On Nov 14, 2023, at 00:12, Shawn L via NANOG wrote:
The destination address is always one of our customer's ip addresses.
Attackers will sometimes use synthetic ESP, AH, GRE, or other protocols in DDoS
attacks, because organizations often only think about TCP/UDP/ICMP in terms of
ACLs, DDoS
It can’t be legacy space, there is no such thing in IPv6.
Legacy status only refers to IPv4 blocks that were issued by the predecessors
to the current registry system and have not yet been placed under RIR contract.
Owen
> On Nov 13, 2023, at 12:57, Matt Corallo wrote:
>
> I'd be very
On 11/13/23 12:57 PM, Matt Corallo wrote:
I'd be very curious to see a lawsuit over an IP hijack that isn't interfering with the operation of
any of Cogent's services and is restoring service to HE's customers. Doubly so if they prepend
aggressively to avoid it being a preferred path (Cogent
I'd be very curious to see a lawsuit over an IP hijack that isn't interfering with the operation of
any of Cogent's services and is restoring service to HE's customers. Doubly so if they prepend
aggressively to avoid it being a preferred path (Cogent currently announces a /48 for the C root
On 11/13/23 12:29 PM, Mel Beckman wrote:
We use KnowBe4.com's user training. That's really the only way you can
fight this, since its a human problem, not a technical one. These guys
provide fully automated, AI based (well, who knows what that means)
simulated phishing attacks, largely to
Matt,
Why would HE hijack Cogent's IP space? That would end in a lawsuit and
potentially even more de-peering between them.
Ryan Hamel
From: NANOG on behalf of Matt
Corallo
Sent: Monday, November 13, 2023 11:32 AM
To: Bryan Fields ; nanog@nanog.org
Subject:
We use KnowBe4.com's user training. That's really the only way you can fight
this, since its a human problem, not a technical one. These guys provide fully
automated, AI based (well, who knows what that means) simulated phishing
attacks, largely to give users real-world practical experience
I know this is only tangentially relevant to nanog, but I'm curious if
anybody knows where I can ask what orgs do to combat spear phishing?
Spear phishing doesn't require that you deploy DMARC since you can know
your own policy even if you aren't comfortable publishing it to the world.
- On Nov 13, 2023, at 9:43 AM, Maurice Brown maur...@pwnship.com wrote:
Hi,
> A new attack was published against SSH and the paper authors are theorizing
> that
> the attack is possible against IPSEC due to flaws in the CPU that are
> exploitable via brute force.
For those interested, here
On 11/8/23 2:23 PM, Bryan Fields wrote:
On 11/8/23 2:25 PM, o...@delong.com wrote:
Seems irresponsible to me that a root-server (or other critical DNS provider) would engage in a
peering war to the exclusion of workable DNS.
I've brought this up before and the root servers are not really an
Dave Taht's question about all the redundant fiber that
was put down in the telecom bubble is a very interesting
one. It would be nice if some folks on the list could
provide some solid information, even if only for one
large carrier.
My impression, from communications with various folks,
is
A new attack was published against SSH and the paper authors are theorizing
that the attack is possible against IPSEC due to flaws in the CPU that are
exploitable via brute force.
On Mon, Nov 13, 2023 at 9:42 AM Adrian Minta wrote:
> On 11/13/23 19:10, Shawn L via NANOG wrote:
>
> Is anyone
I can confirm we started seeing this on Nov 9th at 19:10 UTC across all markets
from a variety of sources.
If you want to filter it with ingress ACLs they need to include subnet base and
broadcast addresses in addition to interface address, so a router at
192.168.1.1/30 with a customer
On 11/13/23 19:10, Shawn L via NANOG wrote:
Is anyone else seeing a lot of 'strange' IPSEC traffic? We started
seeing logs of IPSEC with invalid spi on Friday. We're seeing it on
pretty much all of our PE routers, none of which are setup to do
anything VPN related. Most are just routing
Is anyone else seeing a lot of 'strange' IPSEC traffic? We started seeing logs
of IPSEC with invalid spi on Friday. We're seeing it on pretty much all of our
PE routers, none of which are setup to do anything VPN related. Most are just
routing local customer traffic.
decaps: rec'd IPSEC
Dear Amir,
On Fri, Nov 10, 2023 at 06:02:48PM -0500, Amir Herzberg wrote:
> We will present our new work, titled: `BGP-iSec: Improved Security of
> Internet Routing Against Post-ROV Attacks', in NDSS'24.
>
> If you're interested in security of Internet routing (BGP), and want a
> copy, see URL
16 matches
Mail list logo