Re: Spamhaus flags any IP announced by our ASN as a criminal network
Hi Brandon “ the entire ASN cannot be "blocked" just because there is a complaint on one IP address” Why not? They are being advertised by the same ASN so at least nominally they are under common administrative control. Therefore if that administrative control is not taking responsibility for complaints they may be treated as a bad actor on the internet. Also people chose to block / rate limit / etc things on their networks for whatever reason makes sense to them. I think if you have a customer or partner who doesn’t look after scams or worse coming from their network you may need to consider disconnecting them if you are not willing to be marked as the same bad actor for at least passively enabling them. This could still happen if they had their own ASN with their own netblocks because if you are still providing transit to them and take no action you may again be flagged as a bad actor. We all have a role to play keeping our networks clean and positive members of the internet community. Might be time to have your customer / partner clean up their actions in response to complaints or ensure that you don’t need a good reputation with spamhaus to operate. Regards Alexander On Tue, 21 Mar 2023 at 04:00, Brandon Zhi wrote: > Well, those prefixes are not for their VPS hosting service (which cause a > lot of complaint). Just like there are many IP addresses under the > telecommunication company, the entire ASN cannot be "blocked" just because > there is a complaint on one IP address > > On 2023年3月20日周一 下午10:50 Mike Hammett wrote: > >> If someone tries to break into my house over and over, I won't act any >> different if they show up wearing different clothes. >> >> >> >> - >> Mike Hammett >> Intelligent Computing Solutions <http://www.ics-il.com/> >> <https://www.facebook.com/ICSIL> >> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >> <https://www.linkedin.com/company/intelligent-computing-solutions> >> <https://twitter.com/ICSIL> >> Midwest Internet Exchange <http://www.midwest-ix.com/> >> <https://www.facebook.com/mdwestix> >> <https://www.linkedin.com/company/midwest-internet-exchange> >> <https://twitter.com/mdwestix> >> The Brothers WISP <http://www.thebrotherswisp.com/> >> <https://www.facebook.com/thebrotherswisp> >> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> >> -- >> *From: *"Brandon Zhi" >> *To: *"Christopher Morrow" >> *Cc: *nanog@nanog.org >> *Sent: *Monday, March 20, 2023 9:43:19 AM >> *Subject: *Re: Spamhaus flags any IP announced by our ASN as a criminal >> network >> >> Yes, for those prefixes are used to hosting service have been listed for >> a long time. However, for those new prefixes that we rented.. We just >> announced it.. even though it's unreachable... They just listed to this >> list. >> >> On 2023年3月20日周一 下午10:34 Christopher Morrow >> wrote: >> >>> On Mon, Mar 20, 2023 at 9:51 AM Brandon Zhi wrote: >>> >>> > I don't think any ISP would reject an IP that is on the Spamhaus list. >>> >>> you, clearly, have been living under several rocks for a very long time. >>> >> >> -- Regards Alexander Alexander Neilson Neilson Productions Limited alexan...@neilson.net.nz 021 329 681 022 456 2326
Re: Anyone running C-Data OLTs?
I think the article may also be confusing OLT and ONT. They are talking about how the “OLT” that is vulnerable is the device that translates the fibre into the copper Ethernet connected to customers equipment which may indicate these are actually ONT’s being talked about or the article authors got their explanation confused. For these to be internet exposed presumably they must be including a router function and not simply doing some bridging of customer traffic. I haven’t checked (on mobile) but those affected model numbers could confirm if it’s OLT, ONT, or both. Possibly the confusion could come from the bug affecting both. Regards Alexander Alexander Neilson Neilson Productions Limited 021 329 681 alexan...@neilson.net.nz > On 11/07/2020, at 08:04, Mel Beckman wrote: > > The “WAN” port of an OLT _is_ it’s management port. Data, IPTV, and VoIP > traffic pass on VLANs, typically encrypted. These are passive optical network > (PON) devices, where all CPE in a group of, say, 32 premises receive the same > light via an optical splitter. Thus network partitioning is a requirement of > the architecture. There is no concept of a traditional “WAN” port facing the > Internet. > > -mel via cell > >>> On Jul 10, 2020, at 12:21 PM, Owen DeLong wrote: >>> >> >> Um, from the article it appears that this isn’t on the Management interface, >> but the WAN port of the OLT. >> >> Owen >> >> >>> On Jul 10, 2020, at 11:01 , Mel Beckman wrote: >>> >>> But who, who I ask, opens their management interface to the public >>> Internet?!?! >>> >>> Maybe this is vulnerability if you have a compromised management network, >>> but anybody who opens CPE up to the Internet is just barking mad :-) >>> >>> -mel via cell >>> >>>> On Jul 10, 2020, at 10:00 AM, Owen DeLong wrote: >>>> >>>> >>>> https://www.zdnet.com/article/backdoor-accounts-discovered-in-29-ftth-devices-from-chinese-vendor-c-data/?ftag=TRE-03-10aaa6b=29077120342825113007211255328545=12920625=2211510872 >>>> >>>> Wow… Just wow. >>>> >>>> Owen >>>> >>
Re: scaling linux-based router hardware recommendations
On 27/01/2015, at 4:29 pm, Ken Chase m...@sizone.org wrote: Hows convergence time on these mikrotik/ubiquity/etc units for a full table? For the CCR1036-12G-4S with one full table, one domestic table (NZ - ~26k entries) some peering and iBGP full convergence took about three minutes forty seconds last time I timed it from cold. I may do some new timing as they have been working hard to improve the multi core support (currently BGP still only single core however they been doing some work on efficient allocation of other tasks to cores. /kc -- Ken Chase - m...@sizone.org Toronto
Re: Tech Laptop with DB9
I have found Air Console to be amazing: http://www.get-console.com/airconsole/ I have one that comes with me in my bag everywhere. I also have purchased a couple of their 1.8M USB to Cisco Rollover Cables which include the USB to Serial converter in the USB Plug. The cable can be adapted to serial and null modem with the end adapters (may not work in every situation) The FDDI chip in these cables has strong driver availability across all OS’s and is also installed by default in some OS’s (including OS X - my personal preference for direct interaction machine) This way as long as you have USB ports and Wifi you have an awesome tool set. The Air Console can even bridge traffic for monitoring / wireshark over Wifi (obvious bandwidth limitations) so I really enjoy having it with me. Regards Alexander Alexander Neilson Neilson Productions Limited alexan...@neilson.net.nz 021 329 681 022 456 2326 On 11/11/2014, at 9:39 am, Max Clark max.cl...@gmail.com wrote: Hi all, DB9 ports seem to be a nearly extinct feature on laptops. Any suggestions on a cheap laptop for use in field support (with an onboard DB9)? Thanks, Max
Re: Here comes iOS 8...
According to devices I have seen numbers have been between 800MB and 1.3GB iPhone 4S, iPhone 5, iPad 2 (3G), iPad Air (LTE) Regards Alexander Alexander Neilson Neilson Productions Limited alexan...@neilson.net.nz 021 329 681 022 456 2326 On 18/09/2014, at 2:04 pm, JoeSox joe...@gmail.com wrote: Grant, Do you have a reference? Someone just told me it is more around 5GB. -- Later, Joe On Wed, Sep 17, 2014 at 10:31 AM, Grant Ridder shortdudey...@gmail.com wrote: For those that are curious, it looks like the download is 1.1 gigs. -Grant On Wed, Sep 17, 2014 at 10:04 AM, Nick Olsen n...@flhsi.com wrote: I've been waiting all morning. Expedited repair of a primary link to prepare for the traffic. Not that it didn't have multiple backups. But one doesn't trifle with IOS8 release traffic.. If it's anything like IOS7 was.. Nick Olsen Network Operations (855) FLSPEED x106 From: Zachary McGibbon zachary.mcgibbon+na...@gmail.com Sent: Wednesday, September 17, 2014 12:59 PM To: NANOG nanog@nanog.org Subject: Here comes iOS 8... So Apple is about to release iOS 8... Have you done anything special to your network setup to accommodate the traffic flood ie traffic shaping rules, cache servers, etc? I heard that Apple Caching servers won't work with this update, so I'm guessing it will be pushed through Akamai servers as is usually is. - Zachary
Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability
I wonder if they should be invited to only post a single message with the titles and links to the alerts so that people can follow it up. They should also include a link to their own list that they send the full alerts to. That way there could be some headline alerting to people that there is something in that topic available but avoids sending each alert to the list every time. Depends on compliance with the charter for the list but I think it might be nice list etiquette. Regards Alexander On 28/03/2014, at 3:27 pm, Larry Sheldon larryshel...@cox.net wrote: On 3/27/2014 4:07 PM, Matt Palmer wrote: On Wed, Mar 26, 2014 at 10:52:42AM -0600, kendrick eastes wrote: The Full-disclosure mailing list was recently... retired, I guess cisco thought NANOG was the next best place. Nope, they've been sending these things here for as long as I can remember. I have NFI why -- probably hubris, thinking that everyone running a network *must* have some Cisco somewhere. There used to be cisco 'wigs with well-known names on NANOG. One of them was probably asked to do it. -- Requiescas in pace o email Two identifying characteristics of System Administrators: Ex turpi causa non oritur actio Infallibility, and the ability to learn from their mistakes. (Adapted from Stephen Pinker)
Re: How to catch a cracker in the US?
I just thought it was Nerds didn't have social lives (not likely to be drinking) They fail the blood alcohol test on sign up to the list here. Regards Alexander Alexander Neilson Neilson Productions Ltd alexan...@neilson.net.nz 021 329 681 On 13/03/2014, at 8:57 am, William Herrin b...@herrin.us wrote: On Wed, Mar 12, 2014 at 3:50 PM, Warren Bailey wbai...@satelliteintelligencegroup.com wrote: So like.. Nerds have a sense of humor all the sudden?? Did I miss a slashdot post or something? Geeks, man. Geeks. Nerds have pocket protectors. -Bill -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004 smime.p7s Description: S/MIME cryptographic signature
Re: Will a single /27 get fully routed these days?
Regards Alexander Alexander Neilson Neilson Productions Limited alexan...@neilson.net.nz 021 329 681 022 456 2326 On 26/01/2014, at 10:35 pm, Dave Bell m...@geordish.org wrote: But more important: which /10 is set aside for this? It is not listed on https://www.arin.net/knowledge/ip_blocks.html 100.64/10 http://tools.ietf.org/search/rfc6598 Correct me if I am wrong but this is the space reserved for internal use by providers for space for CGN systems that is not 1918 space so it doesn’t conflict with customers internal network IP Space. If I am correct the question is for which block has been reserved by ARIN for “address space for v6 devices they need to talk to v4 world” which is a globally unique allocation from their final /8 which they reference Per policy, a /10 was reserved out of the last /8 to facilitate IPv6 deployment and that space is not included in our inventory count.” at https://www.arin.net/resources/request/ipv4_countdown.html which I think nobody has yet answered. Looking at 4.10 it doesn’t require the /10 block to be taken from their “Final /8” allocation (104/8) so I think it would be nice for someone from ARIN to come on here and confirm for all of us what the /10 is and ARIN’s thinking around the use of this space and their allocations being a max /24. Knowing the space now and whether larger transit providers will be issued it in /24’s for their transit customers which would mean they could announce the entire /24 and not require action from most AS’s or if the allocations will range in size directly to end users as standard issued space and ARIN asks us to accept it in our filters would be useful to know now so I can prepare the filters and it gives most AS’s time to implement this next large edit rather than make it a tweak when it begins to cause issues / issues are reported. smime.p7s Description: S/MIME cryptographic signature
Re: Mikrotik Cloud Core Router and BGP real life experiences?
Regards Alexander Alexander Neilson Neilson Productions Ltd alexan...@neilson.net.nz 021 329 681 On 28/12/2013, at 5:06 am, Eduardo Schoedler lis...@esds.com.br wrote: PPPoE Server is single thread too. PPP package is getting a multicore upgrade in 6.8 or 6.9 release. May introduce bugs but they are working to Multi core all the processes properly. 2013/12/27 Nick Olsen n...@flhsi.com Exactly what Faisal Said. The BGP process appears to be single threaded at the moment. So taking on full BGP tables can be a bit slow compared to a decent X86 box. But in terms of raw forwarding power they are pretty monstrous. We replaced a few Maxxwave 6 port Atom's with the CCR. ~400Mb/s and ~40K pps aggregate across all ports. CPU load went from ~25% to ~0-2%. These are in a configuration where they have little or no firewall/nat/queue rules. And in most cases are running MPLS. We've not had any issues with stability so far either (Knock on wood). Nick Olsen Network Operations (855) FLSPEED x106 From: Faisal Imtiaz fai...@snappytelecom.net Sent: Friday, December 27, 2013 10:33 AM To: Geraint Jones gera...@koding.com Cc: nanog@nanog.org, Martin Hotze m.ho...@hotze.com Subject: Re: Mikrotik Cloud Core Router and BGP real life experiences? FYI... Mikrotik Cloud Core routers are nice, however one has to keep something in mind when deploying them... Only One Core (of the CPU) is dedicated to each port / process. So this is good so as to contain what happens on a single port from taxing the whole CPU.. But not so good when you need more cpu power than a single core for that port. Also, BGP process will only use one core. While these units make for great 'customer facing' edge routers, with plenty of power and the ability to keep issues contained... The X-86 based (Core2Duo/i5/i7) Mikrotik are more suitable (Processing power wise) for running multiple full BGP tables peering. Regards Good Luck. Faisal Imtiaz Snappy Internet Telecom - Original Message - From: Geraint Jones gera...@koding.com To: Martin Hotze m.ho...@hotze.com Cc: nanog@nanog.org Sent: Friday, December 27, 2013 4:02:45 AM Subject: Re: Mikrotik Cloud Core Router and BGP real life experiences? I am going to be deploying 4 as edge routers in the next few weeks, each will have 1 or 2 full tables plus partial IX tables. So I should have some empirical info soon. They will be doing eBGP to upstreams and iBGP/OSPF internally. I went with the 16gb RAM models. However these boxes are basically Linux running on top of tilera CPUs, in terms of throughput as long as everything stays on the fastpath they have no issues doing wire speed on all ports, however the moment you add a firewall rule or the like they drop to 1.5gbps. On 27/12/2013, at 9:47 pm, Martin Hotze m.ho...@hotze.com wrote: Hi, looking at the specs of Mikrotik Cloud Core Routers it seems to be to good to be true [1] having so much bang for the bucks. So virtually all smaller ISPs would drop their CISCO gear for Mikrotik Routerboards. We are using a handful of Mikrotik boxes, but on a much lower network level (splitting networks; low end router behind ADSL modem, ...). We're happy with them. So I am asking for real life experience and not lab values with Mikrotik Cloud Core Routers and BGP. How good can they handle full tables and a bunch of peering sessions? How good does the box react when adding filters (during attacks)? Reloading the table? etc. etc. I am looking for _real_ _life_ values compared to a CISCO NPE-G2. Please tell me/us from your first hand experience. Thanks! greetings, Martin [1] If something sounds too good to be true, it probably is. -- Eduardo Schoedler smime.p7s Description: S/MIME cryptographic signature
Fwd: minimum IPv6 announcement size
*Beer* - sorry to take this further off topic. Regards Alexander Alexander Neilson Neilson Productions Limited alexan...@neilson.net.nz 021 329 681 022 456 2326 Begin forwarded message: From: Ben ben+na...@list-subs.com Subject: Re: minimum IPv6 announcement size Date: 1 October 2013 1:05:01 AM NZDT To: nanog@nanog.org On 26/09/2013 09:52, bmann...@vacation.karoshi.com wrote: sounds just like folks in 1985, talking about IPv4... Most people here were probably not of working age in 1985 ;-) Working age?? some of us weren't even born yet. smime.p7s Description: S/MIME cryptographic signature
Re: questions regarding prefix hijacking
Regards Alexander Alexander Neilson Neilson Productions Limited alexan...@neilson.net.nz 021 329 681 022 456 2326 On 8/08/2013, at 9:47 AM, Marsh Ray ma...@microsoft.com wrote: From: Christopher Morrow Sent: Wednesday, August 7, 2013 2:06 PM On Wed, Aug 7, 2013 at 4:59 PM, Marsh Ray ma...@microsoft.com wrote: It would be incredibly useful for someone to start a page or a category on Wikipedia List of Internet Routing and DNS Incidents that would include both accidental and malicious events. I would see there being a problem with Wikipedia trying to categorise some of them as accidental / malicious. I think if it was done it would have to be list where ones that were publicly announced as accidental would be listed as accidents and the rest left un noted to comply with neutral point of view and verification. do we really need that? Have you ever heard of someone using IP addresses as an access control mechanism? (AKA, IP whitelist) When I hear about this, I would really *love* to be able to link them to a credible source. they seem to occur often enough that that isn't really required :( *I* believe you, but in practice that's not sufficient to convince many other folks. Currently, a section of a page on Wikipedia lists 7 incidents going back to 1997. http://en.wikipedia.org/wiki/IP_hijacking#Public_incidents Serious question: Do folks here feel that is an accurate representation of this phenomenon in practice? I would tend to say as it lists BGPmon.net as an external link thats a good resource for finding out about other ones that have happened. Also maybe that section should be renamed notable incidents and just have it as a sample of some of these incidents. - Marsh smime.p7s Description: S/MIME cryptographic signature
