Hi, Daniel,
On 7/2/23 21:20, Daniel Marks via NANOG wrote:
Anecdotal but I've seen hacked AWS accounts with Cloudformation scripts
to create and destroy lots of tiny instances to rotate through IPv4
addresses.
As with everything, the question is always "what's the level of effort
that is
- On Feb 7, 2023, at 5:04 PM, Fernando Gont fg...@si6networks.com wrote:
> On 7/2/23 21:43, Sabri Berisha wrote:
>> - On Feb 7, 2023, at 4:20 PM, nanog nanog@nanog.org wrote:
Hi,
>>> Anecdotal but I've seen hacked AWS accounts with Cloudformation scripts
>>> to create and destroy lots
On 7/2/23 21:43, Sabri Berisha wrote:
- On Feb 7, 2023, at 4:20 PM, nanog nanog@nanog.org wrote:
Hi,
Anecdotal but I've seen hacked AWS accounts with Cloudformation scripts
to create and destroy lots of tiny instances to rotate through IPv4
addresses.
If only AWS would care about hacked
- On Feb 7, 2023, at 4:20 PM, nanog nanog@nanog.org wrote:
Hi,
> Anecdotal but I've seen hacked AWS accounts with Cloudformation scripts
> to create and destroy lots of tiny instances to rotate through IPv4
> addresses.
If only AWS would care about hacked AWS accounts.
Thanks,
Sabri
Anecdotal but I've seen hacked AWS accounts with Cloudformation scripts
to create and destroy lots of tiny instances to rotate through IPv4
addresses. Being able to rotate through IP addresses is not a new thing,
I'm sure we all have networks in mind when we think of garbage/malicious
traffic
For those who haven't seen it (i.e. Austin), here is "the guide" on how to
troubleshoot correctly with traceroute:
https://archive.nanog.org/meetings/nanog47/presentations/Sunday/RAS_Traceroute_N47_Sun.pdf
ICMP is deprioritized by any normal router. Non-cascading loss does not
indicate a problem
Hi, Bill,
On 7/2/23 01:26, William Herrin wrote:
On Mon, Feb 6, 2023 at 7:40 PM Fernando Gont wrote:
On 7/2/23 00:05, William Herrin wrote:
On the one hand, sophisticated attackers already scatter attacks
between source addresses to evade protection software.
Whereas in the IPv6 case , you
ICMP response time from a router/device is not a great way to judge if
there is an issue or not. The devices generally have control plane
policing and responding to ICMP is not prioritized at all.
I would suggest your engineer setup something on their end of the
connection that you can ping, and
Austin,
If you run MTRs or traceroutes through the node, is there any other
additional packet loss seen in the path, and at the destination? What does
the reverse MTR or traceroute look like? The attached image was stripped out
by the mailing list system.
Bufferbloat is controlled at the
Hello all,
One of my NetOps engineers resides in Lima, Ohio and they are receiving
terrible bufferbloat, packet loss, and random disconnects.
I have been pinging 24.33.160.213 (Lima, OH Spectrum/Chart Node) and it's
rejecting a ton of packets. This has been going on for weeks.
Node having
On 2/7/23 11:33 AM, Jay Hennigan wrote:
On 2/7/23 11:18, Michael Thomas wrote:
FWIW, lookalike domains can and do happen with http too. Nothing
unique about that to email.
Then the bad guys throw in the occasional Cyrillic, etc. character
that looks like a Roman one and things get even
On 2/7/23 11:18, Michael Thomas wrote:
FWIW, lookalike domains can and do happen with http too. Nothing unique
about that to email.
Then the bad guys throw in the occasional Cyrillic, etc. character that
looks like a Roman one and things get even more fun.
--
Jay Hennigan - j...@west.net
On 2/7/23 6:09 AM, Rich Kulawiec wrote:
On Mon, Feb 06, 2023 at 12:41:43PM -0800, Michael Thomas wrote:
This seems like a perfect object lesson on why you should use DKIM and SPF
and make sure the sending domain can set up a p=reject policy for DMARC.
But it's not. DKIM and SPF are mostly
On Tue, Feb 7, 2023 at 11:59 AM J. Hellenthal via NANOG
wrote:
> Your only option is to monitor the generic tld's atp and register them
> yourself. Clone attacks are real, impersonation has been around since
> centuries and yes, its an attack vector but only impacting your customers.
> There is
I've found this article before and implemented it for domains that we own, but
do not use for e-mail purposes.
https://www.gov.uk/guidance/protect-domains-that-dont-send-email
Might be worth checking it out.
Cheers,
Rafael
- Original message -
From: Konrad Zemek
To: nanog@nanog.org
*WATCH Hackathon Welcome Session*
*Meet Project Vendors, Get Project Ideas, + More *
*Hybrid NANOG 87 Hackathon kicked-off last Friday, 3 Feb. and will continue
until Sunday, 12 Feb. *
Watch video to meet project vendors, get ideas for potential Hackathon
projects, and check out resources to
*WATCH Hackathon Welcome Session*
*Meet Project Vendors, Get Project Ideas, + More *
*Hybrid NANOG 87 Hackathon kicked-off last Friday, 3 Feb. and will continue
until Sunday, 12 Feb. *
Watch video to meet project vendors, get ideas for potential Hackathon
projects, and check out resources to
Hi,
Long time lurker, first time poster. Sorry in advance if this is the wrong
forum for something like this.
My mom's ISP (Yondoo) seems to be providing DOCSIS 3.1 CPE (Customer Premises
Equipment) with a built-in router, without providing the ability to change the
admin password from
Thanks Biil, David. This has been sorted.
Best,
Stephen
On Sat, 4 Feb 2023 at 13:30, Bill Woodcock wrote:
>
> Forwarded to the maintainers.
>
> -Bill
>
>
>
> > On Feb 4, 2023, at 6:44 PM, David Bass wrote:
> >
> > Anyone on here run it? The URL to sign up on
On Mon, Feb 06, 2023 at 12:41:43PM -0800, Michael Thomas wrote:
> This seems like a perfect object lesson on why you should use DKIM and SPF
> and make sure the sending domain can set up a p=reject policy for DMARC.
But it's not. DKIM and SPF are mostly useless against competently executed
email
20 matches
Mail list logo
