Hi Simon,
as other responders have said it is an inherent issue with NAT in general,
on workaround is to limit the ratio of actual users to an external IPv4
address, the other thing we have seen from our Abuse contact emails from
PSN, is that malicious activity towards the PSN is often accompanie
On Sun, Sep 18, 2016 at 01:30:52PM +0100, Tom Smyth wrote:
> 2)do some "canary in the mine" monitoring for obviously malicious traffic
> (loads of SMTP traffic outbound) and lots of connection requests to SSH
> servers ... if you see that traffic from behind your CGNAT device .. just
> temporaril
This is, as many things are, a huge problem in communication.
Sony tells ISP 'Hey, you have customers abusing us. Fix it!'.
ISP says 'Oh crap, sorry, what's going on? We'll run it down.'
Sony says nothing.
Let's just stop here for a second. This is fundamentally no different then
the 'I have a pr
People love to hate incumbent telcos because of their arrogance (and frankly
it's deserved), but people forget that big content can be just as arrogant and
just as deserving of hatred.
-
Mike Hammett
Intelligent Computing Solutions
Midwest Internet Exchange
The Brothers WISP
On 09/17/2016 02:43 PM, Larry Sheldon wrote:
My experiences were back in the days of washing-machine class disc
drives and they were a 4-hour fire-wall away, but I don't remember them
being impacted. (I can't believe that I was allowed to conduct a test
with them running, but I don't remember shu
* Rich Kulawiec:
> For example: if the average number of outbound SSH connections
> established per hour per host across all hosts behind CGNAT is 3.2,
> and you see a host making 1100/hour: that's a problem. It might be
> someone who botched a Perl script; or it might be a botted host
> trying t
* Tom Beecher:
> Simon's getting screwed because he's not being given any information to try
> and solve the problem, and because his customers are likely blaming him
> because he's their ISP.
We don't know that for sure. Another potential issue is that the ISP
just cannot afford to notify its c
On Sun Sep 18, 2016 at 03:58:57PM +0200, Florian Weimer wrote:
> * Tom Beecher:
> > Simon's getting screwed because he's not being given any information to try
> > and solve the problem, and because his customers are likely blaming him
> > because he's their ISP.
>
> We don't know that for sure.
An email to a user notifying them they're likely compromised costs
basically nothing. An email to their entire subscriber base also costs
nothing. If you find me an ISP that can't afford to notify users, I'll show
you one that shouldn't be in business anyways.
There's this presumption of guilt her
* Tom Beecher:
> An email to a user notifying them they're likely compromised costs
> basically nothing.
If this increases the probability that the customer contacts customer
support, in some markets, there is a risk that the account will never
turn profitable during the current contract period.
* Simon Lockhart:
> On Sun Sep 18, 2016 at 03:58:57PM +0200, Florian Weimer wrote:
>> * Tom Beecher:
>> > Simon's getting screwed because he's not being given any information to try
>> > and solve the problem, and because his customers are likely blaming him
>> > because he's their ISP.
>>
>> We
On Sun Sep 18, 2016 at 05:17:33PM +0200, Florian Weimer wrote:
> Okay, then perhaps my guess of the ISP involved is wrong.
It's not hard to find out who I work for :)
> Out of curiosity, how common is end-to-end reporting of
> source/destination port information (in addition to source IP
> addre
On 9/18/2016 08:19, Mike Hammett wrote:
People love to hate incumbent telcos because of their arrogance (and
frankly it's deserved), but people forget that big content can be
just as arrogant and just as deserving of hatred.
I never did see the benefit or the approach. To anybody.
--
"Ever
On 9/18/2016 16:26, Larry Sheldon wrote:
On 9/18/2016 08:19, Mike Hammett wrote:
People love to hate incumbent telcos because of their arrogance (and
frankly it's deserved), but people forget that big content can be
just as arrogant and just as deserving of hatred.
I never did see the bene
Interestingly, Sony (SNEI-NOC-Abuse - Sony say no, either through silence, or explicitly.
On Mon, 19 Sep 2016 10:41:59 +1200, "Tony Wicks" said:
> Interestingly, Sony (SNEI-NOC-Abuse replied to being forwarded back one of their notification blocks requesting
> more detailed information with a csv file in under an hour!
So I guess name-and-shame *does* work? :)
pgp2syZkWt95D.pgp
Desc
So I should try again to get them to tell me what an "Account Takeover
Attempt" is? They ignored my last request.
It's easy to explain DMCA or spam to an end-user, but it's difficult to
explain to some soccer mom that her kids are doing something to make Sony
mad, when I can't explain to them what
So the last one we successfully managed to isolate, our customer they had more
than one PC with multiple infections. It’s not Playstation’s, but Windows
machines that are infected with I assume some malware that is trying to log
into PSN.
cheers
From: Jason Baugher [mailto:ja...@thebaugh
On Fri, Sep 16, 2016 at 12:06 PM, Mel Beckman wrote:
>
> Preventing government manhandling needs to be a design goal.
>
Can you proffer some potential solutions or directions to look?
At the end of the day the ISP or DNS operator or Enterprise is subject to
local law enforcement action(s), so I
So after reading your explanation of things...
Your technical protections for your client proved sufficient to handle the
attack. You took OFFENSIVE action by hijacking the IP space. By your own
statements, it was only in response to threats against your company. You
were no longer providing DDoS
I know Bryant Townsend (ex staminus employee), Marshal Webb (aka m_nerva,
lulzsec informant) and others from backconnect.net performed a similar BGP
hijacking against staminus earlier this year.
https://bgpstream.com/event/21051
Shortly afterwards, on 10th of march a zine is released leaking the
And here's the final bit. I'd like to think that is 100% conclusive proof
of what happened.
The IP range hijacked by backconnect.net, 72.20.0.0/24 returns interesting
results on google:
https://staminus.thecthulhu.com/zine.txt
## Global allows
ALLOW_MAIN=""
ALLOW_MAIN="$ALLOW_MAIN $R
Hi All,
Does anyone have any experiences with the Huawei NE platform in a service
provider environment they can share? Private message is fine. I am comparing
against Cisco ASR & Juniper MX.
Regards,
Mitchell T. Lewis
mle...@techcompute.net
|203-816-0371
PGP Fingerprint: 79F2A12BAC77
23 matches
Mail list logo
