Re: SHA1 collisions proven possisble

On Wed, 01 Mar 2017 15:28:23 -0600, "james.d--- via NANOG" said: > Those statistics are nowhere near real world for ROI. You'd have to invest > at least 7 figures (USD) in resources. So the return must be millions of > dollars before anyone can detect the attack. Except, it's already >

Re: SHA1 collisions proven possisble

Keep in mind botnets that large are comprised largely of IoT devices which have very little processing power compared to the massive multi-core, high frequency, high memory bandwidth (this is especially important for cryptographic operations) CPUs in data centers. It doesn’t take much

Re: Consumer networking head scratcher

On Wed, Mar 1, 2017, at 06:35 PM, Jean-Francois Mezei wrote: > On 2017-03-01 11:28, Ryan Pugatch wrote: > > > At random times, my Windows machines (Win 7 and Win 10, attached to the > > network via WiFi, 5GHz) lose connectivity to the Internet. > > > For what it's worth, the router is a

Re: Consumer networking head scratcher

On 2017-03-01 11:28, Ryan Pugatch wrote: > At random times, my Windows machines (Win 7 and Win 10, attached to the > network via WiFi, 5GHz) lose connectivity to the Internet. > For what it's worth, the router is a Linksys EA7300 that I just picked > up. Way back when, I have a netgear

IRR database for local usage

Hi nanog, Is it possible to maintian an IRR database locally for quering route objects from various RIR's and do a regular sync like what RPKI validator does for ROA's. - Nagarjun

Re: IRR database for local usage

Yeap. If you look at http://irr.net/docs/list.html , all of them list FTP sites where you can get all information in bulk, load into your IRR daemon and have a fast look-up for all that data. Rubens On Wed, Mar 1, 2017 at 7:49 AM, Nagarjun Govindraj via NANOG < nanog@nanog.org> wrote: > Hi

Re: IRR database for local usage

On Wed, Mar 01, 2017 at 10:49:07AM +, Nagarjun Govindraj via NANOG wrote: > Is it possible to maintian an IRR database locally for quering route > objects from various RIR's and do a regular sync like what RPKI validator > does for ROA's. IRRExplorer's database is available as json blob, if

Research project and survey: Network filtering and IP spoofing

Hi, we are a team of researchers from TU Berlin [1] working on a measurement project to assess the ramifications of traffic with spoofed source IP addresses in the Internet. To better understand the operational challenges that you as network operators face when deploying (or not deploying)

Re: SHA1 collisions proven possisble

The CA signing the cert actually changes the fingerprint (and serial number, which is what is checked on revocation lists), so this is not a viable scenario. Beyond that, SHA1 signing of certificates has long been deprecated and no new public CAs will sign a CSR and cert with SHA1. > On Feb

Re: SHA1 collisions proven possisble

On Thu, Mar 02, 2017 at 03:42:12AM +, Nick Hilliard wrote: > James DeVincentis via NANOG wrote: > > On top of that, the calculations they did were for a stupidly simple > > document modification in a type of document where hiding extraneous > > data is easy. This will get exponentially

Re: Consumer networking head scratcher

On Thu, Mar 02, 2017 at 12:24:38PM +0700, Roland Dobbins wrote: > On 2 Mar 2017, at 9:55, Oliver O'Boyle wrote: > > >Currently, I have 3 devices connected. :) > > What about DNS issues? Are you sure that you really have a > networking issue, or are you having intermittent DNS resolution >

Re: Consumer networking head scratcher

Each device associated with the AP consumes memory. Small low-end routers don't typically come with much memory. If you've got a lot of devices associated with the AP you will run out of memory. I'm not sure how many devices you're connecting, though. Three will not cause this problem. 30 might.

Re: Consumer networking head scratcher

On Wed, Mar 1, 2017, at 09:29 PM, Oliver O'Boyle wrote: > Each device associated with the AP consumes memory. Small low-end > routers don't typically come with much memory. If you've got a lot of > devices associated with the AP you will run out of memory. I'm not > sure how many devices

Re: Consumer networking head scratcher

On 2 Mar 2017, at 9:55, Oliver O'Boyle wrote: Currently, I have 3 devices connected. :) You could have one or more botted machines launching outbound DDoS attacks, potentially filling up the NAT translation table and/or getting squelched by your broadband access provider with layer-4

Re: SHA1 collisions proven possisble

On 3/1/2017 10:50 PM, James DeVincentis via NANOG wrote: Realistically any hash function *will* have collisions when two items are specifically crafted to collide after expending insane amounts of computing power, money, and… i wonder how much in power they burned for this little stunt. Easy

Re: Consumer networking head scratcher

Next --> On March 1, 2017, at 9:31 PM, Ryan Pugatch wrote: On Wed, Mar 1, 2017, at 09:29 PM, Oliver O'Boyle wrote: Each device associated with the AP consumes memory. Small low-end routers don't typically come with much memory. If you've got a lot of devices associated with

Re: SHA1 collisions proven possisble

On Wed, Mar 1, 2017 at 7:57 PM, James DeVincentis via NANOG wrote: [ reasonable analysis snipped :) ] > With all of these reasons all wrapped up. It clearly shows the level of hype > around this attack is the result of sensationalist articles and clickbait > titles. I have

Consumer networking head scratcher

Hi everyone, I've got a real head scratcher that I have come across after replacing the router on my home network. I thought I'd share because it is a fascinating issue to me. At random times, my Windows machines (Win 7 and Win 10, attached to the network via WiFi, 5GHz) lose connectivity to

Re: SHA1 collisions proven possisble

James DeVincentis via NANOG wrote: > On top of that, the calculations they did were for a stupidly simple > document modification in a type of document where hiding extraneous > data is easy. This will get exponentially computationally more > expensive the more data you want to mask. It took nine

Re: SHA1 collisions proven possisble

I like the footnote they attached specifically for SHA1. "[3] Google spent 6500 CPU years and 110 GPU years to convince everyone we need to stop using SHA-1 for security critical applications. Also because it was cool." It’s also not preimage. This isn’t even a FIRST preimage attack. That

Re: SHA1 collisions proven possisble

Let me add some context to the discussion. I run threat and vulnerability management for a large financial institution. This attack falls under our realm. We’ve had a plan in progress for several years to migrate away from SHA-1. We’ve been carefully watching the progression of the weakening

Re: Consumer networking head scratcher

> On Wed, Mar 1, 2017, at 01:23 PM, Aaron Gould wrote: >> That's strange... it's like the TTL on all Windows IP packets are >> decrementing more and more as time goes on causing you to get less and >> less hops into the internet Hi Ryan, Windows tracert uses ICMP echo-request packets to trace

Re: Consumer networking head scratcher

The issue doesn't happen with my previous router, and I've tested multiple computers (one that isn't mine.) It doesn't seem like it decrements over time.. it just dies sooner as I trace further up the path. I can consistently die at the 7th hop if I try to go to Google, but if I trace to the 6th

Re: Consumer networking head scratcher

On many non-windows OS (Mac OSX, Linux, FreeBSD etc.) you can specify ICMP traceroute using -I: traceroute -I google.com I wonder if this would replicate your experience with Windows tracert

Re: Consumer networking head scratcher

On Wed, Mar 1, 2017, at 03:58 PM, iam...@gmail.com wrote: > On many non-windows OS (Mac OSX, Linux, FreeBSD etc.) you can specify > ICMP > traceroute using -I: > > traceroute -I google.com > > I wonder if this would replicate your experience with Windows tracert Definitely on my list to

Re: Consumer networking head scratcher

On Wed, 01 Mar 2017 14:04:07 -0500, William Herrin said: > I have no information about whether comcast blocks pings to its routers. All the Comcast gear in the path from my home router to non-Comcast addresses will quite cheerfully rate-limit answer both pings and traceroutes.

Re: Consumer networking head scratcher

On Wed, Mar 1, 2017, at 02:04 PM, William Herrin wrote: > > On Wed, Mar 1, 2017, at 01:23 PM, Aaron Gould wrote: > >> That's strange... it's like the TTL on all Windows IP packets are > >> decrementing more and more as time goes on causing you to get less and > >> less hops into the internet >

Re: SHA1 collisions proven possisble

On Tue, Feb 28, 2017 at 01:16:23PM -0600, James DeVincentis via NANOG wrote: > The CA signing the cert actually changes the fingerprint The what? RFC5280 does not contain the string "finger". > (and serial number, which is what is checked on revocation lists) The CA doesn't "change" the serial

Re: Consumer networking head scratcher

On Wed, Mar 1, 2017, at 02:57 PM, William Herrin wrote: > On Wed, Mar 1, 2017 at 2:31 PM, Ryan Pugatch wrote: > > So in that case, I would be back to my original issue where I stop being > > able to pass traffic to the Internet, and when that happens my > > traceroute always dies

Re: Consumer networking head scratcher

On Wed, Mar 1, 2017 at 2:31 PM, Ryan Pugatch wrote: > So in that case, I would be back to my original issue where I stop being > able to pass traffic to the Internet, and when that happens my > traceroute always dies at the same hop. After disconnecting and > reconnecting, the same

RE: SHA1 collisions proven possisble

> The what? RFC5280 does not contain the string "finger". The fingerprint (or thumbprint) is the hash (sha1/sha256) of the certificate data in DER format, it's not part of the actual certificate. The fingerprint is largely used in the security and development community in order to quickly