Re: cgnat - how do you handle customer issues

I utilize A10 CGNAT that allows dynamic NAT logging, since we're in a similar boat of utilization. This email has been sent from my phone. Please excuse any brevity, typos, or lack of formality. From: Aaron Gould Sent: Tuesday, February 27,

Re: cgnat - how do you handle customer issues

I'm a fan of nailing each customer IP to a particular range of ports on a given public IP. Real easy to track who did what and to prevent shifting IPs. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From:

RE: cgnat - how do you handle customer issues

Thanks For #2 – what if the ports allocated aren’t enough for the amount of inet traffic the customer site uses ? …is the customer denied service based on insufficient port range ? …or are they assigned another block within that some ip’s range of I think it’s 0-64k or 1025-64k… but how

Re: cgnat - how do you handle customer issues

For number 2, I'm a fan of what mike suggests. I believe the technical term is MAP-T. For number 1, anyone who wants one, gets one. We provide free public static IP to any customer who asks for one. Another solution, using above solution is to ask them which ports they need, and forward those to

cgnat - how do you handle customer issues

Couple questions please. When you put thousands of customers behind a cgnat boundary, how do you all handle customer complaints about the following. 1 - for external connectivity to the customers premise devices, not being able to access web servers, web cameras, etc, in their premises? 2

Re: ProofPoint Contact

On Tue, Feb 27, 2018 at 11:49 AM, Matt Hoppes < mattli...@rivervalleyinternet.net> wrote: > Could a proofpoint e-mail blacklist contact please contact me? > We are trying to get a blacklist resolved and can't get ahold of anyone. > Replied off list. Thanks, --Jaren

New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

Hello Fellow NANOGer, If you have not already seen it, experiences it, or read about it, working to head off another reflection DOS vector. This time it is memcached on port 11211 UDP & TCP. There are active exploits using these ports. Reflection attacks and the memcached is not new. We know

Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

Please do take a look at the cloudflare blog specifically as they name and shame OVH and Digital Ocean for being the primary sources of mega crap traffic https://blog.cloudflare.com/memcrashed-major-amplification-attacks-from-port-11211/ Also, policer all UDP all the time... UDP is unsafe at any

Re: Craigslist Blocks

> >> If someone wants to send me a copy of the block message, and at least one IP >> that is blocked, I'll see what we can do. This has been passed along to our contact; will let folks know what we hear back. Anne Anne P. Mitchell, Attorney at Law Author: Section 6 of the CAN-SPAM Act of

ProofPoint Contact

Could a proofpoint e-mail blacklist contact please contact me? We are trying to get a blacklist resolved and can't get ahold of anyone.

Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

I question whether there is *any* high volume hoster out there that has a reputation for successfully addressing abuse issues coming from their customer base, and cuts off services... By high volume hoster I define it as companies where anybody with a credit card can buy a $2 to $15/month VPS/VM

Re: Craigslist Blocks

...Anne's contact is better placed for abuse incidents but if they fail I have an alternate contact who has also indirectly helped before. He's a programmer not abuse ops guy but does know the other teams well and has helped. George William Herbert Sent from my iPhone > On Feb 26, 2018, at

Removing the four stale TAL from the APNIC RPKI validation set.

Updating RPKI trust anchor configuration --- APNIC has completed the process of transitioning from its previous Resource Public Key Infrastructure (RPKI) trust anchor arrangement to a new single trust anchor configuration. Each RIR will

RE: MSFT reverse IP failure?

Which "Exchange tools site" are you referring to? Happy to help get this fixed up. -jeff -Original Message- From: NANOG On Behalf Of Ken Chase Sent: Monday, February 26, 2018 1:31 PM To: nanog@nanog.org Subject: Re: MSFT reverse IP failure? Having a client

Re: MSFT reverse IP failure?

On Tue, Feb 27, 2018 at 11:04 AM, Ken Chase wrote: > Im not exactly sure what this is either, the client sent me a screenshot > that called itself the "microsoft connectivity analyzer", which had several > steps testing deliverability of email to their domain, with the final

Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

Thanks Chip! Justin Paine Head of Trust & Safety Cloudflare Inc. PGP: BBAA 6BCE 3305 7FD6 6452 7115 57B6 0114 DE0B 314D On Tue, Feb 27, 2018 at 1:52 PM, Chip Marshall wrote: > On 2018-02-27, Ca By sent: >> Please do take a look at the

Re: cgnat - how do you handle customer issues

On 02/27/2018 12:52 PM, Aaron Gould wrote: Thanks For #2 – what if the ports allocated aren’t enough for the amount of inet traffic the customer site uses ? …is the customer denied service based on insufficient port range ? …or are they assigned another block within that some ip’s

Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

OVH does not suprise me in the least. Maybe this is finally what it will take to get people to de-peer them. -Dan On Tue, 27 Feb 2018, Ca By wrote: Please do take a look at the cloudflare blog specifically as they name and shame OVH and Digital Ocean for being the primary sources of mega

Re: cgnat - how do you handle customer issues

There’s also the issue of what a customer who needs something like GRE or IKE to work does from behind a CGNAT where there aren’t port numbers available for multiplexing. Owen > On Feb 27, 2018, at 2:42 PM, Lee Howard wrote: > > > > On 02/27/2018 12:52 PM, Aaron Gould

Re: Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

On Wed, 28 Feb 2018, Filip Hruska wrote: What exactly should they do, according to you? read and act on abuse reports. Why should people de-peer them? because they ignore abuse reports. -Dan

Re: Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

This is just stupid. OVH is one of the largest server providers in the world - of course they will be at the top of that list. What exactly should they do, according to you? Why should people de-peer them? Regards, Filip Hruska > > On

Re: Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

On Tue, Feb 27, 2018 at 4:29 PM Filip Hruska wrote: > This is just stupid. > > OVH is one of the largest server providers in the world - of course they > will be at the top of that list. > What exactly should they do, according to you? > They should have rough norms enforced on

Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

> On Feb 27, 2018, at 1:16 PM, Eric Kuhnke wrote: > > I question whether there is *any* high volume hoster out there that has a > reputation for successfully addressing abuse issues coming from their > customer base, and cuts off services... By high volume hoster I

Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

On 2018-02-27, Ca By sent: > Please do take a look at the cloudflare blog specifically as they name and > shame OVH and Digital Ocean for being the primary sources of mega crap > traffic > > https://blog.cloudflare.com/memcrashed-major-amplification-attacks-from-port-11211/ >

Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

On 28 Feb 2018, at 5:26, Ca By wrote: Just udp. This Arbor Threat Summary discusses the TCP issue, as well, FWIW: 'It should also be noted that memcached

Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

> On Feb 27, 2018, at 4:29 PM, Filip Hruska wrote: > > > > This is just stupid. > > > > OVH is one of the largest server providers in the world - of course they will > be at the top of that list. > > What exactly should they do, according to you? Read their abuse@

Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

On Tue, Feb 27, 2018 at 1:54 PM Chip Marshall wrote: > On 2018-02-27, Ca By sent: > > Please do take a look at the cloudflare blog specifically as they name > and > > shame OVH and Digital Ocean for being the primary sources of mega crap > > traffic > >

Re: cgnat - how do you handle customer issues

On 02/27/2018 11:30 AM, Aaron Gould wrote: Couple questions please. When you put thousands of customers behind a cgnat boundary, how do you all handle customer complaints about the following. 1 - for external connectivity to the customers premise devices, not being able to access web