I believe at one point UBNT did block outside management access, but then their customers voiced to bring it back.
That said, I think they're taking security more seriously going forward. ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com ----- Original Message ----- From: "Brielle Bruns" <br...@2mbit.com> To: nanog@nanog.org Sent: Monday, April 2, 2018 4:20:38 PM Subject: Re: Cloudflare 1.1.1.1 public DNS broken w/ AT&T CPE On 4/2/2018 9:35 AM, Simon Lockhart wrote: > Quite. > > This looks like a willy-waving exercise by Cloudflare coming up with the > lowest > quad-digit IP. They must have known that this would cause routing issues, and > now suddenly it's our responsibility to make significant changes to live > infrastructures just so they can continue to look clever with the IP address. > > Simon I don't see how this is Cloudflare's fault really? Its the responsibility of network maintainers to... well, lets be blunt here, maintain their network. If part of maintaining their network involves updating bogon routes/filters, then that's part of maintaining the network that can't be lapsed. This is like the WISPs blaming Ubiquiti for their failure to update their CPEs and PtP devices for a security flaw that Ubnt released fix for more then a year before (and for not properly securing the management interfaces of their network devices). Or even better, the morons who blocked all of 172.0.0.0/8 even though a good portion of that block is live public IP space. I actually felt really bad for AOL having been assigned IP blocks from that space, since it had to have created customer complaints at times. There's only one person to blame here, and it's not the RIRs or Cloudflare. -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org / http://www.ahbl.org
