the farmers, but unfortunately we are not organized.
>
>   


We also have no means to deliver kilo-gallons of slurry to the
front-door of the parliament ;-)
Also, farmers have much more means to apply pressure to the public -
it's not easy to replace their goods & services on short-notice and they
are mostly self-employed.
Our work has been commoditized to the point where we are replaceable
almost immediately - and most of us are employees. Those who are not are
replaceable even easier
And all the heavy-lifting of the infrastructure is done by big
corporations that never go on strike or deny service to their customers
(which is the usual way pressure groups like garbage-men and farmers get
their agenda through).

A part of reality is also, of course, that most of what we do is not
really essential - superfluous luxury so to speak.
People need food, water, shelter (and garbage-collection). People can
survive without email (though we work hard to convince them otherwise) ;-)


Rainer



___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Post from Canton de Vaud

[Rainer Duffner]

Mike Kellenberger schrieb:
>
> just thinking about this again: why don't they force the site operator
> to take down the site? Would be much easier…
>
>  
>

He's already mirrored it on various servers outside of Switzerland.

Stupid detail: some of the URLs you have to DNS-lame-delegate are
actually .ch servers!
But instead of asking SWITCH to just remove the NS entries or delete the
domain, they go to each provider...
Of the rest, some have already fallen to domain-grabbers...

This is s stupid.
Besides, our resolvers don't accept queries from all over the world.
There's no way to verify other than buying a subscription from us...

As they say in the US: your tax-dollars at work.
Big mistake of the guy: he attacks and offends some judges...



Rainer
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Advice from cc needed

[Rainer Duffner]

d...@nts.ch schrieb:
> Hi folks
>
> Can a cablecom techie contact me offlist? I'm in war with the swissonline.ch
> spam protection.
>   


Did you get anything out of this?
The mailsystem is in Austria now, AFAIK and it seems to be easier to
press water out of a stone than to get any feedback at all from them
;-)

FYI: we now configured our relays to send exactly one message at once,
so that their gateway doesn't think we're spamming them, just because a
large number of users forward their mail (which contains some spam,
because we have to forward that, too) from their personal domains to
their hispeed accounts.



Rainer
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] trouble to reach a DNS-server from a single network in switzerland

[Rainer Duffner]

Am 12.11.2008 um 20:28 schrieb Stephan Wolf:

> rebel-management.com


Yeah, works fine from here to.
And from my colo-box in Nuremberg.

Try one of the various public nslookup tools on the web, if you don't  
trust your local resolver.
Or setup a quick dnscache installation and go directly via the root- 
servers.



Rainer
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] IRC Server dead ?

[Rainer Duffner]

Stanislav Sinyagin schrieb:
>> From: Andre Timmermann <[EMAIL PROTECTED]>
>> 
>
>   
>> Am Mittwoch, den 08.10.2008, 03:55 -0700 schrieb Stanislav Sinyagin:
>> 
>>> yes, Venty, everyone wants to know what you talk about in your 
>>> private communications.
>>>   
>> Yihaaa, the *ng "I don't have anything to hide"-statement.
>> 
>
> nope, it's the other thing: If I need to hide something, I use the right 
> tools :)
>
> so, if I go once and buy 1000 paper knives, I will not pay by my plastic card 
> and won't use any Supercard or Cumulus :-)
>   


Well, in the former GDR (DDR, East Germany), when they had elections,
people could use the polling booth to mark the ballot paper in privacy.
But most people choose not to - it looked too much as if they had
something to hide and might want to vote with "No" (GDR was "famous for
99.9%" results.

What people don't seem to "get" is that privacy is something you've got
to maintain while you don't really need it - because if you let it erode
to the point that it no longer exists, it's too late and you can't
reclaim it without large and painful sacrifices.




Rainer


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] IRC Server dead ?

[Rainer Duffner]

Stanislav Sinyagin schrieb:
>> From: Martin Ebnoether <[EMAIL PROTECTED]>
>> 
>
>
>   
>> All that is needed to take Skype down is an automatic windows
>> update of some thousand computers.
>>
>> Remember last summer?
>> http://ars.userfriendly.org/cartoons/?id=20070819
>> 
>
> hey Venty, long time no see :)
>
> if you remember, back in 2003-2004 there were viruses which knocked down 
> hundreds 
> of thousands of windows PCs. So what, we're still using that :)
>
>   

Well, you maybe - I don't ;-)
But then, I also didn't use Windows in 2003, either...
Nowadays, the viruses don't knock down the Windows-boxes, they just use
them as Spam-Zombies or attack-drones or whatever the people that rent
them want to use them for.


> If the tool serves my needs, I don't really care if it's open source - I'm 
> not 
> going to compile anything on my desktop anyway. And if it collects any 
> marketing 
> stats, so what, everyone is doing that, and we're helping them (Coop Supercard
> for example).


I don't have any of those, either.


>  There's nothing bad about companies knowing better what I might 
> buy from them :-)
>   

I think you are oversimplifying and trivializing what these databases
can be used for.
Nowadays, these giant databases of consumer buying-behavior are probably
also used to find potential terrorists.
"Who bought box-cutters and what did they buy with them?"
"Who bought box-cutters only?"
"Who bought the other items alone that the people buying box-cutters and
other items bought?"

It's hilarious, but that's how some people actually believe the war
against terror can be won.

Also, I think you should do some reading regarding the Skype application.
I think that if it wasn't for its widespread use, most AV-programs would
consider it "malware".
The executable itself is packed and encrypted and actively tries to
avoid debugging/reverse-engineering by in-memory debuggers.
The communication itself is encrypted with an unknown encryption-method.
And of course, yes, no source code is available (for the general public).

I did sign up for an account and used it for a few times - but just
because I didn't have time to setup my own Jabber server and experiment
with iChat ;-)
I've got a _very_ bad feeling using this app - it's just scary.



Rainer

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] RBL's (again) (Was: Anyone from Green here?)

[Rainer Duffner]

Am 11.09.2008 um 20:28 schrieb [EMAIL PROTECTED]:

> great idea,
> whitelisting every system on the world which sends confirmation  
> email ..
> it will be an big efford for that small country to convince the rest  
> of the world
> ;-)


To be precise:
I use dnsbl.sorbs.net to blacklist all dynamic IPs (and the RBL from  
spamcop, and also the swinog RBL - I would use spamhaus, but they  
blocked us because we make too many requests and we can't afford their  
prices). Then, I use the list on the SWINOG-RBL homepage to whilelist  
all the swiss dynamic IPs (and some other big systems, plus various  
IPs clients requested us to whitelist over the years) - because those  
are the one's that may actually want to relay through our system or  
send us mail legitimately.
senderbase.org helps finding IPs of outbound relays, too.

I don't use greylisting - IMO, it's a system that doesn't work large- 
scale, in a similar way TMDA or other "please reply to this email or  
click on this link"-systems don't work in practise.

To be vaguely on topic - most of our customers have static IPs, and  
it's not a problem to set the PTR to another value.
But we also don't boast 10+ customers, like www.green.ch does -  
maybe they're afraid of having to change 100k PTRs, if they set a  
precedent?
;-)

IT would be so easy - it's just users and customers that make it  
difficult :-)))



Rainer
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] RBL's (again) (Was: Anyone from Green here?)

[Rainer Duffner]

Jeroen Massar schrieb:
> Marc SCHAEFER wrote:
> [..]
>   
>> I am a heavy users of those RBL lists, they offer quite a bit of
>> protection (but not as much as you might think, and with
>> 
>
> You should use RBL's only for *scoring*; not for decision making and
> then directly rejecting based on it.
>
>   

In Switzerland, you can whitelist most of the "known-good" (dynamic) IP 
address ranges (and important mailservers) quite easily with a mixture 
of the list provided by the swinog-RBL and some historic data.
There rest is dealt with a few customer-support tickets.
That's the beauty of Switzerland - it's so small ;-)


Rainer
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] searching a manageable fanless gigabit switch

[Rainer Duffner]

Am 08.07.2008 um 22:13 schrieb Peter Rohrer:

> Hello
>
> I'm looking for a manageable fanless gigabit Ethernetswitch with
> VLan-Tagging, SNMP and 16-24 port.
> Unfortunately, everything I've seen so far has either no SNMP, no
> VLAN-Tagging or a noisy fan.
>
> Do you know any such device?
>


Maybe HP's 1800-24G, available at (amongst others...) digitec.ch

Web-managed, but apparently it does VLANs.
I own a 1800-8G (same-same, but with 8 ports) - but I must confess I  
didn't have time to do much with it.

I'd give the 1800-8G a try and see if it does what you want, then buy  
the 1800-24G (which costs a bit more than double the price of the  
1800-8G).



Regards,
Rainer
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Firewall recommendation for a rack of webservers?

[Rainer Duffner]

Beat Siegenthaler schrieb:

Rainer Duffner wrote:

http://pfsense.org/index.php?option=com_content&task=view&id=44&Itemid=50 


and start with that.  But the customer would also like to see some "non
open-source"-based solutions... :>




I'd go for a Netscreen model -


The funny thing about this: Netscreen and pfSense are both xBSD-based 
;-). Nokia is BSD-Based... Checkpoint (SPLAT) is Linux-based...

In this case You will be forced to deploy M$-ISA ;-)



I thought only the Juniper router stuff was FreeBSD-based (they recently 
donated a MIPS reference implementation).
AFAIK, Nokia moved to Linux, too, some time ago. But previously, they 
could give you Checkpoint on BSD. In a way.


pfSense is FreeBSD6 ;-)


Rainer
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Firewall recommendation for a rack of webservers?

[Rainer Duffner]

Olivier Mueller schrieb:

Hello,

Now that the office firewall is running fine (uptime: 34 days, not a
single problem since last month, cf. the "VDSL/Zyxel P2802 HWL not
"strong" enough for a small company LAN?" thread), I'm now back, 
looking for a new kind of firewall :) 

Is there anything you can recommend in this case?  It if was only me, 
I would take something there:

http://pfsense.org/index.php?option=com_content&task=view&id=44&Itemid=50
and start with that.  But the customer would also like to see some "non
open-source"-based solutions... :>

  


I'd go for a Netscreen model - but which model also depends on the 
number of sessions you expect.

If people are "brand-addicted", they should at least expect to the price.



cheers,
Rainer






___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Bluewin SMTP Policy

[Rainer Duffner]

Jeroen Massar schrieb:


Just display the captcha from the signup on $pornsite, a person will 
fill it in for you, captcha bypassed. If it is interesting and cheap 
for then to abuse it, they will.



Do you have a current, working example for that?
(Just for research purposes, of course)
;-



Rainer
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Bluewin SMTP Policy

[Rainer Duffner]

Roger Schmid schrieb:

On Fri, Jun 13, 2008 at 10:13 AM, Adrian Ulrich <[EMAIL PROTECTED]> wrote:
  

Hi Roger,




I see the problem, but perhaps something like a captcha would also be
sufficient to prevent this.
  



I don't think so.
Spammer signing up for free accounts is also a "social" problem in that 
the spammers (or the people they pay) don't have much choice.

You can't solve social problems with technology (much as we would like).



Rainer
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] SwiNOG-BE61 - Beer Event 61 - 5th of May 2008 @ Hooters / ZH

[Rainer Duffner]

[EMAIL PROTECTED] schrieb:

hi everybody

well... new beer event, new location.
let's try the hooters ,-)
will food be a irrelevant fact? ,-)

the facts for the next event:
-
Date:   5th of May 2008

Time:   starting around 18.30 o'clock

Location:   @ the "Hooters" beside Helvetiaplatz
(www.hooters.ch)

Registration deadline:  03.05.2008 16:00:00

  


Hi,

ich hab' vergessen, mich anzumelden - ist ja auch nicht immer sicher, ob 
ich kommen kann. Bzw. letztes mal hab' ichs komplett vergessen


Hätte trotzdem Interesse, vorbeizuschauen.

Ginge das?


cu,
Rainer

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] VDSL/Zyxel P2802 HWL not 'strong' enough for a small company LAN?

[Rainer Duffner]

Manuel Krummenacher schrieb:
> I personally would buy an Alix board from pcengines.ch (costs about CHF
> 150 with 3 LAN interfaces), install pfSense on it, switch the Zyxel to
> bridge mode and be happy. ;-) With the Alix, you would also gain extra
> benefits like complex packet filter rules, traffic shaping, traffic graphs
> etc. (see pfsense.com for full feature list).
>   


Seconded.
I've got a previous-generation WRAP board with pfSense (just upgraded to
the recently released 1.2).
It should be noted that pfSense also does IPSEC and OpenVPN "SSL-VPN"
and a host of other things.
I'm not sure how much bandwidth the Alix-boards can shuffle, but my WRAP
is supposed to max out somewhere in the 30MBit range.
You can also install it on an old PC and temporary replace the Zyxel, to
get some idea about the current traffic pattern.



Rainer



___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: AW: [swinog] Log centralisation / mining

[Rainer Duffner]

Michele Capobianco schrieb:
> Too bad that Splunk does not run on Windows :(
>
> We are a Windows Company and if i tell them that we want to run a Linux 
> Server, our Management would kill me ;)
>   


Then, don't expect a free (OSS) solution ;-)
I'd look into some of the UTM (Unified Threat Management) or
(specialized) IDS solutions.
I haven't tried it, but if I'd have a budget, I'd take a look at
Tenable's log-correlation products:
http://www.tenablesecurity.com/
They actually don't run on Windows, either, but they can analyze
Windows-logs.

See these links:
http://www.networkintrusion.co.uk/consoles.htm

BTW: I'd be interested to hear from people running one of those.


> Is there anything out in the Net for Log management witch is Windows Based?
>   

I guess there is a system-management solution from MSFT, too.
Call your MSFT-sales rep ;-)



cheers,
Rainer
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog