Re: Incoming SSDP UDP 1900 filtering
Actually a little surprised to see port 25 blocked in both directions here along with 1080. It’s like saying here’s your network but it’s limited. Though I wouldn’t recommend spawning up 25 it’s still a legitimately used port today as alike with 1080. -- J. Hellenthal The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume. > On Mar 25, 2019, at 07:13, Ca By wrote: > > Blocked ssdp and move on > > Ssdp is a horrible ddos vector > > Comcast and many others already block it, because is the smart and best thing > to do > > https://www.xfinity.com/support/articles/list-of-blocked-ports > > >> On Mon, Mar 25, 2019 at 1:30 AM marcel.duregards--- via NANOG >> wrote: >> Dear Community, >> >> We see more and more SSDP 'scan' in our network (coming from outside >> into our AS). Of course our client have open vulnerables boxes (last one >> is an enterprise class Synology with all defaults ports open:-)) which >> could be used as a reflection SSDP client. >> >> As SSDP is used with PnP for local LAN service discovery, we are >> thinking of: >> >> 1) educate our client (take a lot of time) >> 2) filter incoming SSDP packets (UDP port 1900 at least) in our bgp border >> >> We see option 2 as a good action to remove our autonomous systeme from >> potential sources of DDOS SSDP source toward the Internet. >> Of course this might (very few chance) open others problems with clients >> which use this port as an obfuscation port, but anyhow it would not be a >> good idea as it is a registered IANA port. >> We could think of filtering also incoming port 5000 (UPnP), but it is >> the default port that Synology decide to use (WHY so many trojan use >> this) for the DSM login into the UI. >> >> What do you think ? >> >> Thank, best regards, >> >> -- >> Marcel
Re: sending again in case Zoom didn't email it correctly
Anyone want to have a large off topic zoom meeting ? :-) consisting of IDK and willing to weigh in -- J. Hellenthal The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume. > On Mar 15, 2019, at 14:40, Valdis Klētnieks wrote: > > On Fri, 15 Mar 2019 13:56:35 -0500, Casey Russell said: > >> SIP failover call. > > It's 2019. Surely we have better ways to have SIP fail over than manually > sending an e-mail alert redirecting the person to a phone number? >
Re: GPS week number rollover event on April 6th
Thanks! -- J. Hellenthal The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume. > On Mar 7, 2019, at 17:02, Gerry Boudreaux wrote: > > For those who have GPS based NTP servers. > > https://ics-cert.us-cert.gov/sites/default/files/documents/Memorandum_on_GPS_2019.pdf > > G >
Re: A Zero Spam Mail System [Feedback Request]
http://4.bp.blogspot.com/-nRlbTO3RH1s/Uo-X_PX6WBI/JLU/mirPbTYFa6U/s1600/unnamed.jpg -- J. Hellenthal The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume. > On Feb 18, 2019, at 16:57, Tom Beecher wrote: > > Every single person on this list has either sent an email they later regret , > or will do so eventually. > > Full credit to you for acknowledging and owning this. > > Best of luck to you. > >> On Mon, Feb 18, 2019 at 09:08 Viruthagiri Thirumavalavan >> wrote: >> @Everyone >> >> I'm not gonna justify my behaviour. Yes my post was rude. I made a mistake. >> I was way over in my head. When I typed the original message I was obsessed >> with the man John Levine. He was responsible for the attacks on me in 4 >> mailing lists. DMARC, DKIM, IETF and this one (the old thread). >> >> I didn't want to face the same thing again. So I was rude. I'm not gonna >> make him responsible for this thread. This one is my mistake. I could have >> been more professional in my original post. But I screwed up. >> >> My apologies to everyone here for making you witness my rant. I'm leaving >> this mailing list too. But if anyone complete my white paper in the future, >> I would love to hear your feedback. I won't be receiving any mails from >> nanog. So contact me off-list in that case. >> >> Thanks for the guys who helped in my other threads. >> >> Good luck to you all.
Re: Quick Script to check the uptime of ASR920's
Good stuff! Thanks for sharing this will come in handy. Quick note for those running it would be a little more portable by changing the shebang line to #!/bin/sh as bash on a lot of systems does not exist in /bin -- J. Hellenthal The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume. > On Jan 25, 2019, at 18:44, Erik Sundberg wrote: > > It was a script I created in regards to this thread below... Interface > counters and some other things stop working after a Cisco ASR920 is up 889 > days Fun Fun > > https://puck.nether.net/pipermail/cisco-nsp/2019-January/106558.html > > > -Original Message- > From: Mel Beckman > Sent: Friday, January 25, 2019 6:39 PM > To: Erik Sundberg > Cc: nanog@nanog.org > Subject: Re: Quick Script to check the uptime of ASR920's > > Erik, > > That’s a nice little script. Thanks! > > So you want a warning if a router hasn’t been rebooted in a long time? Just > out of curiosity, why? I’m kind of glad that my routers don’t reboot, pretty > much ever. Usually I want to know if the uptime suddenly became less than the > most recent uptime, indicting a possibly unplanned reboot. > > -mel > >> On Jan 25, 2019, at 4:29 PM, Erik Sundberg wrote: >> >> All, >> >> I just created a quick script to check the uptime of a ASR920 via SNMP >> if you have a fairly long list of devices. It's a simple bash script >> and snmpwalk version 2c. Figured I would share it with you. Happy >> Friday >> >> Grab the code from GitHub: >> https://github.com/esundberg/CiscoRouterUptime >> It's a quick and dirty script and my first repo on github. Let me know if >> there any issues with it. >> >> >> Output Format in CSV >> DeviceName, IP, Uptime in Days, OK/Warning >> >> I set my warning to 800 Days, you can change this in the code >> >> >> ASR920list.txt >> - >> ASR920-1.SEA1, 192.168.28.1, SuperSecretSNMPKey ASR920-2.SEA1, >> 192.168.28.2, SuperSecretSNMPKey snip you get the idea >> >> >> Output >> >> [user@Linux]$ ./CiscoRouterUptime.sh ASR920list.txt ASR920-1.SEA1, >> 192.168.28.1, 827, WARNING ASR920-2.SEA1, 192.168.28.2, 827, WARNING >> ASR920-2.ATL1, 192.168.23.2, 828, WARNING ASR920-1.ATL1, 192.168.23.1, >> 813, WARNING ASR920-1.CHI1, 192.168.21.3, 828, WARNING ASR920-1.NYC1, >> 192.168.25.1, 787, OK ASR920-2.CHI1, 192.168.21.4, 720, OK >> ASR920-3.CHI1, 192.168.21.5, 720, OK ASR920-1.DAL1, 192.168.26.3, 488, >> OK ASR920-4.CHI1, 192.168.21.6, 142, OK >> >> >> >> >> >> CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files >> or previous e-mail messages attached to it may contain confidential >> information that is legally privileged. If you are not the intended >> recipient, or a person responsible for delivering it to the intended >> recipient, you are hereby notified that any disclosure, copying, >> distribution or use of any of the information contained in or attached to >> this transmission is STRICTLY PROHIBITED. If you have received this >> transmission in error please notify the sender immediately by replying to >> this e-mail. You must destroy the original transmission and its attachments >> without reading or saving in any manner. Thank you. > > > > > CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or > previous e-mail messages attached to it may contain confidential information > that is legally privileged. If you are not the intended recipient, or a > person responsible for delivering it to the intended recipient, you are > hereby notified that any disclosure, copying, distribution or use of any of > the information contained in or attached to this transmission is STRICTLY > PROHIBITED. If you have received this transmission in error please notify the > sender immediately by replying to this e-mail. You must destroy the original > transmission and its attachments without reading or saving in any manner. > Thank you.
Re: (Netflix/GlobalConnect a/s) Scheduled Open Connect Appliance upgrade is starting
HTML gets converted to text here without images unless I want them the power of knowledge and ingenuity goes a long way. -- J. Hellenthal The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume. > On Jan 13, 2019, at 20:01, Seth Mattinen wrote: > >> On 1/13/19 2:49 PM, Bryce Wilson wrote: >> Not to name any names, but there are a few people on this list that for >> whatever reason use different fonts or sizes. I like having all of my text >> the same size because I can then use the features built into my email client >> to change the size as I need for my eyes and the screen I am using. I am >> also able to change the font when the email does not already specify one. >> More importantly, what is the need to use a different font in your emails? >> One of the people that I converse with outside of this list uses a cursive >> font which is also in a different color. It’s very hard to read and I see no >> need for it at all. > > > That's the primary reason I am plain text only: people that think they're > being whimsical by picking fonts and colors that are hard to read.
Re: plaintext email?
Haha nice troll -- J. Hellenthal The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume. > On Jan 13, 2019, at 14:01, Christoffer Hansen > wrote: > > > >> On 13/01/2019 20:57, Brian Kantor wrote: >> Are you trying to start another flame war? > > I certainly hope to avoid this discussion currently! > > (back to 1) @NETFLIX: Anybody willing to listen to previous stated > comment and take action on it? > >- Christoffer >
Re: yet another round of SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]
No problem. We all come across this here and there. We all fail 100 times or more but perception will always be key in how we obtain a final objective that benefits everyone. Thomas Edison failed thousands of times but of all those times his success only came from the knowledge of those so many failures. -- J. Hellenthal The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume. > On Jan 12, 2019, at 18:13, Viruthagiri Thirumavalavan wrote: > > Jason, Your comment is one of the best I have seen in this thread. > > Thanks for the input and being neutral.
Re: yet another round of SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]
Honestly, you feel very highly of your work in which any of us do in this field but John has a very good point and constructive criticism shroud not be the down fall of anyone. Read it 100 times without taking any thought of your own work and try to see the whole picture. Not agreeing with John or you but it is very straight forward and industry leading. It’s polite. I would feel the proper response from you would be to acknowledge the feedback and ask for some correction and guidance as John has had a lot of involvement here as so many others. He is not saying what you are doing is bad or such but more of guidance in a more proper direction so delusions are not set in the future. The whole picture of any outcome is not only had by just one person trying to make a difference but by the whole for a greater good for which makes sense for the current architectures and policies that are in place. I solute both you and John plus the community at which contribute highly valuable aspects to evolving “our” beat practices and judgements. Whether it’s positive or negative or proof of concept, it is how we get to where we “think” we should be. Criticism is how we get there regardless. Let’s cut out the other non-sense and discontinue this thread and work positively instead of against one-another. -- J. Hellenthal The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume. > On Jan 12, 2019, at 17:26, Cummings, Chris wrote: > > Can we please have a mod step in and shut this thread down? Any conversation > of value is long gone. > > /Chris > > > > On Sat, Jan 12, 2019 at 5:25 PM -0600, "Viruthagiri Thirumavalavan" > wrote: > >> I don't know why you are all try to defend a man who try to silence my work. >> >> Are you saying this thread is necessary? >> >>> On Sun, Jan 13, 2019 at 4:46 AM Töma Gavrichenkov wrote: >>> On Sun, Jan 13, 2019 at 12:51 AM Viruthagiri Thirumavalavan >>> wrote: >>> > 5 months back I posted my spam research on DMARC list. >>> > You have gone through only 50 words and judged my work. >>> > The whole thread gone haywire because of you. I was >>> > humiliated there and left. >>> >>> By the way, since that you've left no traces of whatever piece of work >>> you've posted to that list. The website is empty, slides are removed >>> from Speakerdeck, etc. >>> >>> In theory, I can easily recall a few cases in my life when going >>> through just 50 words was quite enough for a judgment. >>> >>> > To be very honest, I don't like you. >>> >>> Please keep our busy mailing list out of this information, though for >>> me it's a valuable piece of data that someone I don't know personally >>> doesn't like someone else. >>> >>> > Although I don't like you, I still managed to respond politely in >>> > IETF lists. Again... In that list the only thing you did was >>> > attacking my work. >>> >>> So, I've read the whole thread, and, as far as I can see, there was >>> nothing coming from John except for a balanced judgement. >>> >>> > And then please tell me this man is not biased at all. >>> >>> Sorry, he's not. >>> >>> -- >>> Töma >> >> >> -- >> Best Regards, >> >> Viruthagiri Thirumavalavan >> Dombox, Inc.
