Re: PSA: change your fedex.com account logins

> On May 31, 2019, at 2:17 PM, Richard > wrote: > > > >> Date: Friday, May 31, 2019 08:04:13 -0400 >> From: Jason Kuehl > >> Is it possible, yes. I've seen it several times now at my place of >> work. Targeted attacks are a thing. >> Dan Hollis wrote: Phishing

Re: plaintext email?

/me gestures at this thread If you needed more reason that NANOG might not be the place to discuss email issues at any higher level than port numbers, this is it. (I especially liked the "I use plain text everywhere!" message sent as HTML). mailop lives at the perpetually-TLS-challenged

Re: Comcast

> On Jun 29, 2018, at 10:53 AM, Daniel Corbe wrote: > > Can someone from Comcast contact me off list? > > Your customers can’t reach my network right now. > It's much bigger than just your network, and probably bigger than just Comcast. They're aware of it, but probably kind of busy.

Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

> On Feb 27, 2018, at 4:29 PM, Filip Hruska wrote: > > > > This is just stupid. > > > > OVH is one of the largest server providers in the world - of course they will > be at the top of that list. > > What exactly should they do, according to you? Read their abuse@

Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

> On Feb 27, 2018, at 1:16 PM, Eric Kuhnke wrote: > > I question whether there is *any* high volume hoster out there that has a > reputation for successfully addressing abuse issues coming from their > customer base, and cuts off services... By high volume hoster I

Re: aggregate6 - a fast versatile prefix list compressor

> On Dec 1, 2017, at 2:16 AM, Elmar K. Bins wrote: > > na...@studio442.com.au (Julien Goodwin) wrote: > >>> The first optimisation is to remove any supplied prefixes which are >>> superfluous because they are already included in another supplied >>> prefix. For example,

Re: Incoming SMTP in the year 2017 and absence of DKIM

> On Nov 30, 2017, at 1:22 AM, Bjørn Mork wrote: > > "John Levine" writes: > >> Broken rDNS is just broken, since there's approximately no reason ever >> to send from a host that doesn't know its own name. > > rDNS is not a host attribute, and will therefore

Re: Purchased IPv4 Woes

> On Mar 19, 2017, at 8:32 PM, Justin Wilson wrote: > > > Then you have the lists which want money to be removed. I have an IP that > was blacklisted by hotmail. Just a single IP. I have gone through the > procedures that are referenced in the return e-mails. No response.

Re: IPv6 automatic reverse DNS

> On Oct 28, 2016, at 6:04 PM, Karl Auer wrote: > >> 1b) anti spam filters believe in the magic of checking >> forward/reverse match. > > Someone in this thread said that only malware-infested end-users are > behind IP addresses with no reverse lookup. Well - no. As long

Re: IPv6 automatic reverse DNS

> On Oct 28, 2016, at 4:02 PM, Baldur Norddahl > wrote: > > Hello > > Many service providers have IPv4 reverse DNS for all their IP addresses. If > nothing is more relevant, this will often just be the IPv4 address hashed > somehow and tagged to the ISP domain

Re: Should abuse mailboxes have quotas?

> On Oct 27, 2016, at 9:47 AM, Leo Bicknell wrote: > > In a message written on Thu, Oct 27, 2016 at 08:03:11AM -0700, Stephen > Satchell wrote: >> For the last couple of weeks, every single abuse mail I've tried to send >> to networks in a very short list of countries has

Re: "Defensive" BGP hijacking?

> On Sep 13, 2016, at 12:22 AM, Bryant Townsend wrote: > > *Events that caused us to perform the BGP hijack*: After the DDoS attacks > subsided, the attackers started to harass us by calling in using spoofed > phone numbers. Curious to what this was all about, we fielded

Re: Handling of Abuse Complaints

> On Aug 29, 2016, at 9:37 AM, Paul Ferguson wrote: > > I would suggest that violation of the ISP’s ToS should also be consideration, > since what may be illegal in one jurisdiction may not be illegal in some > other jurisdictions. Unless your abuse / security desk

Re: EVERYTHING about Booters (and CloudFlare)

> On Jul 27, 2016, at 9:17 AM, Baldur Norddahl > wrote: > > Den 27. jul. 2016 17.12 skrev "Steve Mikulasik" : >> >> Disclaimer: I have a ton of respect for Clouldflare and what they do on > the internet. > > They just lost all respect

Re: cloudflare hosting a ddos service?

> On Jul 26, 2016, at 7:58 PM, Justin Paine wrote: > > Folks, > > "For a long time their abuse@ alias was (literally) routed to /dev/null. I'm > not > sure whether that's still the case or whether they now ignore reports > manually." > > @Steve It (literally) never

Re: cloudflare hosting a ddos service?

> On Jul 26, 2016, at 7:15 PM, Mehmet Akcin wrote: > > Have you tried to contact their Abuse?. For a long time their abuse@ alias was (literally) routed to /dev/null. I'm not sure whether that's still the case or whether they now ignore reports manually. Cheers, Steve >

Re: Netflix VPN detection - actual engineer needed

> On Jun 8, 2016, at 8:13 AM, Baldur Norddahl wrote: > > > > On 2016-06-08 07:27, Mark Andrews wrote: >> In message <20160608070525.06fd5...@echo.ms.redpill-linpro.com>, Tore >> Anderson writes: >>> * Davide Davini >>> >>> Blocking access to

Re: Netflix VPN detection - actual engineer needed

> On Jun 6, 2016, at 8:21 AM, Tore Anderson wrote: > > * Spencer Ryan > >> As an addendum to this and what someone said earlier about the >> tunnels not being anonymous: From Netflix's perspective they are. Yes >> HE knows who controls which tunnel, but if Netflix went to HE and

Re: GeoIP database issues and the real world consequences

> On Apr 11, 2016, at 10:11 AM, Hugo Slabbert wrote: > > > On Mon 2016-Apr-11 13:02:14 -0400, Ken Chase wrote: > >> TL;DR: GeoIP put unknown IP location mappings to the 'center of the country' >> but then rounded off the lat long so it points at this farm.

Re: outlook.com outgoing blacklists?

> > Anybody have some recommendations on how I resolve this The most likely explanation is a configuration error at your end, so the first step is to share what the domain is. Cheers, Steve

Re: outlook.com outgoing blacklists?

> On Sep 9, 2015, at 11:43 AM, Steve Atkins <st...@blighty.com> wrote: > > >> >> Anybody have some recommendations on how I resolve this > > The most likely explanation is a configuration error at your end, so the > first step is to share what the domain

Re: Remember Internet-In-A-Box?

On Jul 14, 2015, at 4:46 PM, Stephen Satchell l...@satchell.net wrote: This goes back a number of years. There was a product that literally was a cardboard box that contained everything one needed to get started on the Internet. Just add a modem and a computer, and you were on your way.

Re: Purpose of spoofed packets ???

On Mar 10, 2015, at 4:40 PM, Matthew Huff mh...@ox.com wrote: We recently got an abuse report of an IP address in our net range. However, that IP address isn't in use in our networks and the covering network is null routed, so no return traffic is possible. We have external BGP monitoring,

Re: AOL Postmaster

On Feb 25, 2015, at 5:54 PM, Suresh Ramasubramanian ops.li...@gmail.com wrote: You think every accountant, realtor, coffee shop etc uses their own domain? No. But they should not, and in many cases *cannot*, rely on aol or yahoo addresses. It would suck for them to have to change all their

Re: Bounce action notifications - NANOG mailing list changes yahoo.com users

On Oct 10, 2014, at 8:05 AM, Christopher Morrow morrowc.li...@gmail.com wrote: On Fri, Oct 10, 2014 at 10:54 AM, Randy Bush ra...@psg.com wrote: a better approach would be to recommend that mailing list participants who want to actually participate should utilize a mail service appropriate

Re: Bounce action notifications - NANOG mailing list changes yahoo.com users

On Oct 10, 2014, at 9:21 AM, Royce Williams ro...@techsolvency.com wrote: On Fri, Oct 10, 2014 at 7:31 AM, Steve Atkins st...@blighty.com wrote: If your domain publishes p=reject it should not have any users that participate in mailing lists. Like many, I was pretty unhappy (and busy

Re: Belkin Router issues this morning?

On Oct 7, 2014, at 8:34 AM, Justin Krejci jkre...@usinternet.com wrote: https://twitter.com/search?q=%23belkin Sounds like a bad firmware update most likely. Presumably the Belkin routers perform caching DNS for the LAN clients for if the LAN clients use alternate DNS servers (OpenDNS,

Re: More Godaddy DNS and whois server issues?

On Sep 4, 2014, at 9:22 AM, Mark Keymer m...@viviotech.net wrote: Hi, So this started a little while ago but seems to be getting worse. What I am seeing is dns servers over at godaddy not replying however I seem to be able to traceroute ok to them. Also I have started to see that the

Re: Ebay/Paypal blocking HTTP access based on SORBS DUHL / Spamhaus PBL

On Aug 21, 2014, at 6:23 AM, Tarko Tikan ta...@lanparty.ee wrote: hey, For a while now, we have been getting complains from our broadband customers about not being able to reach ebay.com/paypal.com We have nailed it down to some small prefixes and they are all listed in SORBS DUHL /

Re: SORBS contact?

On Mar 22, 2011, at 12:21 PM, Mike wrote: On 03/22/2011 12:14 PM, Paul Graydon wrote: On 03/22/2011 09:07 AM, Chris Conn wrote: Hello, Thank you to all that answered, all helpful info. Surprisingly minutes after my Nanog post, a couple of my tickets saw action and the /24 was finally

Re: Request Spamhaus contact

On Jan 17, 2011, at 4:42 PM, Jeffrey Lyon wrote: I fat fingered the netmask, try now. Mmm hmm. platter steve$ telnet 208.64.127.78 80 Trying 208.64.127.78... Connected to 208.64.127.78. Escape character is '^]'. HEAD / HTTP/1.1 Host: viagra-shopping.com HTTP/1.1 301 Moved

Re: network name 101100010100110.net

On Oct 17, 2010, at 7:16 PM, James Hess wrote: On Sat, Oct 16, 2010 at 11:46 PM, Day Domes daydo...@gmail.com wrote: I have been tasked with coming up with a new name for are transit data network. I am thinking of using 101100010100110.net does anyone see any issues with this? The

Re: [policy] When Tech Meets Policy...

On Aug 15, 2007, at 12:38 PM, Al Iverson wrote: On 8/15/07, Barry Shein [EMAIL PROTECTED] wrote: I am not sure tasting is criminal or fraud. Neither am I, we agree. I meant if there's subsequent criminality or fraud that should be dealt with separately. Dumb question, not necessarily

Re: [policy] When Tech Meets Policy...

On Aug 13, 2007, at 12:28 PM, Sean Donelan wrote: On Mon, 13 Aug 2007, Chris L. Morrow wrote: but today that provision is: If you buy a domain you have 5 days to 'return' it. The reason behind the return could be: oops, I typo'd or hurray, please refund me for the 1M domains I bought 4.99

Re: too many variables

On Aug 9, 2007, at 12:09 PM, Leigh Porter wrote: Yes a very big unless. Multi-core processors are already available that would make very large BGP convergence possible. Change the algorithm as well and perhaps add some multi-threading to it and it's even better. Anyone have a decent

Re: large organization nameservers sending icmp packets to dns servers.

On Aug 6, 2007, at 10:21 AM, John Levine wrote: Sounds like one of the global-scale load balancers - when you do a (presumably) recursive DNS lookup of one of their hosts, they'll ping the nameserver from several locations and see which one gets an answer the fastest. Why would they