Re:

Several seems to use OpenBSD with OpenBGP and BGPLG. Le lun. 20 juin 2022 à 17:08, J. Hellenthal via NANOG a écrit : > It's not about what you use as aposed more of where it's used from. > > -- > J. Hellenthal > > The fact that there's a highway to Hell but only a stairway to Heaven says > a

Re: Scanning the Internet for Vulnerabilities

> To what extent and to whom will you authorize to do that? 100 random > college students? X number of new security firms? At some point it > will break. definitely not raging nanog vigilantes :) randy

Re: Scanning the Internet for Vulnerabilities

> For example I've gotten email in the past that some of my servers were > running ntp in a way which makes them vuln to being used for DDoS > amplification and, I believe, fixed that. I didn't mind. that was a really well done campaign. i thanked them profusely. randy

Re: Scanning the Internet for Vulnerabilities

Matt Palmer wrote: On Mon, Jun 20, 2022 at 02:18:30AM +, Mel Beckman wrote: When researchers, or whoever, claim their scanning an altruistic service, I ask them if they would mind someone coming to their home and trying to open all the doors and windows every night. If there were a few

Re: Test email

Sir - that so sounds like the move of a Cogent rep ha ha *Glenn S. Kelley* On Mon, Jun 20, 2022 at 10:48 AM J. Hellenthal via NANOG wrote: > > This is like setting a read-receipt-to: to a mailing list. The results > are phenom ! > > But on the other hand you get a nice handy list of replies

Re: Scanning the Internet for Vulnerabilities

On Mon, Jun 20, 2022 at 02:18:30AM +, Mel Beckman wrote: > When researchers, or whoever, claim their scanning an altruistic service, > I ask them if they would mind someone coming to their home and trying to > open all the doors and windows every night. If there were a few hundred people with

Re: Scanning the Internet for Vulnerabilities

To what extent and to whom will you authorize to do that? 100 random college students? X number of new security firms? At some point it will break. -- J. Hellenthal The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume. > On Jun

Re: Scanning the Internet for Vulnerabilities

On 6/20/22 12:24 PM, Matthew Craig wrote: The intent behind vulnerability scans is good, however the majority of DOS attacks that my networks encounter these days are from cybersecurity organizations conducting cybersecurity research. Yeah. The unwritten rule of this is "if you're going to do

Re: Scanning the Internet for Vulnerabilities

It seems to me there's vulnerability testing and there's vulnerability testing and just lumping them all together motivates disparate opinions. For example it's one thing to perhaps see if home routers login/passwords are admin/admin or similar, or if systems seem to be vuln to easily

Re: Scanning the Internet for Vulnerabilities

On 2022-06-20, at 23:02, Mel Beckman wrote: > > Carsten, > > The discussion is not getting far afield: it’s on point. And it’s a hugely > germane topic for network operators. > > Regarding your claim “You consented to receiving packets when connecting to > the Internet“, I counter with what

Re:

It's not about what you use as aposed more of where it's used from. -- J. Hellenthal The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume. > On Jun 20, 2022, at 13:47, Josh Luthman wrote: > >  > I use Cogent:

Re: Scanning the Internet for Vulnerabilities

Carsten, The discussion is not getting far afield: it’s on point. And it’s a hugely germane topic for network operators. Regarding your claim “You consented to receiving packets when connecting to the Internet“, I counter with what is in virtually every ISP’sAUP for customers: Unauthorized

Re: Scanning the Internet for Vulnerabilities

On 2022-06-20, at 19:36, goemon--- via NANOG wrote: > > On Mon, 20 Jun 2022, Carsten Bormann wrote: >>> On 2022-06-20, at 14:14, J. Hellenthal wrote: >>> Yeah that's another thing, "research" cause you need to learn it let's have >>> them do it too, multiply that by every university \o/ >>

Re: Scanning the Internet for Vulnerabilities

Hey - I have a neat new idea...  Let's test the structure of levees by flooding the rivers and seeing what levees don't survive. Geoff On 6/20/22 07:46, Mel Beckman wrote: Carsten, No, it’s more like 50,000 furnace guys who show up several times a day to rattle doorknobs, attempt to push

Re: Scanning the Internet for Vulnerabilities

Randy, Great idea! And bill the taxpayers! -mel via cell > On Jun 20, 2022, at 11:55 AM, Randy Bush wrote: > >  >> >> I treat these folk with the same respect they afford me. Not once in >> 30 years of having a connected network (v4 or v6) has any entity asked >> "is it OK if we .. ?". > >

Re: Scanning the Internet for Vulnerabilities

The intent behind vulnerability scans is good, however the majority of DOS attacks that my networks encounter these days are from cybersecurity organizations conducting cybersecurity research. Funding requests for DOS mitigation solutions to protect my networks from cybersecurity researchers

Re: Scanning the Internet for Vulnerabilities

> I treat these folk with the same respect they afford me. Not once in > 30 years of having a connected network (v4 or v6) has any entity asked > "is it OK if we .. ?". how strange, considering you are replying to a thread doing so. fwiw, i appreciate vuln scanners. i do not have the hubris or

Re: Congrats to AS701

Philly suburbs here, v6 is live for me. At home I use an Orbi router, just enabled v6 with autoconfig and got a native v6 WAN. So far looks good. Had to manually configure v6 DNS though. The only downside is the geolocation of my v6 IP is pretty bad. John Sent from my iPhone > On Jun 16,

Re:

Josh - there are a ton of public looking glass servers. The idea here was to run their own. which then gives them the ability to see things from their networks perspective a bit easier. *Glenn S. Kelley, *Connectivity.Engineer Text and Voice Direct: 740-206-9624 IMPORTANT: The contents of

Re:

I use Cogent: https://www.cogentco.com/en/looking-glass and HE which is easier to remember: https://lg.he.net/ On Mon, Jun 20, 2022 at 9:56 AM Glenn Kelley wrote: > Good Monday Morning Everyone. > > Quick Question: > > What is everyone's favorite software for running a looking glass. > > A

Dell Enterprise OS10 'aaa authorization'

Hello, Happy holiday. I am sure that I will eventually figure this out on my own but if anyone has already gone through the effort to figure it out I would appreciate any notes you can give me. I am using tac_plus to AAA against a S5248F-ON running Dell OS10E 10.5.0.1P1 I noticed that when

Re: Scanning the Internet for Vulnerabilities

On Mon, 20 Jun 2022, Carsten Bormann wrote: On 2022-06-20, at 14:14, J. Hellenthal wrote: Yeah that's another thing, "research" cause you need to learn it let's have them do it too, multiply that by every university \o/ there was some actual research involved. I agree that there should be a

Re: Scanning the Internet for Vulnerabilities

On Mon, Jun 20, 2022 at 11:02:25AM -0400, Michael Butler via NANOG wrote: > I treat these folk with the same respect they afford me. Not once in 30 > years of having a connected network (v4 or v6) has any entity asked "is it > OK if we .. ?". > > To my mind, it seems rather idiotic and

Re: Scanning the Internet for Vulnerabilities

I treat these folk with the same respect they afford me. Not once in 30 years of having a connected network (v4 or v6) has any entity asked "is it OK if we .. ?". To my mind, it seems rather idiotic and self-defeating to have the plumbing congested with packets intended to measure congestion

Re: Test email

This is like setting a read-receipt-to: to a mailing list. The results are phenom ! But on the other hand you get a nice handy list of replies that say "did not read" ;) leaking their address as a member. Done this by accident myself :( On Mon, Jun 20, 2022 at 02:11:50AM -0600,

Re: Scanning the Internet for Vulnerabilities

On Mon, Jun 20, 2022 at 02:47:27PM +0200, Carsten Bormann wrote: > J., > > > On 2022-06-20, at 14:14, J. Hellenthal wrote: > > > > Yeah that's another thing, "research" cause you need to learn it let's have > > them do it too, multiply that by every university \o/ > No no not saying there

Re: Looking Glass Software

Used Hyperglass a bunch. Looks pretty, very extensive & configurable, support for most platforms. Highly recommend! https://hyperglass.dev Best Phin On Mon, Jun 20, 2022 at 2:57 PM Glenn Kelley wrote: > Good Monday Morning Everyone. > > Quick Question: > > What is everyone's favorite software

[no subject]

Good Monday Morning Everyone. Quick Question: What is everyone's favorite software for running a looking glass. A friend asked me this over the weekend - and while there are others available on the internet to use - it would be helpful for them to run one within their own network. It has been

Re: Scanning the Internet for Vulnerabilities

Carsten, No, it’s more like 50,000 furnace guys who show up several times a day to rattle doorknobs, attempt to push slim Jim’s into window latches, hack your garage door opener, sneak into your back garden, and fly drones around your home to see what valuables you might have. Yes, some of

Re: Scanning the Internet for Vulnerabilities

On Sun, 19 Jun 2022 08:06:59 -0400 Dovid Bender wrote: > I don't know who is doing it. I just know that IL Cert contacted our > parent company which has an ISP in Israel when things were "hot". Some national government infrastructure protection organizations will relay notifications to local

Re: Scanning the Internet for Vulnerabilities

J., > On 2022-06-20, at 14:14, J. Hellenthal wrote: > > Yeah that's another thing, "research" cause you need to learn it let's have > them do it too, multiply that by every university \o/ there was some actual research involved. I agree that there should be a very good reason to expend a

Re: Scanning the Internet for Vulnerabilities

Yeah that's another thing, "research" cause you need to learn it let's have them do it too, multiply that by every university \o/ -- J. Hellenthal The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume. > On Jun 20, 2022, at

Re: Scanning the Internet for Vulnerabilities

On 2022-06-20, at 04:18, Mel Beckman wrote: > > When researchers, or whoever, claim their scanning an altruistic service, I > ask them if they would mind someone coming to their home and trying to open > all the doors and windows every night. Well, it is more like the guy who comes once a

Re: Scanning the Internet for Vulnerabilities

Wish I still had that email from them where person "possibly not speaking for the company" stated that "they scan the entire internet for vulns and other nefarious things.Where I stated "don't care get your unwanted advertisement scans off my edge, if I want you in the future I know where to find

Re: Test email

Novices 浪 -- J. Hellenthal The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume. > On Jun 20, 2022, at 03:36, Hank Nussbacher wrote: > > On 20/06/2022 11:30, Peter Potvin wrote: > > I did not send this to the list. I assume

Re: Scanning the Internet for Vulnerabilities

Yep that's exactly what that is. While the intention is good, it's all still unwarranted.--  J. HellenthalThe fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume.On Jun 19, 2022, at 21:18, Mel Beckman wrote: When researchers, or

Re: irrd or ...?

Hi Randy, On Sun, 19 Jun 2022 at 23:07, Randy Bush wrote: > >> It will also take much less RAM if you turn RPKI validation off. > > > > oh dear ghod. do i need to turn the dancing donkeys off too? > > > > "Make each program do one thing well. To do a new job, build afresh > > rather than

Re: irrd or ...?

I've seen recently a trend where code is optimized for run time and memory consumption is a distant second consideration. I think this is a side-effect of the growth of big data, where you really do have to worry about your run time. Unfortunately this seems to have creeped into a lot of other

Re: Test email

On 20/06/2022 11:30, Peter Potvin wrote: I did not send this to the list. I assume the admins are testing out what has been blocking my emails for the past month and somehow this email slipped thru. Just ignore and delete. -Hank Why did moderation let this through the filters? I don't

Re: Test email

Why did moderation let this through the filters? I don't believe that testing email functionality is the intended use case of the NANOG mailing list. Also worth noting that the website for the domain this came from says the owner of the site specializes in "anti-spam", which based on this email

Test email

Hello, Checking Email Functionality. Hosting Support Thank you,

Re: Scanning the Internet for Vulnerabilities

shadow server (to the best of my knowledge) only scans sites that have invited them to do so. Owen > On Jun 19, 2022, at 10:43 , Forrest Christian (List Account) > wrote: > > See shadowserver.net > On Sun, Jun 19, 2022, 4:13 AM Ronald F. Guilmette

Re: Scanning the Internet for Vulnerabilities

I would still consider an uninvited scan of my network antisocial. Other operators are, of course, free to make their own choices. Owen > On Jun 19, 2022, at 03:13 , Ronald F. Guilmette > wrote: > > I would like to solicit the opinions of network operators on the practice > of scanning all