On 9/27/16 5:46 PM, Alistair Mackenzie wrote:
> Thanks for this, it shows as
>
> apnic|ZZ|ipv4|103.***.***.0|1024|20160927|reserved||e-stats
>
> I expect this still stands with it being reserved?
I'm not sure why you would bother obscuring it. What purpose does that
serv
On 28 Sep 2016, at 0:18, Brielle Bruns wrote:
> I call shenanigans on providers not seeing their unruly users.
I was talking about the users, not the ISPs.
---
Roland Dobbins
Thanks for this, it shows as
apnic|ZZ|ipv4|103.***.***.0|1024|20160927|reserved||e-stats
I expect this still stands with it being reserved?
William, it's 100% an apnic range and shows no org and is registered
to the APNIC Hostmaster. This applies for both the ASN and the address
space.
On 28
I've seen this with increasing frequency in the last 8-12 months, more with
ASNs that were either expired/unallocated. Spammers seem to be snatching
them up and hijacking IPs via bilateral peering to make it harder to
notice.
I've found it very difficult in some cases to get traction from IXes or
On Tue, Sep 27, 2016 at 8:18 PM, Alistair Mackenzie wrote:
> I've come across a network which seem to be getting transit yet both the
> ASN and IP space is not allocated by the RIR.
Hi Alistair,
There is still unicast address space that isn't allocated by any RIR?
On Tue, Sep 27, 2016 at 8:18 PM, Alistair Mackenzie wrote:
> Hi,
>
> I've come across a network which seem to be getting transit yet both the
> ASN and IP space is not allocated by the RIR. It does appear at some point
> that it was valid however this is no longer the case.
>
Hi,
I've come across a network which seem to be getting transit yet both the
ASN and IP space is not allocated by the RIR. It does appear at some point
that it was valid however this is no longer the case.
The network is single homed and I tried asking the transit provider what
their policy was
Hi Martin,
What do you want to do? Move from A to B or add A to B?
Cheers,
mh
Le 27 sept. 2016 17:52, à 17:52, Mel Beckman a écrit:
>Precisely. This is how it's done by providers I've worked with.
>
> -mel beckman
>
>> On Sep 27, 2016, at 7:06 AM, Roy
In message , Jared Mauch
writes:
>
> > On Sep 27, 2016, at 12:43 AM, Mark Andrews wrote:
> >
> > Why not? You call a washing machine mechanic when the washing
> > machine plays up. This is not conceptually different.
>
>
On Tue, 27 Sep 2016, White, Andrew wrote:
This assumes the ISP manages the customer's CPE or home router, which is
often not the case. Adding such ACLs to the upstream device, operated by
the ISP, is not always easy or feasible.
Which is why the manufacturer should deploy a default config
They don't need to manage the router. The raw DSL modem, cable modem, etc. can
watch the packets and see what's assigned. This would need new hardware, but
it's not like this is happening quickly any other way. Yes, there are some
consumer purchased DSL routers and cable routers, but doing what
Hi Mike,
This assumes the ISP manages the customer's CPE or home router, which is often
not the case. Adding such ACLs to the upstream device, operated by the ISP, is
not always easy or feasible.
It would make sense for most ISPs to have egress filtering at the edge (transit
and peering
It would be incredibly low impact to have the residential CPE block any source
address not assigned by the ISP. Done.
-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest-IX
http://www.midwest-ix.com
- Original Message -
From: "Stephen Satchell"
> On Sep 27, 2016, at 10:48 AM, Brielle Bruns wrote:
>
> You start cutting off users or putting them into a walled garden until they
> fix their machines, and they will start caring.
Wait until the user who claims perfection gets on the phone, etc.
We had a network outage
We can't teach other network operators the value of IPv6. Good luck teaching a
consumer anything other than cat videos (and now recipes - unrelated to the
former).
-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest-IX
http://www.midwest-ix.com
-
> On Sep 27, 2016, at 12:43 AM, Mark Andrews wrote:
>
> Why not? You call a washing machine mechanic when the washing
> machine plays up. This is not conceptually different.
Mark,
Your logic is infallible here, but the equivalencies are not. If I
drive on the road and it’s
"who from my experience tend to be the least
experienced and network knowledgeable people running a customer network"
Also most likely to have built their network from scratch out of pure need
(perhaps for themselves) rather than someone cashing in on a trend. No offense
meant (though surely
Sun, Sep 25, 2016 at 05:57:42PM -0400, Patrick W. Gilmore wrote:
> Remember University of Wisconsin vs. D-Link and their hard-coded
> NTP server address?
UW vs Netgear and Poul-Henning Kamp vs D-Link, both on NTP stuff?
--
Eygene Ryabinkin, National Research Centre "Kurchatov Institute"
Always
The knobs that are available to push adoption of any standard can include
"Doing nothing", "Educating the community", "Incentives", "Public
Shaming", "Loss of business", "Engaging the policy & legal wanks". It seems
to me the first two options have not moved the ball much.
Must we move the last
On Tue, 27 Sep 2016, Mike Jones wrote:
Any network operator should know if their network is blocking it or not
without having to deploy active probes across their network.
Err... I was not referring to the operator doing this on the CPEs they
provide to their customers. I was referring to
On 9/27/16 11:18 AM, Brielle Bruns wrote:
On 9/27/16 10:05 AM, Roland Dobbins wrote:
I point to the current trend of parents watching and smiling, doing
nothing as their kids destroy people's stores and restaurants. ISPs
are literally doing the exact same thing when it comes to coddling
their
On 27 September 2016 at 15:32, Mikael Abrahamsson wrote:
> On Tue, 27 Sep 2016, Joe Klein wrote:
>
>> What would it take to test for BCP38 for a specific AS?
>
>
> Well, you can get people to run
> https://www.caida.org/projects/spoofer/#software
>
> I tried to get OpenWrt to
On 9/27/16 10:05 AM, Roland Dobbins wrote:
I point to the current trend of parents watching and smiling, doing
nothing as their kids destroy people's stores and restaurants. ISPs
are literally doing the exact same thing when it comes to coddling
their customers.
They can *see* the unruly
Thus spake Patrick W. Gilmore (patr...@ianai.net) on Sun, Sep 25, 2016 at
05:57:42PM -0400:
> On Sep 25, 2016, at 5:50 PM, ryan landry wrote:
> > On Sun, Sep 25, 2016 at 9:07 PM, Mark Andrews wrote:
>
> >> This is such a golden opportunity for each of you
On Tue, 27 Sep 2016, Brielle Bruns wrote:
I don't see how this is a problem exactly? If people want to buy devices
that connect to their home network, they need to be aware of what these
devices can do, and it is their responsibility.
I understand that is what you want. What you might
Assuming all devices are vulnerable isn't a bad start.
--
Keith Stokes
> On Sep 27, 2016, at 11:04 AM, Roland Dobbins wrote:
>
>> On 27 Sep 2016, at 22:37, Patrick W. Gilmore wrote:
>>
>> All the more reason to educate people TODAY on why having vulnerable devices
>> is
On 27 Sep 2016, at 22:49, Florian Weimer wrote:
Most people over here have at least two providers of water and
Internet (although the second one is perhaps sufficient for brushing
your teeth, but certainly not for a shower or a bath).
That's not a common arrangement in much of the world,
On Sep 27, 2016, at 11:49 AM, Roland Dobbins wrote:
> On 27 Sep 2016, at 22:37, Patrick W. Gilmore wrote:
>> All the more reason to educate people TODAY on why having vulnerable devices
>> is a Very Bad Idea.
>
> Yes, but how do they determine that a given device is
On 27 Sep 2016, at 22:46, Brielle Bruns wrote:
I point to the current trend of parents watching and smiling, doing
nothing as their kids destroy people's stores and restaurants. ISPs
are literally doing the exact same thing when it comes to coddling
their customers.
They can *see* the
On 27 Sep 2016, at 22:37, Patrick W. Gilmore wrote:
All the more reason to educate people TODAY on why having vulnerable
devices is a Very Bad Idea.
Yes, but how do they determine that a given device is vulnerable?
---
Roland Dobbins
* Roland Dobbins:
> On 27 Sep 2016, at 12:17, Sam Silvester wrote:
>
>> or call their electricity retailer/distributer
>
> This is the problematic case that is, unfortunately, the default.
>
> People tend to view anything related to 'the Internet' as a utility,
> and for consumers and SMBs, they
On 9/27/16 9:35 AM, Roland Dobbins wrote:
On 27 Sep 2016, at 21:48, Brielle Bruns wrote:
You start cutting off users or putting them into a walled garden until
they fix their machines, and they will start caring.
It's important to keep in mind that in the not-so-distant future, their
Precisely. This is how it's done by providers I've worked with.
-mel beckman
> On Sep 27, 2016, at 7:06 AM, Roy wrote:
>
>
>
> Option 3?
>
> ISP A announces the /19 and the /24 while ISP B does just the /24
>
>> On 9/27/2016 4:20 AM, Martin T wrote:
>> Hi,
>>
>>
hi,
>From: NANOG on behalf of Mike Hammett
>
>Sent: 27 September 2016 16:30
>Cc: nanog@nanog.org
>Subject: Re: Krebs on Security booted off Akamai network after DDoS attack
>proves pricey
>
>You must not support end users.
haha...i read that wrong.
On 27 Sep 2016, at 12:17, Sam Silvester wrote:
or call their electricity retailer/distributer
This is the problematic case that is, unfortunately, the default.
People tend to view anything related to 'the Internet' as a utility, and
for consumers and SMBs, they typically have a single
On Sep 27, 2016, at 11:35 AM, Roland Dobbins wrote:
> On 27 Sep 2016, at 21:48, Brielle Bruns wrote:
>> You start cutting off users or putting them into a walled garden until they
>> fix their machines, and they will start caring.
>
> It's important to keep in mind that in
On 27 Sep 2016, at 21:48, Brielle Bruns wrote:
You start cutting off users or putting them into a walled garden until
they fix their machines, and they will start caring.
It's important to keep in mind that in the not-so-distant future, their
'machines' will include every article of clothing
You must not support end users.
-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest-IX
http://www.midwest-ix.com
- Original Message -
From: "Mark Andrews"
To: "Roland Dobbins"
Cc: nanog@nanog.org
Sent:
On Tue, Sep 27, 2016 at 1:35 PM, Roland Dobbins wrote:
> It call comes down to the network operator, one way or another. There's
> no separation in the public mind of 'my network' from 'the Internet' that
> is analogous to the separation between 'the power company' and 'the
On 9/26/16 10:05 PM, Roland Dobbins wrote:
+1 for this capability in CPE.
OTOH, it will be of no use whatsoever to the user. Providing the user
with access to anomalous traffic feeds won't help, either.
Users aren't going to call in some third-party service/support company,
either.
You
On Tue, 27 Sep 2016, Joe Klein wrote:
What would it take to test for BCP38 for a specific AS?
Well, you can get people to run
https://www.caida.org/projects/spoofer/#software
I tried to get OpenWrt to include similar software, on by default, but
some people are afraid that they might
On Tue, 27 Sep 2016, Zbyněk Pospíchal wrote:
Dne 27.09.16 v 15:17 Mikael Abrahamsson napsal(a):
Hm, so the IX operator looks at packets at the IX (sFlow perhaps), see
who is sending attack packets, and if they're spoofed, this ISP is then
put in "quarantine", ie their IX port is basically now
Option 3?
ISP A announces the /19 and the /24 while ISP B does just the /24
On 9/27/2016 4:20 AM, Martin T wrote:
Hi,
let's assume that there is an ISP "A" operating in Europe region who
has /19 IPv4 allocation from RIPE. From this /19 they have leased /24
to ISP "B" who is multi-homed.
What would it take to test for BCP38 for a specific AS?
Joe Klein
"Inveniam viam aut faciam"
PGP Fingerprint: 295E 2691 F377 C87D 2841 00C1 4174 FEDF 8ECF 0CC8
On Tue, Sep 27, 2016 at 8:31 AM, Stephen Satchell wrote:
> Does anyone know if any upstream and tiered internet
* Martin T.:
> let's assume that there is an ISP "A" operating in Europe region who
> has /19 IPv4 allocation from RIPE. From this /19 they have leased /24
> to ISP "B" who is multi-homed. This means that ISP "B" would like to
> announce this /24 prefix to ISP "A" and also to ISP "C". AFAIK this
Dne 27.09.16 v 15:17 Mikael Abrahamsson napsal(a):
> Hm, so the IX operator looks at packets at the IX (sFlow perhaps), see
> who is sending attack packets, and if they're spoofed, this ISP is then
> put in "quarantine", ie their IX port is basically now useless.
Definitely not. Try to read
On Tue, 27 Sep 2016, Zbyněk Pospíchal wrote:
The implementation of BCP38 over local market strongly increased after
massive DDoS attacks in 2013 affecting major part of the industry thanks
to an initiative of the most important local IXP.
Hm, so the IX operator looks at packets at the IX
"BCP38 applies only to egress filtering"
INCORRECT.
The title of the update to BCP38/RFC2827, BCP84/RFC2074, exposes the
balderdash on its face. That title? "Ingress Filtering for Multihomed
Networks." Oops. This is a short snipping from the Introduction:
RFC 2827 recommends that ISPs
* Stephen Satchell:
> Given a single local inside network with:
> * multiple uplink providers (typical multi-home situation)
> * multiple edge routers, each connected to an upstream via a public
> routeable /30, and each further connected to the downstream inside
> network
> * 50 subnets
The implementation of BCP38 over local market strongly increased after
massive DDoS attacks in 2013 affecting major part of the industry thanks
to an initiative of the most important local IXP.
There is a special separate last-resort "island mode" network, which is
intended to be activated in
On Tue, 27 Sep 2016, Stephen Satchell wrote:
You have to make their ignorance SUBTRACT from the bottom line.
I'd say there is no way to actually achieve this. BCP38 non-compliance
doesn't hurt the one not in compliance in any significant amount, it hurts
everybody else.
The only way I can
Does anyone know if any upstream and tiered internet providers include
in their connection contracts a mandatory requirement that all
directly-connected routers be in compliance with BCP38?
Does anyone know if large ISPs like Comcast, Charter, or AT have put
in place internal policies
> On Sep 26, 2016, at 7:58 PM, Christopher Morrow
> wrote:
>
> On Mon, Sep 26, 2016 at 7:49 PM, Mark Andrews wrote:
>
>>
>> Giving them real time access to the anomalous traffic log feed for
>> their residence would also help. They or the specialist
On 9/27/16 1:19 PM, Florian Weimer wrote:
> * Eliot Lear:
>
>> As some on this thread know, I've been working with the folks who make
>> light bulbs and switches. They fit a certain class of device that is
>> not general purpose, but rather are specific in nature. For those
>> devices it is
* Jason Iannone:
> I have a question regarding language. We've seen bcp38 described as a
> forwarding filter, preventing unallocated sources from leaving the AS. I
> understand that unicast reverse path forwarding checks support bcp38, but
> urpf is an input check with significant technical
I'm trying to come up with a simple picture that embraces all the
comments I've seen thus far on the definition of BCP38. The example
scenario I'm about to paint may be over-simplified -- but I like to
start simple.
Given a single local inside network with:
* multiple uplink providers
I have a question regarding language. We've seen bcp38 described as a
forwarding filter, preventing unallocated sources from leaving the AS. I
understand that unicast reverse path forwarding checks support bcp38, but
urpf is an input check with significant technical differences from output
Hi,
let's assume that there is an ISP "A" operating in Europe region who
has /19 IPv4 allocation from RIPE. From this /19 they have leased /24
to ISP "B" who is multi-homed. This means that ISP "B" would like to
announce this /24 prefix to ISP "A" and also to ISP "C". AFAIK this
gives two
* Eliot Lear:
> As some on this thread know, I've been working with the folks who make
> light bulbs and switches. They fit a certain class of device that is
> not general purpose, but rather are specific in nature. For those
> devices it is possible for the manufacturers to inform the network
* Mark Andrews:
> Dear customer,
>we are seeing traffic coming from your network.
>
> If you need help isolating the source of the traffic here are a few
> companies in your city that can help you.
>
>
>
> This is not a exhaustive list.
>
> Support
We already had the problem in
* Baldur Norddahl:
> This means we can receive some packet on transit port A and then route out
>>> a ICMP response on port B using the interface address from port A. But
>>> transit B filters this ICMP packet because it has a source address
>>> belonging to transit A.
>> Interesting. But this
John,
On 9/27/16 2:13 AM, John R. Levine wrote:
>> Therein lies the problem if the traffic does not look anomalous I
>> suppose. But even if it does look unusual, ISPs would be asking
>> consumers to trash/update/turn off a lot of devices in time – like
>> when every home has 10s or 100s of these
62 matches
Mail list logo