On Tue, 05 Mar 2024 12:17 -0700, Michael Rathbun wrote:
> What I found intriguing was that I was logged out by Google Docs at the same
> moment FB logged me out. Downdetector showed a number of other supposedly
> unrelated services with large outage report spikes at roughly the same time.
I
I can confirm we started seeing this on Nov 9th at 19:10 UTC across all markets
from a variety of sources.
If you want to filter it with ingress ACLs they need to include subnet base and
broadcast addresses in addition to interface address, so a router at
192.168.1.1/30 with a customer
> We are using Okta's RADIUS service for 2fa to network gear currently,
> but looking to switch to tacacs+ for many reasons. Would prefer to
> implement tacacs+ with two-factor if possible.
tac_plus-ng from https://www.pro-bono-publico.de/projects/tac_plus-ng.html has
LDAP and PAM backends,
> https://www.shrubbery.net/tac_plus/
That tac_plus has python 2 dependencies and so has been removed from Debian
packages. That's not surprising given the last update was 2015 and Python 2 was
EOL in 2020: https://www.python.org/doc/sunset-python-2/
Currently I favor this one which is still
Ooof.
https://www.freebsd.org/security/advisories/FreeBSD-SA-22:15.ping.asc
Some hope here: "The ping process runs in a capability mode sandbox on all
affected versions of FreeBSD and is thus very constrainted in how it can
interact with the rest of the system at the point where the bug can
Precedent?
https://blog.codinghorror.com/revisiting-the-black-sunday-hack/
> Do you know if this was codified prior to 1.1.1.1 being taken over by
> Cloudflare?
Yes, I'm sure it was.
On a related note, I just discovered a NID that has 1.1.1.1 assigned to the
outband interface by default, and it is apparently not user modifiable. So, not
only can these devices never use 1.1.1.1 for name resolution, but attempts to
determine "is the circuit up" by pinging it will always
> What else is like that and easy to remember and isn’t 1.1.1.1 ?
4.2.2.1, which IIRC predates both 8.8.8.8 and 1.1.1.1.
Muscle memory still favors it. I think 4.2.2.2 might be anycast the same but
never really looked hard at it.
Anyone swinging a clue-by-four it going to hit Meraki real hard.
https://community.meraki.com/t5/Switching/Switch-Constantly-Pings-8-8-8-8/m-p/31491
I can confirm this issue exists at several sites in the Denver area with this
same IPSEC issue, all routing between Level3/Lumen and Comcast.
I was told by one customer that it resolved late yesterday afternoon but I
haven't been able to confirm that.
Mike
-Original Message-
From:
Nick Hilliard wrote:
> forgot to re-sign the zone on dlv.isc.org or forgot to remove
> dnssec-lookaside from the config?
>
> Not kidding here. People need to take responsibility for their
> configurations.
Anyone running BIND provided with CentOS 6 has a release from ~2012 (bind
9.8.2) and
> In any regard, <1 Gbps is pretty piss poor for an amplification attack too.
We've observed a customer receiving relative low volume attacks in the last
week (so low they didn't trigger our alarms).
My working theory is that with the Dec 3rd release of Halo Reach for PC, there
are gamers
Question: is anyone who is currently suffering this issue also doing 1:many
NAT? Or running a proxy server that might cause multiple clients to all appear
from the same IP address? I believe NAT might be the cause of one of our
customer's complaints wrt content provider blocking.
Dylan Ebner wrote:
Does anyone know if it is the policy of Qwest (or ISPs) to have lower
uptime metrics for BGP customers or am I just experiancing lots of
downtime with an ISP that is known for having lots
of problems?
We do BGP to Qwest Internet and they've been as reliable as any
Suresh Ramasubramanian wrote:
If your email and phone communications are down due to a connectivity
break, and your customers get connectivity from you [assume no backup
links, by default .. you'd be surprised at how many smaller customers
get by with a single link and no backups at all. If
William McCall wrote:
I should have clarified. Third party physical control isn't necessarily the
issue, but third party administration and delivery (in the context of
twitter) is.
Dedicated servers are cheap and you can maintain control of the content.
But useless if the customer's data
We're experimenting with Twitter as a means to communicate anytime there
are system-wide outages (in addition to regular maintenance
notifications). Adoption is slow but I foresee growth once we really get
the word out.
Being a data and VoIP provider, certain events can effect both email and
Shane Ronan wrote:
Very simple, just do it.
Ha! We have some legacy IP space in continous use here at ASN13345 for
over 12 years now that was recently revoked for a few weeks (only to
be later restored via a transfer once the exact definition of
ownership in a member-owned cooperative was
Paul Ferguson wrote:
Most likely SQL injection. At any given time, there are hundreds of
thousands of legitimate websites out there that are unwittingly harboring
malicious code.
Most of the MS-SQL injection attacks we see write malicious javascript
into the DB itself so all query results
chandrashakher pawar wrote:
We are level one ISP. one of my customer is connected to fast ethernet.
His link speed 100,000 kbps. while downloading any thing from net he
downloading speed donot go above 200 kbps.
While doing multiple download he get aroung 200 kbps in every window. But
when he
Joe Greco wrote:
My point was more the inverse, which is that a determined, equipped,
and knowledgeable attacker is a very difficult thing to defend against.
The Untold Story of the World's Biggest Diamond Heist published
recently in Wired was a good read on that subject:
Rod Beck wrote:
Hold on. Who says this sabotage?
By the time the second plane hit WTC, intent was apparent. I think in
this case intent is also apparent based on proximity (and the previously
mentioned reward ATT has posted for the capture of vandals).
Mike
Subba Rao wrote:
Can someone explain why Nipper is saying Rlogin is enabled when
I do not see it in the configuration file? Is there something
else that I need to be looking at?
It's been my experience that the routers are all listening on that port
by default, and we notice it as a
the other angle. All she got was Earthlink has been
blocking port 25 for years you should now this by now!
Mike Lewinski
--
m...@rockynet.com
POTS: 303-629-2860
INOC-DBA: 13345*mjl
Within an hour of making this post I received a call from a very helpful
engineer at Earthlink. The problem has been identified and a resolution
is in the works.
Mike
Mike Lewinski wrote:
One of our mail servers can't talk to any of the earthlink MX servers
and after two weeks of trying I've
valdis.kletni...@vt.edu wrote:
You *do* realize that has a public address does not actually mean that
the machine is reachable from random addresses, right? There *are* these
nice utilities called iptables and ipf - even Windows and Macs can be configured
to say bugger off to unwanted traffic.
Joe Greco wrote:
A quick scan of the reverse mapping for your address space in DNS reveals
that you have basically your entire network on public addresses. No wonder
you're worried about portscans when the printer down the hall and the
receptionists machine are sitting on public addresses. I
German Martinez wrote:
Workaround: Configure the bgp maxas limit command in such
as way that the maximum length of the AS path is a value below 255. When the
router receives an update with an excessive AS path value, the prefix is
rejected and recorded the event in the log.
This workaround has
Jack Bates wrote:
Just to reconfirm. The issue arrives with sending an update, not
receiving? So if an ISP does not have a limit and their IOS cannot
handle this, they will send an invalid BGP UPDATE to the downstream
peers causing them to reset regardless of their max as-path settings?
There are issues between Google and Comcast in the Denver area for at
least the last 12 hours. Pages are sporadically stalling before load
(indefinitely as far as I can tell). I found a gmail message I'd sent
more than 30 minutes prior still processing. This is affecting all
google services
Chaim Rieger wrote:
Steve Church wrote:
Who's the hot chick in the bottom right corner?
S
thats my sis, want her number ?
While today may be international CAPS LOCK DAY (http://capslockday.com),
I believe off-topic posting day was last Thursday.
Jon Lewis wrote:
Yeah...prepending isn't a big deal...but when someone prepends their own
AS 70+ times, I wonder WTF they're thinking.
I'm sure they get the attention of NOCs around the world as messages
like this show up on consoles
Oct 22 04:34:05 MDT: %BGP-6-BIGCHUNK: Big chunk pool
Crist Clark wrote:
9) Turn off DNS services at old-dns1 and old-dns2 (i.e. take out
the firewall rules that allow queries to those addresses).
10) ...
10 ) Use one of the various sanity checking sites to validate some
subset of your hosted domain configurations.
We used to like
Joe Greco wrote:
So, I have to assume that I'm missing some unusual aspect to this attack.
I guess I'm getting older, and that's not too shocking. Anybody see it?
AFAIK, the main novelty is the ease with which bogus NS records can be
inserted. It may be hard to get a specific A record
Patrick W. Gilmore wrote:
Anyone have a foolproof way to get grandma to always put https://; in
front of www?
Some tests from my home Comcast connection tonight showed less than
desirable results from their resolvers.
The first thing I did was to double check that the bookmarks I use when
I'm very happy to report that my post here found the necessary
clue-holders and resolved both the lame DNS and stale email
configuration issue.
Also, one important followup wrt the whois for their ASN query:
Finally, as an additional note, the whois delegation for their ASN seems
to be
Sean Donelan wrote:
1. Separate your authoritative and recursive name servers
2. Recursive name servers should only get replies to their own DNS
queries from the Internet, they can use both UDP and TCP
We've just completed a project to separate our authoritative and
recursive servers and I
David Hubbard wrote:
I remember back in the day of old hardware and operating
systems we'd intentionally avoid using .255 IP addresses
for anything even when the netmask on our side would have
made it fine, so I just thought I'd try it out for kicks
today. From two of four ISP's it worked fine,
Mike Lewinski wrote:
The TCP/IP stack in Windows XP is broken in this regard, possibly in
Vista as well, though I've yet to have the displeasure of finding out.
A co-worker confirms that his Vista SP1 can access our .255 router via SSH.
Barry Shein wrote:
Is it just us or are there general problems with sending email to
yahoo in the past few weeks? Our queues to them are backed up though
they drain slowly.
I know that Yahoo does greylisting, and we often have a large queue
backup as a result of mailing lists with a lot of
41 matches
Mail list logo