Re: How to find all of an ISP's ASNs

On Tue, Oct 25, 2016 at 9:03 PM, Hank Nussbacher wrote: > and if that doesn't work try: > http://bgp.he.net/AS3356#_graph4 > [replace the ASN with the ASN of your choice to see the interconnections.] > ​Doesn't always work--as it will only show upstream ASNs. For example,

Re: Should abuse mailboxes have quotas?

On Thu, 27 Oct 2016, Jimmy Hess wrote: On Thu, Oct 27, 2016 at 1:35 PM, Dan Hollis wrote: not so much malice as gross incompetence. running spamfilters on your abuse@ mailbox, really? that is, for those which actually have an abuse mailbox that doesn't bounce outright.

Re: Spitballing IoT Security

Hi Keith, On 10/28/16 1:55 AM, Keith Medcalf wrote: >>> The problem is in allowing inbound connections and going as far as doing >>> UPnP to tell the CPE router to open a inbound door to let hackers loging >>> to that IoT pet feeder to turn it into an agressive DNS destroyer. >> Well yes. uPnP

RE: Spitballing IoT Security

I suppose someone could modify this Mirai virus to instead inject antivirus software. I know, illegal. What would the manufacturers' response be if this virus had instead just shut down, possibly in some cases physically damaged the devices or otherwise caused them to cease functioning ever

Re: Re: Should abuse mailboxes have quotas?

Sorry about that, many networks do perform standard filtering on messages to Abuse contacts based on DNS RBLs, SPF/DMARC policy enforcement, virus scans, etc, and do send a SMTP Reject on detected spam or malware. I'll disagree, here. Sure, there are some basic considerations - but some of

Re: Should abuse mailboxes have quotas?

On 10/27/2016 05:36 PM, Jimmy Hess wrote: > If you get a SMTP reject, then call the the Abuse POC of the organization you > need to report abuse from. Not when the mailbox-full bounce is from a network in China, or India, or Pakistan, or Russia. Or a couple of other countries that seem to be

Re: Spitballing IoT Security

On 2016-10-27 23:24, Ronald F. Guilmette wrote: I put forward what I think is a reasonbly modest scheme to try to get IoT things to place hard limits on their "unsolicited" packet output at the kernel level, and I'm going to go off now and try to find and then engage some Linux embedded kernel

Re: CenturyLink in Advanced Talks to Merge With Level 3 Communications - Interweb is doomed

lol > On Oct 28, 2016, at 00:43, Larry Sheldon wrote: > > > > On 10/27/2016 12:36, Nevin Gonsalves via NANOG wrote: >> :-) >> http://www.wsj.com/articles/centurylink-in-advanced-talks-to-merge-with-level-3-communications-1477589011 > > OH BOY! Omaha Taxpayers get to

Re: CenturyLink in Advanced Talks to Merge With Level 3 Communications - Interweb is doomed

On 10/27/2016 12:36, Nevin Gonsalves via NANOG wrote: :-) http://www.wsj.com/articles/centurylink-in-advanced-talks-to-merge-with-level-3-communications-1477589011 OH BOY! Omaha Taxpayers get to replace all the BGSs for their party venue boondoggle. Again.

Re: Should abuse mailboxes have quotas?

On Thu, Oct 27, 2016 at 1:35 PM, Dan Hollis wrote: > not so much malice as gross incompetence. > running spamfilters on your abuse@ mailbox, really? that is, for those which > actually have an abuse mailbox that doesn't bounce outright. Sorry about that, many networks

Re: Spitballing IoT Security

In message <20161027204258.cd18057d5...@rock.dv.isc.org>, Mark Andrews wrote: >> The problem is, as I have said, this device is now the Apple equivalent >> of Windows XP. There could be a horrendous collection of a dozen or >> more known critical security bugs in the thing by

RE: Spitballing IoT Security

> > The problem is in allowing inbound connections and going as far as doing > > UPnP to tell the CPE router to open a inbound door to let hackers loging > > to that IoT pet feeder to turn it into an agressive DNS destroyer. > Well yes. uPnP is a problem precisely because it is some random

Re: Spitballing IoT Security

In message Ken Matlock wrote: >Fixing the current wave of 'IoT' devices and phones and Tv's etc is only >putting a bandaid on a broken arm. It gives the illusion of progress... >Until we accept that it's

Re: Spitballing IoT Security -- Dancing around a solution

I've been following the discussion with quite a bit of interest. What had become crystal clear to me is that nobody here has been looking at the problem from the perspective of the manufacturer, particularly how they actually get product to marked. A la "Dilbert". The engineer's credo: "Why

Re: Should abuse mailboxes have quotas?

On 10/27/2016 01:30 PM, J wrote: > I'm in the camp of not replying to every report. I was in that camp, too, when I was mail admin for a web host company. I wanted to spend my time fixing the flood, without having to take the time to reply. I figure the best reply is when the spamming stops. I

RE: Spitballing IoT Security

>On Thu, 27 Oct 2016, Ronald F. Guilmette wrote: > >> My iPhone 3GS still works just fine, > >I still have a "functional" iPhone 3G (no S). I don't think AT will >activate service on it at this point, and it's been relegated to iPod >service when I do yard work. > >> You can't *force* people to

Re: Spitballing IoT Security

> On 27 Oct 2016, at 21:25, Alan Buxey wrote: > > Hi, > > >> At which point the 3GS was almost 5 years old (having originally been >> released in June 2009) and had been already superseded by the iPhone 4, >> 4S, 5 and 5S/5C. > > But the release of and presence of

RE: Spitballing IoT Security

(deleted for ambiguity) > > Which is the point. These things stay out there...like those winXP > > boxes. There are 2 choices > > > > 1) manufacturers are responsible for the devices. No longer caring for > >them? Recall them. Compensate the users. > > > > 2) stronger obsolescence. eg

Re: Large BGP Communities beacon in the wild

On 27 October 2016 at 16:47, Owen DeLong wrote: > I don’t mind the move to 32, but I hope the vendors are getting appropriately > smacked for squatting and that those attributes are not allowed to be > misappropriated by the vendors. > > We have a standards process for a reason

Re: Spitballing IoT Security

On Thursday, October 27, 2016, Mark Andrews wrote: > > In message <16193.1477594...@segfault.tristatelogic.com >, > "Ronald F. Guilmette" writes: > > > > In message <20161027112940.gb17...@ussenterprise.ufp.org > >, > > Leo Bicknell

Re: Spitballing IoT Security

On Thu, 27 Oct 2016, Ronald F. Guilmette wrote: My iPhone 3GS still works just fine, I still have a "functional" iPhone 3G (no S). I don't think AT will activate service on it at this point, and it's been relegated to iPod service when I do yard work. You can't *force* people to throw

Re: Spitballing IoT Security

In message <56b9abd3-6911-42cb-9c9d-81fb33ca5...@lboro.ac.uk>, Alan Buxey write s: > Hi, > > > >At which point the 3GS was almost 5 years old (having originally been > >released in June 2009) and had been already superseded by the iPhone 4, > >4S, 5 and 5S/5C. > > But the release of and

Re: Spitballing IoT Security

In message <16193.1477594...@segfault.tristatelogic.com>, "Ronald F. Guilmette" writes: > > In message <20161027112940.gb17...@ussenterprise.ufp.org>, > Leo Bicknell wrote: > > >Actually, they encourage you to trade {your old iPhone} in... > >... > >If your device is too

Re: Re: Should abuse mailboxes have quotas?

I will admit, it's one of the faster ways I pick up on phishing campaigns against our users. So I'm not entirely against it. I'm in the camp of not replying to every report. On Thu, 27 Oct 2016 14:39:07 -0500 b...@theworld.com wrote FWIW abuse@whatever seems to be a favorite in

Re: Spitballing IoT Security

Hi, >At which point the 3GS was almost 5 years old (having originally been >released in June 2009) and had been already superseded by the iPhone 4, >4S, 5 and 5S/5C. But the release of and presence of those phones does not make the older phone suddenly stop working. As noted, the phone might

Re: Should abuse mailboxes have quotas?

On Thu, Oct 27, 2016 at 2:35 PM, Dan Hollis wrote: > On Thu, 27 Oct 2016, Christopher Morrow wrote: > >> On Thu, Oct 27, 2016 at 11:03 AM, Stephen Satchell >> wrote: >> >>> I'm tired of blatantly uncaring administrations. >>> >> it's also totally

Re: Should abuse mailboxes have quotas?

FWIW abuse@whatever seems to be a favorite in many spammers' lists. I doubt that's their intent, seems like a good way to draw attention to the spam from people with access to blocking lists etc, so I'll guess they just blindly harvest web sites etc and abuse@whatever shows up frequently. That

Re: Spitballing IoT Security

Perhaps something which is needed is analogous to Maritime Law's "Law of Salvage". If a manufacturer abandons all support of a technical product then they lose various intellectual property rights which might prevent a third-party from providing support. Including reasonable assistance such as

Re: Spitballing IoT Security

And I contend that the device manufacturer is only one part in this. Yes, the manufacturers need to get better in securing their devices (that's never been in question). *But* the end users need to have better CPE that can do NetFlow/Sflow/etc in a near real-time fashion. This would allow the

Re: Spitballing IoT Security

In message <20161027112940.gb17...@ussenterprise.ufp.org>, Leo Bicknell wrote: >Actually, they encourage you to trade {your old iPhone} in... >... >If your device is too old for that program, they will still take >it for free and recycle it in an enviornmentally friendly

Re: Spitballing IoT Security

On 27 Oct 2016, at 19:02, Ronald F. Guilmette wrote: > > > In message <20161027084939.5bdf457d0...@rock.dv.isc.org>, > Mark Andrews wrote: > >> Well the last update for the 3GS was iOS 6.1.6 in Feb 2014. > > Bingo! > > Less than a year and a half after

Re: Should abuse mailboxes have quotas?

On Thu, 27 Oct 2016, Steve Atkins wrote: If mail to abuse@ doesn't bounce, give them the benefit of the doubt until statistics say otherwise. I give them a couple weeks/months. The vast majority of them ignore, and allow the abuse to continue. It's amazing how quickly they respond when they

Re: Should abuse mailboxes have quotas?

On Thu, 27 Oct 2016, Christopher Morrow wrote: On Thu, Oct 27, 2016 at 11:03 AM, Stephen Satchell wrote: I'm tired of blatantly uncaring administrations. it's also totally possible that in some cases the mailbox for abuse@ got moved behind some orgs other mail systems...

Re: Spitballing IoT Security

In message <20161027112601.ga17...@ussenterprise.ufp.org>, Leo Bicknell wrote: >Problems I think consumer safety legislation can solve: > >* SSH and Telnet were enabled, but there was no notification in the UI > that they were enabled and no way to turn them off.

Re: Should abuse mailboxes have quotas?

to answer the actual question: all abuse mailboxes have quotas, either implicitly or explicitly. the amount of storage available to any given mailsystem is finite. technically correct. it's the best kind of correct. :-) t On Thu, Oct 27, 2016 at 11:03 AM, Stephen Satchell

Re: Spitballing IoT Security

In message <1477558411.730528...@apps.rackspace.com>, "t...@pelican.org" wrote: >...I back up to the cloud... Yes, I confess that this reasonable use case had not occured to me, and yes, it utterly negates what I was saying. (I myself am the paranoid type, so I -do not-

Re: Spitballing IoT Security

In message <20161027084939.5bdf457d0...@rock.dv.isc.org>, Mark Andrews wrote: >Well the last update for the 3GS was iOS 6.1.6 in Feb 2014. Bingo! Less than a year and a half after they stopped selling it, they effectively stopped supporting it.

Re: Spitballing IoT Security

In a message written on Tue, Oct 25, 2016 at 04:52:58AM -, John Levine wrote: > My nearest Apple stores are 50 miles away. I'm not sure 100 miles in > the car is a good tradeoff for one phone. Scroll down a bit further: "Tell us which device you have, and we’ll email you a prepaid mailing

CenturyLink in Advanced Talks to Merge With Level 3 Communications - Interweb is doomed

:-) http://www.wsj.com/articles/centurylink-in-advanced-talks-to-merge-with-level-3-communications-1477589011 thanks,-nevin

Re: Spitballing IoT Security

>Please don't, bring it to your nearest Apple Store instead where it >will be properly recycled, . My nearest Apple stores are 50 miles away. I'm not sure 100 miles in the car is a good tradeoff for one phone.

Re: Should abuse mailboxes have quotas?

>Are there any ISP's left that read and respond to abuse@ in a timely >fashion? I haven't seen one in at least a decade. Maybe I e-mail the >wrong ones. Or maybe you send reports that they can't act on. Mine are all in ARF format and ISPs reply and tell me they've acted on them all the time.

Re: Should abuse mailboxes have quotas?

> On Oct 27, 2016, at 9:47 AM, Leo Bicknell wrote: > > In a message written on Thu, Oct 27, 2016 at 08:03:11AM -0700, Stephen > Satchell wrote: >> For the last couple of weeks, every single abuse mail I've tried to send >> to networks in a very short list of countries has

Re: Should abuse mailboxes have quotas?

In a message written on Thu, Oct 27, 2016 at 08:03:11AM -0700, Stephen Satchell wrote: > For the last couple of weeks, every single abuse mail I've tried to send > to networks in a very short list of countries has bounced back with > "mailbox exceeds quota". I take this to mean that there isn't

Re: Large BGP Communities beacon in the wild

I don’t mind the move to 32, but I hope the vendors are getting appropriately smacked for squatting and that those attributes are not allowed to be misappropriated by the vendors. We have a standards process for a reason and vendors simply squatting on numbers is a violation of that process

Re: Should abuse mailboxes have quotas?

On Thu, Oct 27, 2016 at 11:03 AM, Stephen Satchell wrote: > > I'm tired of blatantly uncaring administrations. > it's also totally possible that in some cases the mailbox for abuse@ got moved behind some orgs other mail systems... This happened numerous times at

Should abuse mailboxes have quotas?

For the last couple of weeks, every single abuse mail I've tried to send to networks in a very short list of countries has bounced back with "mailbox exceeds quota". I take this to mean that there isn't someone actively reading, acting on, and deleting e-mail from abuse@. So my new rule is this:

Re: Spitballing IoT Security

Requiring manual approval is an excellent idea for the ThingSafe RFC! -mel > On Oct 27, 2016, at 2:10 AM, Mike Meredith wrote: > > On Thu, 27 Oct 2016 07:59:00 +0200, Eliot Lear > may have written: >> Well yes. uPnP is a problem precisely

Re: Spitballing IoT Security

I agree wholeheartedly. Yes, BCP (any relevant to your business), filtering, active tit-for-tat with abuse teams, calling out manufacturers, ISPs doing /anything/ (most already block 25 and 80, not that they give you the upload to bother with the latter and it's not necessarily for the

Re: Spitballing IoT Security

"Ronald F. Guilmette" writes: > My iPhone 3GS "goes on the Internet". > > Through no fauly of my own, it is also, apparently, destined in short order > to "go onto" a landfill, if not here, then in China or India, where a > pitiful plethora of shoeless and sad-eyed

Re: Spitballing IoT Security

In a message written on Wed, Oct 26, 2016 at 05:27:08PM -0700, Ronald F. Guilmette wrote: > do let me know how I can obtain this month's security patches for my iPhone > 3GS. > > (Note that Wikipedia says that this device was only formally discontinued > by the manufacturer as of September 12,

Re: Spitballing IoT Security

In a message written on Wed, Oct 26, 2016 at 04:40:57PM -0300, jim deleskie wrote: > So device is certified, bug is found 2 years later. How does this help. > The info to date is last week's issue was patched by the vendor in Sept > 2015, I believe is what I read. We know bugs will creep in,

Re: Spitballing IoT Security

On Thu, 27 Oct 2016 07:59:00 +0200, Eliot Lear may have written: > Well yes. uPnP is a problem precisely because it is some random device > asserting on its own that it can be trusted to do what it wants. Had From my own personal use (and I'm aware that this isn't a

Re: Spitballing IoT Security

On Thursday, 27 October, 2016 00:40, "Ronald F. Guilmette" said: > Point: I have a DSL line which is limited to 6Mbps down and 756Kbps up. > My guess is that if any typical/average user is seen to be using more > than, say, 1/10 of that amount of "up" bandwidth in any

Re: Spitballing IoT Security

In message <12439.1477528...@segfault.tristatelogic.com>, "Ronald F. Guilmette" writes: > > In message <20161026205800.7188d57b2...@rock.dv.isc.org>, > Mark Andrews wrote: > > >Actually things have changed a lot in a positive direction. > >... > >* Microsoft, Apple, Linux and

Re: Large BGP Communities beacon in the wild

Dear Internet, Through this beacon it was discovered that a vendor was squatting on BGP Path Attribute value 30. And another vendor sat on 31. So, a twisted turn of events, the Large BGP Communities effort has ended up with BGP Path Attribute value 32 - very befitting if you look at the very

Re: Spitballing IoT Security

Hi Jean-Francois, On 10/25/16 10:37 AM, Jean-Francois Mezei wrote: > On 2016-10-25 04:10, Ronald F. Guilmette wrote: > >> If all of the *&^%$# damn stupid vacation pet feeders had originally shipped >> with outbound rate limits hard-coded in the kernel, maybe this could have >> been avoided. > >