Re: [AFMUG] everyone should be blocking SMB ports

[Richard Strittmatter]

We block, have for years and years..

Richard Strittmatter

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Mike Hammett
Sent: Monday, September 19, 2016 11:59 AM
To: af@afmug.com
Subject: Re: [AFMUG] everyone should be blocking SMB ports

Yes, block.


-
Mike Hammett
Intelligent Computing Solutions
[http://www.ics-il.com/images/fbicon.png][http://www.ics-il.com/images/googleicon.png][http://www.ics-il.com/images/linkedinicon.png][http://www.ics-il.com/images/twittericon.png]
Midwest Internet Exchange
[http://www.ics-il.com/images/fbicon.png][http://www.ics-il.com/images/linkedinicon.png][http://www.ics-il.com/images/twittericon.png]
The Brothers WISP
[http://www.ics-il.com/images/fbicon.png][http://www.ics-il.com/images/youtubeicon.png]




From: "That One Guy /sarcasm" 
mailto:thatoneguyst...@gmail.com>>
To: af@afmug.com
Sent: Monday, September 19, 2016 11:57:44 AM
Subject: Re: [AFMUG] everyone should be blocking SMB ports
Whats the WISP consensus on blocking those ports at the edge? also, whats the 
best religion? if Ford or Chevy better? Whats the greatest sports team?

On Mon, Sep 19, 2016 at 11:50 AM, Zach Underwood 
mailto:zunder1...@gmail.com>> wrote:

My work has its own IP address and get upstream from atnt and charter. The smb 
ports are not blocked.

Zach Underwood (RHCE,RHCSA,RHCT,UACA)

http://ZachUnderwood.me

advance-networking.com



On Sep 19, 2016 12:47 PM, "Josh Luthman" 
mailto:j...@imaginenetworksllc.com>> wrote:
Cable/Telco probably.

WISP?  I dunno...


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Mon, Sep 19, 2016 at 12:47 PM, Sean Heskett 
mailto:af...@zirkel.us>> wrote:
i think everyone has been blocking those ports since 1998-ish (or at least you 
should be)

-sean


On Mon, Sep 19, 2016 at 10:22 AM, Zach Underwood 
mailto:zunder1...@gmail.com>> wrote:
This was written from the view point of windows AD setup can affect home users  
too since MS makes people use MS live accounts to log in to windows.

Problem:
Outside servers can get username/domain/password hash. Once a remote server has 
the login info they could connect to VPN, Office365 or an other service that 
using AD domain user info.
See attachment for example. I got the example from a VM with a test account on 
it.

Details:
Microsoft based browsers like IE and Edge can be induced to make a outbound smb 
connection to a remote server. In this connection Microsoft will send over 
username, domain, and password hash. The remote server then can do a decryption 
of the password hash using brute force, password, dictionary and rainbow tables.

Fix:
The fastest way to stop this is to block all of the smb networks ports on the 
edge firewall for incoming and outgoing. The ports are 137-138udp, 
137tcp,139tcp, 445tcp

Sources:
http://www.zdnet.com/article/windows-attack-can-steal-your-username-password-and-other-logins/
Testing site:
https://msleak.perfect-privacy.com/

--
Zach Underwood (RHCE,RHCSA,RHCT,UACA)
My website
advance-networking.com





--
If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.

Re: [AFMUG] OT Being a good citizen

[Daniel White]

This is the right way to do it:



https://en.wikipedia.org/wiki/Panama_Papers



Daniel White



From: Af [mailto:af-boun...@afmug.com] On Behalf Of Josh Luthman
Sent: Monday, September 19, 2016 10:24 AM
To: af@afmug.com
Subject: Re: [AFMUG] OT Being a good citizen



Work with the media?  Are you serious?  The same media that is reporting this 
election?



I think someone spiked your O'Douls.






Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373



On Mon, Sep 19, 2016 at 12:22 PM, Chuck McCown mailto:ch...@wbmfg.com> > wrote:

Perhaps work with the media.  A la deep throat etc.  Have someone with 
experience help vet the leaks and protect vital interests.

I would never leak info that could get someone killed.  I might leak that the 
information has gotten off the reservation.  Perhaps place it in escrow with a 
trusted third party.  New York Times has done this many times over the years.



From: Josh Luthman 

Sent: Monday, September 19, 2016 10:17 AM

To: af@afmug.com 

Subject: Re: [AFMUG] OT Being a good citizen



Differently, how?





Josh Luthman
Office: 937-552-2340 
Direct: 937-552-2343 
1100 Wayne St
Suite 1337
Troy, OH 45373



On Mon, Sep 19, 2016 at 12:16 PM, Chuck McCown mailto:ch...@wbmfg.com> > wrote:

I am in the same boat.  It is good to get bad stuff out in the light.  It is 
better to be loyal to your country.  If you are going to uncover bad things, do 
it differently.



From: Jeff Broadwick - Lists 

Sent: Monday, September 19, 2016 10:05 AM

To: af@afmug.com 

Subject: Re: [AFMUG] OT Being a good citizen



Does it make sense that I hate what he did but I'm kinda glad he did it?

Jeff Broadwick

ConVergence Technologies, Inc.

312-205-2519   Office

574-220-7826   Cell

jbroadw...@converge-tech.com 


On Sep 19, 2016, at 11:57 AM, That One Guy /sarcasm mailto:thatoneguyst...@gmail.com> > wrote:

Down with Snowden



On Sun, Sep 18, 2016 at 6:14 PM, Chuck McCown mailto:ch...@wbmfg.com> > wrote:

Yeah, I think Snowden is getting a whitewash courtesy of hollywood.



From: George Skorup 

Sent: Sunday, September 18, 2016 4:43 PM

To: af@afmug.com 

Subject: Re: [AFMUG] OT Being a good citizen



He signed a contract. If he saw things being done that he believed were against 
the constitution, then he should've went to his superiors and said that he 
cannot carry out his duties since he feels that they are unlawful. Then walked 
out, got a lawyer and said not a fucking thing about anything classified. He 
leaked info that our enemies used against us. He's a traitor, plain and simple. 
Not a hero. He deserves no pardon and no sympathy.

I'm all for whistle blowing, standing up for the rights of the people and the 
spirit of the constitution and all that, but he went about it completely the 
wrong way. And look where it got him. Idiot.

On 9/18/2016 4:29 PM, Ken Hohhof wrote:

Snowden “does not work for a Russian organization, yet is financially secure 
thanks to substantial savings from his years as a well-paid contractor and more 
recently numerous awards and speaking fees from around the world.”  3 years.  
That’s a lot of savings, or he’s eating a lot of ramen noodles.



I guess Vladimir could let him live there for free just to piss off the US.  
And Russia has good hackers of their own (maybe Fancy Bear and Cozy Bear will 
get their own movies), so maybe they haven’t needed any help in the recent 
hacks.  Certainly Assange seems to be in bed with Pootie-Poot.

http://www.thedailybeast.com/articles/2016/08/01/julian-assange-donald-trump-and-vladimir-putin-a-troika-for-our-insane-era.html





From: Jaime Solorza 

Sent: Sunday, September 18, 2016 4:13 PM

To: Animal Farm 

Subject: Re: [AFMUG] OT Being a good citizen



You mean Trumpass, Trumpfuck,  Trumpshit... worse than calling one a chickenshit



On Sep 18, 2016 3:08 PM, "Ken Hohhof" mailto:af...@kwisp.com> 
> wrote:

Pled guilty and spent 9 months in federal prison for selling bongs over the 
Internet.  Unlike a certain person who fled to Russia rather than defend his 
actions in court, but wants a pardon to return.  I thought you had to be 
convicted first to be pardoned, but then I remembered Gerald Ford preemptively 
pardoned Richard Nixon.



Obama might pardon Chong.  Snowden will have to hope for a pardon from 
President Trumputin.





From: Jaime Solorza 

Sent: Sunday, September 18, 2016 3:51 PM

To: Animal Farm 

Subject: Re: [AFMUG] OT Being a good citizen



Cough cough orale. Righteous cause ese



On Sep 18, 2016 2:01 PM, "Chuck McCown" mailto:ch...@wbmfg.com> > wrote:












   

Thank you fo

[AFMUG] Beam me up Scotty...... Quantum Teleportation Moves Out Of Lab As Scientists Achieve Long-Distance Information Transfer Via City Optic Fiber

[Jaime Solorza]

http://www.ibtimes.com/quantum-teleportation-moves-out-lab-scientists-achieve-long-distance-information-2418939

Re: [AFMUG] OT Being a good citizen

[Chuck McCown]

Yep, Snowden never had to expose himself.  But that was probably one of his 
goals.  

From: Daniel White 
Sent: Tuesday, September 20, 2016 6:53 AM
To: af@afmug.com 
Subject: Re: [AFMUG] OT Being a good citizen

This is the right way to do it:

 

https://en.wikipedia.org/wiki/Panama_Papers

 

Daniel White

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Josh Luthman
Sent: Monday, September 19, 2016 10:24 AM
To: af@afmug.com
Subject: Re: [AFMUG] OT Being a good citizen

 

Work with the media?  Are you serious?  The same media that is reporting this 
election?

 

I think someone spiked your O'Douls.




 

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

 

On Mon, Sep 19, 2016 at 12:22 PM, Chuck McCown  wrote:

  Perhaps work with the media.  A la deep throat etc.  Have someone with 
experience help vet the leaks and protect vital interests.  

  I would never leak info that could get someone killed.  I might leak that the 
information has gotten off the reservation.  Perhaps place it in escrow with a 
trusted third party.  New York Times has done this many times over the years.  

   

  From: Josh Luthman 

  Sent: Monday, September 19, 2016 10:17 AM

  To: af@afmug.com 

  Subject: Re: [AFMUG] OT Being a good citizen

   

  Differently, how?

   

   

  Josh Luthman
  Office: 937-552-2340
  Direct: 937-552-2343
  1100 Wayne St
  Suite 1337
  Troy, OH 45373

   

  On Mon, Sep 19, 2016 at 12:16 PM, Chuck McCown  wrote:

I am in the same boat.  It is good to get bad stuff out in the light.  It 
is better to be loyal to your country.  If you are going to uncover bad things, 
do it differently.  

 

From: Jeff Broadwick - Lists 

Sent: Monday, September 19, 2016 10:05 AM

To: af@afmug.com 

Subject: Re: [AFMUG] OT Being a good citizen

 

Does it make sense that I hate what he did but I'm kinda glad he did it?

Jeff Broadwick 

ConVergence Technologies, Inc.

312-205-2519 Office

574-220-7826 Cell

jbroadw...@converge-tech.com


On Sep 19, 2016, at 11:57 AM, That One Guy /sarcasm 
 wrote:

  Down with Snowden

   

  On Sun, Sep 18, 2016 at 6:14 PM, Chuck McCown  wrote:

Yeah, I think Snowden is getting a whitewash courtesy of hollywood.  

 

From: George Skorup 

Sent: Sunday, September 18, 2016 4:43 PM

To: af@afmug.com 

Subject: Re: [AFMUG] OT Being a good citizen

 

He signed a contract. If he saw things being done that he believed were 
against the constitution, then he should've went to his superiors and said that 
he cannot carry out his duties since he feels that they are unlawful. Then 
walked out, got a lawyer and said not a fucking thing about anything 
classified. He leaked info that our enemies used against us. He's a traitor, 
plain and simple. Not a hero. He deserves no pardon and no sympathy.

I'm all for whistle blowing, standing up for the rights of the people 
and the spirit of the constitution and all that, but he went about it 
completely the wrong way. And look where it got him. Idiot.

On 9/18/2016 4:29 PM, Ken Hohhof wrote:

  Snowden “does not work for a Russian organization, yet is financially 
secure thanks to substantial savings from his years as a well-paid contractor 
and more recently numerous awards and speaking fees from around the world.”  3 
years.  That’s a lot of savings, or he’s eating a lot of ramen noodles.

   

  I guess Vladimir could let him live there for free just to piss off 
the US.  And Russia has good hackers of their own (maybe Fancy Bear and Cozy 
Bear will get their own movies), so maybe they haven’t needed any help in the 
recent hacks.  Certainly Assange seems to be in bed with Pootie-Poot.

  
http://www.thedailybeast.com/articles/2016/08/01/julian-assange-donald-trump-and-vladimir-putin-a-troika-for-our-insane-era.html

   

   

  From: Jaime Solorza 

  Sent: Sunday, September 18, 2016 4:13 PM

  To: Animal Farm 

  Subject: Re: [AFMUG] OT Being a good citizen

   

  You mean Trumpass, Trumpfuck,  Trumpshit... worse than calling one a 
chickenshit

   

  On Sep 18, 2016 3:08 PM, "Ken Hohhof"  wrote:

Pled guilty and spent 9 months in federal prison for selling bongs 
over the Internet.  Unlike a certain person who fled to Russia rather than 
defend his actions in court, but wants a pardon to return.  I thought you had 
to be convicted first to be pardoned, but then I remembered Gerald Ford 
preemptively pardoned Richard Nixon.

 

Obama might pardon Chong.  Snowden will have to hope for a pardon 
from President Trumputin.

 

 

From: Jaime Solorza 

Sent: Sunday, September 18, 2016 3:51 PM

To: Animal Farm 

Subject: Re: [

Re: [AFMUG] CDN Overload

[Jim Bouse [Brazos WiFi]]

I’ve seen it the most from Limelight.  Don’t know what they are cramming down 
my user’s throats but I suspect it is either Microsoft or Apple.

Jim Bouse
Owner
Mobile IT Pro - Brazos WiFi
979-985-5912
j...@brazoswifi.com

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Mike Hammett
Sent: Monday, September 19, 2016 10:29 PM
To: af@afmug.com
Subject: Re: [AFMUG] CDN Overload

Gather evidence, attempt to work cooperatively, then name and shame if 
necessary. But yes, that's close to my intention. If you do your homework 
properly, the greater networking community is very powerful and will back you. 
Those companies are largely ones that will work with you. Forget Amazon, Sony, 
etc. though.

I've heard from people seeing this with Microsoft, Akamai, Limelight and Apple.


-
Mike Hammett
Intelligent Computing Solutions
[http://www.ics-il.com/images/fbicon.png][http://www.ics-il.com/images/googleicon.png][http://www.ics-il.com/images/linkedinicon.png][http://www.ics-il.com/images/twittericon.png]
Midwest Internet Exchange
[http://www.ics-il.com/images/fbicon.png][http://www.ics-il.com/images/linkedinicon.png][http://www.ics-il.com/images/twittericon.png]
The Brothers WISP
[http://www.ics-il.com/images/fbicon.png][http://www.ics-il.com/images/youtubeicon.png]




From: "That One Guy /sarcasm" 
mailto:thatoneguyst...@gmail.com>>
To: af@afmug.com
Sent: Monday, September 19, 2016 10:16:26 PM
Subject: Re: [AFMUG] CDN Overload

Did you just indicate  an intention to get a cdn to alter a corporate policy? I 
have a huge satchel, I mean it could probably hold a couple bowling balls, 
reality only fills it with a couple small pecans. Does it hurt?

On Sep 19, 2016 9:43 PM, "Mike Hammett" 
mailto:af...@ics-il.net>> wrote:
Have you seen a CDN overloading a customer? Help me gather information on the 
issue.

What CDN?
What have you identified the traffic to be?
What is the access network?
Where is the rate limiting done?
How is the rate limiting done (policing vs. queueing, SFQ, PFIFO, etc,, etc.)?
What is doing the rate limiting?
What is the rate-limit set to?
Upstream of the rate-limiter, what are you seeing for inbound traffic?
One connection or many?
How much traffic?
How does other traffic behave when exceeding the rate limit?
Where is NAT performed?
What is doing NAT?
Shared NAT or isolated to that customer?
Have you done a packet capture before and after the rate limiter? The NAT 
device?
Would you be willing to send a filtered packet capture (only the frames that 
relate to this CDN) to the CDN if they want it?



There have been reports of CDNs sending more traffic than the customer can 
handle and ignores TCP convention to slow down. Trying to investigate this 
thoroughly so we can get the CDN to fix their system. Multiple CDNs have been 
shown to do this.


-
Mike Hammett
Intelligent Computing Solutions
[http://www.ics-il.com/images/fbicon.png][http://www.ics-il.com/images/googleicon.png][http://www.ics-il.com/images/linkedinicon.png][http://www.ics-il.com/images/twittericon.png]
Midwest Internet Exchange
[http://www.ics-il.com/images/fbicon.png][http://www.ics-il.com/images/linkedinicon.png][http://www.ics-il.com/images/twittericon.png]
The Brothers WISP
[http://www.ics-il.com/images/fbicon.png][http://www.ics-il.com/images/youtubeicon.png]

Re: [AFMUG] CDN Overload

[Mike Hammett]

Can you address the questions I posed in the initial e-mail? 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "Jim Bouse [Brazos WiFi]"  
To: af@afmug.com 
Sent: Tuesday, September 20, 2016 8:58:12 AM 
Subject: Re: [AFMUG] CDN Overload 



I’ve seen it the most from Limelight. Don’t know what they are cramming down my 
user’s throats but I suspect it is either Microsoft or Apple. 


Jim Bouse 
Owner 
Mobile IT Pro - Brazos WiFi 
979-985-5912 
j...@brazoswifi.com 



From: Af [mailto:af-boun...@afmug.com] On Behalf Of Mike Hammett 
Sent: Monday, September 19, 2016 10:29 PM 
To: af@afmug.com 
Subject: Re: [AFMUG] CDN Overload 


Gather evidence, attempt to work cooperatively, then name and shame if 
necessary. But yes, that's close to my intention. If you do your homework 
properly, the greater networking community is very powerful and will back you. 
Those companies are largely ones that will work with you. Forget Amazon, Sony, 
etc. though. 

I've heard from people seeing this with Microsoft, Akamai, Limelight and Apple. 



- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -


From: "That One Guy /sarcasm" < thatoneguyst...@gmail.com > 
To: af@afmug.com 
Sent: Monday, September 19, 2016 10:16:26 PM 
Subject: Re: [AFMUG] CDN Overload 
Did you just indicate an intention to get a cdn to alter a corporate policy? I 
have a huge satchel, I mean it could probably hold a couple bowling balls, 
reality only fills it with a couple small pecans. Does it hurt? 



On Sep 19, 2016 9:43 PM, "Mike Hammett" < af...@ics-il.net > wrote: 




Have you seen a CDN overloading a customer? Help me gather information on the 
issue. 

What CDN? 
What have you identified the traffic to be? 
What is the access network? 
Where is the rate limiting done? 
How is the rate limiting done (policing vs. queueing, SFQ, PFIFO, etc,, etc.)? 
What is doing the rate limiting? 
What is the rate-limit set to? 
Upstream of the rate-limiter, what are you seeing for inbound traffic? 
One connection or many? 
How much traffic? 
How does other traffic behave when exceeding the rate limit? 
Where is NAT performed? 
What is doing NAT? 
Shared NAT or isolated to that customer? 
Have you done a packet capture before and after the rate limiter? The NAT 
device? 
Would you be willing to send a filtered packet capture (only the frames that 
relate to this CDN) to the CDN if they want it? 



There have been reports of CDNs sending more traffic than the customer can 
handle and ignores TCP convention to slow down. Trying to investigate this 
thoroughly so we can get the CDN to fix their system. Multiple CDNs have been 
shown to do this. 



- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

Re: [AFMUG] everyone should be blocking SMB ports

[Lewis Bergman]

I am a firm believer in the stance that as your ISP, I am not your mommy.
We did no filtering or firewalling for our customers. The only exception
being the blocking of certain traffic that had no business being on the
open Internet. This is one of those things.

On Tue, Sep 20, 2016, 7:21 AM Richard Strittmatter  wrote:

> We block, have for years and years..
>
>
>
> Richard Strittmatter
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Mike Hammett
> *Sent:* Monday, September 19, 2016 11:59 AM
>
>
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] everyone should be blocking SMB ports
>
>
>
> Yes, block.
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions 
> 
> 
> 
> 
> Midwest Internet Exchange 
> 
> 
> 
> The Brothers WISP 
> 
>
>
> 
> --
>
> *From: *"That One Guy /sarcasm" 
> *To: *af@afmug.com
> *Sent: *Monday, September 19, 2016 11:57:44 AM
>
>
> *Subject: *Re: [AFMUG] everyone should be blocking SMB ports
>
> Whats the WISP consensus on blocking those ports at the edge? also, whats
> the best religion? if Ford or Chevy better? Whats the greatest sports team?
>
>
>
> On Mon, Sep 19, 2016 at 11:50 AM, Zach Underwood 
> wrote:
>
> My work has its own IP address and get upstream from atnt and charter. The
> smb ports are not blocked.
>
> Zach Underwood (RHCE,RHCSA,RHCT,UACA)
>
> http://ZachUnderwood.me
>
> advance-networking.com
>
>
>
>
>
> On Sep 19, 2016 12:47 PM, "Josh Luthman" 
> wrote:
>
> Cable/Telco probably.
>
>
> WISP?  I dunno...
>
>
>
>
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
>
>
>
> On Mon, Sep 19, 2016 at 12:47 PM, Sean Heskett  wrote:
>
> i think everyone has been blocking those ports since 1998-ish (or at least
> you should be)
>
>
>
> -sean
>
>
>
>
>
> On Mon, Sep 19, 2016 at 10:22 AM, Zach Underwood 
> wrote:
>
> This was written from the view point of windows AD setup can affect home
> users  too since MS makes people use MS live accounts to log in to windows.
>
>
>
> *Problem:*
>
> Outside servers can get username/domain/password hash. Once a remote
> server has the login info they could connect to VPN, Office365 or an other
> service that using AD domain user info.
>
> See attachment for example. I got the example from a VM with a test
> account on it.
>
>
> *Details:*
>
> Microsoft based browsers like IE and Edge can be induced to make a
> outbound smb connection to a remote server. In this connection Microsoft
> will send over username, domain, and password hash. The remote server then
> can do a decryption of the password hash using brute force, password,
> dictionary and rainbow tables.
>
>
>
> *Fix:*
>
> The fastest way to stop this is to block all of the smb networks ports on
> the edge firewall for incoming and outgoing. The ports are 137-138udp,
> 137tcp,139tcp, 445tcp
>
>
>
> *Sources:*
>
>
> http://www.zdnet.com/article/windows-attack-can-steal-your-username-password-and-other-logins/
>
> *Testing site*:
>
> https://msleak.perfect-privacy.com/
>
>
>
> --
>
> Zach Underwood (RHCE,RHCSA,RHCT,UACA)
>
> My website 
>
> advance-networking.com
>
>
>
>
>
>
>
>
>
> --
>
> If you only see yourself as part of the team but you don't see your team
> as part of yourself you have already failed as part of the team.
>

Re: [AFMUG] everyone should be blocking SMB ports

[Jon Bruce]

+1

On 9/20/2016 10:01 AM, Lewis Bergman wrote:


I am a firm believer in the stance that as your ISP, I am not your 
mommy. We did no filtering or firewalling for our customers. The only 
exception being the blocking of certain traffic that had no business 
being on the open Internet. This is one of those things.



On Tue, Sep 20, 2016, 7:21 AM Richard Strittmatter > wrote:


We block, have for years and years..

Richard Strittmatter

*From:*Af [mailto:af-boun...@afmug.com
] *On Behalf Of *Mike Hammett
*Sent:* Monday, September 19, 2016 11:59 AM


*To:* af@afmug.com 
*Subject:* Re: [AFMUG] everyone should be blocking SMB ports

Yes, block.



-
Mike Hammett
Intelligent Computing Solutions 


Midwest Internet Exchange 


The Brothers WISP 







*From: *"That One Guy /sarcasm" mailto:thatoneguyst...@gmail.com>>
*To: *af@afmug.com 
*Sent: *Monday, September 19, 2016 11:57:44 AM


*Subject: *Re: [AFMUG] everyone should be blocking SMB ports

Whats the WISP consensus on blocking those ports at the edge?
also, whats the best religion? if Ford or Chevy better? Whats the
greatest sports team?

On Mon, Sep 19, 2016 at 11:50 AM, Zach Underwood
mailto:zunder1...@gmail.com>> wrote:

My work has its own IP address and get upstream from atnt and
charter. The smb ports are not blocked.

Zach Underwood (RHCE,RHCSA,RHCT,UACA)

http://ZachUnderwood.me

advance-networking.com 

On Sep 19, 2016 12:47 PM, "Josh Luthman"
mailto:j...@imaginenetworksllc.com>> wrote:

Cable/Telco probably.


WISP?  I dunno...


Josh Luthman
Office: 937-552-2340 
Direct: 937-552-2343 
1100 Wayne St
Suite 1337
Troy, OH 45373

On Mon, Sep 19, 2016 at 12:47 PM, Sean Heskett
mailto:af...@zirkel.us>> wrote:

i think everyone has been blocking those ports since
1998-ish (or at least you should be)

-sean

On Mon, Sep 19, 2016 at 10:22 AM, Zach Underwood
mailto:zunder1...@gmail.com>>
wrote:

This was written from the view point of windows AD
setup can affect home users  too since MS makes
people use MS live accounts to log in to windows.

**

*Problem:*

Outside servers can get username/domain/password
hash. Once a remote server has the login info they
could connect to VPN, Office365 or an other
service that using AD domain user info.

See attachment for example. I got the example from
a VM with a test account on it.


*Details:*

Microsoft based browsers like IE and Edge can be
induced to make a outbound smb connection to a
remote server. In this connection Microsoft will
send over username, domain, and password hash. The
remote server then can do a decryption of the
password hash using brute force, password,
dictionary and rainbow tables.

*Fix:*

The fastest way to stop this is to block all of
the smb networks ports on the edge firewall for
incoming and outgoing. The ports are 137-138udp,
137tcp,139tcp, 445tcp

*Sources:*


http://www.zdnet.com/article/windows-attack-can-steal-your-username-password-and-other-logins/

*Testing site*:

https://msleak.perfect-privacy.com/

-- 


Zach Underwood (RHCE,RHCSA,RHCT,UACA)

My website 

advance-networking.com 



-- 


If you only see yourself as part of the team but you don't see
your team as part of yourself you have already failed as part of
the 

Re: [AFMUG] Cogent...

[Seth Mattinen]

On 9/19/16 6:12 PM, Mike Hammett wrote:

Charter doesn't have communities you could use to no-export Cogent?



Oh probably, but we're dropping Charter anyway in a couple months.

~Seth

Re: [AFMUG] everyone should be blocking SMB ports

[Dave]

+1


On 09/20/2016 09:12 AM, Jon Bruce wrote:

+1

On 9/20/2016 10:01 AM, Lewis Bergman wrote:


I am a firm believer in the stance that as your ISP, I am not your 
mommy. We did no filtering or firewalling for our customers. The only 
exception being the blocking of certain traffic that had no business 
being on the open Internet. This is one of those things.



On Tue, Sep 20, 2016, 7:21 AM Richard Strittmatter > wrote:


We block, have for years and years..

Richard Strittmatter

*From:*Af [mailto:af-boun...@afmug.com
] *On Behalf Of *Mike Hammett
*Sent:* Monday, September 19, 2016 11:59 AM


*To:* af@afmug.com 
*Subject:* Re: [AFMUG] everyone should be blocking SMB ports

Yes, block.



-
Mike Hammett
Intelligent Computing Solutions 


Midwest Internet Exchange 


The Brothers WISP 







*From: *"That One Guy /sarcasm" mailto:thatoneguyst...@gmail.com>>
*To: *af@afmug.com 
*Sent: *Monday, September 19, 2016 11:57:44 AM


*Subject: *Re: [AFMUG] everyone should be blocking SMB ports

Whats the WISP consensus on blocking those ports at the edge?
also, whats the best religion? if Ford or Chevy better? Whats the
greatest sports team?

On Mon, Sep 19, 2016 at 11:50 AM, Zach Underwood
mailto:zunder1...@gmail.com>> wrote:

My work has its own IP address and get upstream from atnt and
charter. The smb ports are not blocked.

Zach Underwood (RHCE,RHCSA,RHCT,UACA)

http://ZachUnderwood.me

advance-networking.com 

On Sep 19, 2016 12:47 PM, "Josh Luthman"
mailto:j...@imaginenetworksllc.com>> wrote:

Cable/Telco probably.


WISP?  I dunno...


Josh Luthman
Office: 937-552-2340 
Direct: 937-552-2343 
1100 Wayne St
Suite 1337
Troy, OH 45373

On Mon, Sep 19, 2016 at 12:47 PM, Sean Heskett
mailto:af...@zirkel.us>> wrote:

i think everyone has been blocking those ports since
1998-ish (or at least you should be)

-sean

On Mon, Sep 19, 2016 at 10:22 AM, Zach Underwood
mailto:zunder1...@gmail.com>>
wrote:

This was written from the view point of windows
AD setup can affect home users  too since MS
makes people use MS live accounts to log in to
windows.

**

*Problem:*

Outside servers can get username/domain/password
hash. Once a remote server has the login info
they could connect to VPN, Office365 or an other
service that using AD domain user info.

See attachment for example. I got the example
from a VM with a test account on it.


*Details:*

Microsoft based browsers like IE and Edge can be
induced to make a outbound smb connection to a
remote server. In this connection Microsoft will
send over username, domain, and password hash.
The remote server then can do a decryption of the
password hash using brute force, password,
dictionary and rainbow tables.

*Fix:*

The fastest way to stop this is to block all of
the smb networks ports on the edge firewall for
incoming and outgoing. The ports are 137-138udp,
137tcp,139tcp, 445tcp

*Sources:*


http://www.zdnet.com/article/windows-attack-can-steal-your-username-password-and-other-logins/

*Testing site*:

https://msleak.perfect-privacy.com/

-- 


Zach Underwood (RHCE,RHCSA,RHCT,UACA)

My website 

advance-networking.com




-- 


If you only see yourself as part of the team but you 

Re: [AFMUG] everyone should be blocking SMB ports

[Stefan Englhardt]

We say our customers: You get free unblocked access. So we dont block.

If we see a problem we block and notify the customer.





Von: Af [mailto:af-boun...@afmug.com] Im Auftrag von Dave
Gesendet: Dienstag, 20. September 2016 16:21
An: af@afmug.com
Betreff: Re: [AFMUG] everyone should be blocking SMB ports



+1



On 09/20/2016 09:12 AM, Jon Bruce wrote:

+1

On 9/20/2016 10:01 AM, Lewis Bergman wrote:

I am a firm believer in the stance that as your ISP, I am not your mommy. We 
did no filtering or firewalling for our customers. The only exception being the 
blocking of certain traffic that had no business being on the open Internet. 
This is one of those things.



On Tue, Sep 20, 2016, 7:21 AM Richard Strittmatter mailto:rich...@mesh.net> > wrote:

We block, have for years and years..



Richard Strittmatter



From: Af [mailto:af-boun...@afmug.com  ] On Behalf 
Of Mike Hammett
Sent: Monday, September 19, 2016 11:59 AM


To: af@afmug.com 
Subject: Re: [AFMUG] everyone should be blocking SMB ports



Yes, block.



-
Mike Hammett
  Intelligent Computing Solutions
   
  
  

  Midwest Internet Exchange
   
  

  The Brothers WISP
   






  _


From: "That One Guy /sarcasm" mailto:thatoneguyst...@gmail.com> >
To: af@afmug.com 
Sent: Monday, September 19, 2016 11:57:44 AM


Subject: Re: [AFMUG] everyone should be blocking SMB ports

Whats the WISP consensus on blocking those ports at the edge? also, whats the 
best religion? if Ford or Chevy better? Whats the greatest sports team?



On Mon, Sep 19, 2016 at 11:50 AM, Zach Underwood mailto:zunder1...@gmail.com> > wrote:

My work has its own IP address and get upstream from atnt and charter. The smb 
ports are not blocked.

Zach Underwood (RHCE,RHCSA,RHCT,UACA)

http://ZachUnderwood.me

advance-networking.com 





On Sep 19, 2016 12:47 PM, "Josh Luthman" mailto:j...@imaginenetworksllc.com> > wrote:

Cable/Telco probably.


WISP?  I dunno...






Josh Luthman
Office: 937-552-2340 
Direct: 937-552-2343 
1100 Wayne St
Suite 1337
Troy, OH 45373



On Mon, Sep 19, 2016 at 12:47 PM, Sean Heskett mailto:af...@zirkel.us> > wrote:

i think everyone has been blocking those ports since 1998-ish (or at least you 
should be)



-sean





On Mon, Sep 19, 2016 at 10:22 AM, Zach Underwood mailto:zunder1...@gmail.com> > wrote:

This was written from the view point of windows AD setup can affect home users  
too since MS makes people use MS live accounts to log in to windows.



Problem:

Outside servers can get username/domain/password hash. Once a remote server has 
the login info they could connect to VPN, Office365 or an other service that 
using AD domain user info.

See attachment for example. I got the example from a VM with a test account on 
it.




Details:

Microsoft based browsers like IE and Edge can be induced to make a outbound smb 
connection to a remote server. In this connection Microsoft will send over 
username, domain, and password hash. The remote server then can do a decryption 
of the password hash using brute force, password, dictionary and rainbow tables.



Fix:

The fastest way to stop this is to block all of the smb networks ports on the 
edge firewall for incoming and outgoing. The ports are 137-138udp, 
137tcp,139tcp, 445tcp



Sources:

http://www.zdnet.com/article/windows-attack-can-steal-your-username-password-and-other-logins/

Testing site:

https://msleak.perfect-privacy.com/



--

Zach Underwood (RHCE,RHCSA,RHCT,UACA)

My website 

advance-networking.com 











--

If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.





--

Re: [AFMUG] OT Being a good citizen

[Josh Reynolds]

Sadly those started being ignored the 2nd day of their release.

Snowden became a national discussion. The panama papers ended up being a
minor footnote.

On Sep 20, 2016 8:07 AM, "Chuck McCown"  wrote:

> Yep, Snowden never had to expose himself.  But that was probably one of
> his goals.
>
> *From:* Daniel White 
> *Sent:* Tuesday, September 20, 2016 6:53 AM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] OT Being a good citizen
>
>
> This is the right way to do it:
>
>
>
> https://en.wikipedia.org/wiki/Panama_Papers
>
>
>
> Daniel White
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Josh Luthman
> *Sent:* Monday, September 19, 2016 10:24 AM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] OT Being a good citizen
>
>
>
> Work with the media?  Are you serious?  The same media that is reporting
> this election?
>
>
>
> I think someone spiked your O'Douls.
>
>
>
>
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
>
>
>
> On Mon, Sep 19, 2016 at 12:22 PM, Chuck McCown  wrote:
>
> Perhaps work with the media.  A la deep throat etc.  Have someone with
> experience help vet the leaks and protect vital interests.
>
> I would never leak info that could get someone killed.  I might leak that
> the information has gotten off the reservation.  Perhaps place it in escrow
> with a trusted third party.  New York Times has done this many times over
> the years.
>
>
>
> *From:* Josh Luthman 
>
> *Sent:* Monday, September 19, 2016 10:17 AM
>
> *To:* af@afmug.com
>
> *Subject:* Re: [AFMUG] OT Being a good citizen
>
>
>
> Differently, how?
>
>
>
>
>
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
>
>
>
> On Mon, Sep 19, 2016 at 12:16 PM, Chuck McCown  wrote:
>
> I am in the same boat.  It is good to get bad stuff out in the light.  It
> is better to be loyal to your country.  If you are going to uncover bad
> things, do it differently.
>
>
>
> *From:* Jeff Broadwick - Lists 
>
> *Sent:* Monday, September 19, 2016 10:05 AM
>
> *To:* af@afmug.com
>
> *Subject:* Re: [AFMUG] OT Being a good citizen
>
>
>
> Does it make sense that I hate what he did but I'm kinda glad he did it?
>
> Jeff Broadwick
>
> ConVergence Technologies, Inc.
>
> 312-205-2519 Office
>
> 574-220-7826 Cell
>
> jbroadw...@converge-tech.com
>
>
> On Sep 19, 2016, at 11:57 AM, That One Guy /sarcasm <
> thatoneguyst...@gmail.com> wrote:
>
> Down with Snowden
>
>
>
> On Sun, Sep 18, 2016 at 6:14 PM, Chuck McCown  wrote:
>
> Yeah, I think Snowden is getting a whitewash courtesy of hollywood.
>
>
>
> *From:* George Skorup 
>
> *Sent:* Sunday, September 18, 2016 4:43 PM
>
> *To:* af@afmug.com
>
> *Subject:* Re: [AFMUG] OT Being a good citizen
>
>
>
> He signed a contract. If he saw things being done that he believed were
> against the constitution, then he should've went to his superiors and said
> that he cannot carry out his duties since he feels that they are unlawful.
> Then walked out, got a lawyer and said not a fucking thing about anything
> classified. He leaked info that our enemies used against us. He's a
> traitor, plain and simple. Not a hero. He deserves no pardon and no
> sympathy.
>
> I'm all for whistle blowing, standing up for the rights of the people and
> the spirit of the constitution and all that, but he went about it
> completely the wrong way. And look where it got him. Idiot.
>
> On 9/18/2016 4:29 PM, Ken Hohhof wrote:
>
> Snowden “does not work for a Russian organization, yet is financially
> secure thanks to substantial savings from his years as a well-paid
> contractor and more recently numerous awards and speaking fees from around
> the world.”  3 years.  That’s a lot of savings, or he’s eating a lot of
> ramen noodles.
>
>
>
> I guess Vladimir could let him live there for free just to piss off the
> US.  And Russia has good hackers of their own (maybe Fancy Bear and Cozy
> Bear will get their own movies), so maybe they haven’t needed any help in
> the recent hacks.  Certainly Assange seems to be in bed with Pootie-Poot.
>
> http://www.thedailybeast.com/articles/2016/08/01/julian-
> assange-donald-trump-and-vladimir-putin-a-troika-for-our-insane-era.html
>
>
>
>
>
> *From:* Jaime Solorza 
>
> *Sent:* Sunday, September 18, 2016 4:13 PM
>
> *To:* Animal Farm 
>
> *Subject:* Re: [AFMUG] OT Being a good citizen
>
>
>
> You mean Trumpass, Trumpfuck,  Trumpshit... worse than calling one a
> chickenshit
>
>
>
> On Sep 18, 2016 3:08 PM, "Ken Hohhof"  wrote:
>
> Pled guilty and spent 9 months in federal prison for selling bongs over
> the Internet.  Unlike a certain person who fled to Russia rather than
> defend his actions in court, but wants a pardon to return.  I thought you
> had to be convicted first to be pardoned, but then I remembered Gerald Ford
> preemptively pardoned Richard Nixon.
>
>
>
> Obama might pardon Chong.  Snowden will have to hope for a pardon from
> President Trumputin.
>
>
>
>
>
> *From:* Jaime Sol

Re: [AFMUG] Cogent...

[Sam Lambie]

Is Cogent still down or limping along?


On Tue, Sep 20, 2016 at 8:17 AM, Seth Mattinen  wrote:

> On 9/19/16 6:12 PM, Mike Hammett wrote:
>
>> Charter doesn't have communities you could use to no-export Cogent?
>>
>
>
> Oh probably, but we're dropping Charter anyway in a couple months.
>
> ~Seth
>



-- 
-- 
*Sam Lambie*
Taosnet Wireless Tech.
575-758-7598 Office
www.Taosnet.com 

Re: [AFMUG] everyone should be blocking SMB ports

[Ken Hohhof]

I agree with what Lewis said.  Ports 135-139 and 445 are well known ports 
assigned to Windows networking and have no business being on the open Internet.

There should be a strong presumption that outbound traffic on these ports is 
malicious traffic from a worm like Blaster trying to propagate over the 
Internet.  Best case, a customer has misconfigured something to send LAN 
traffic over a WAN connection.

There are many pros and zero cons to blocking this traffic.  Do not get hung up 
on the word “blocked”.  This is not a Net Neutrality issue.  NetBIOS/SMB is LAN 
traffic not WAN traffic, if someone needs it to go site-to-site, then it should 
be inside something like a VPN.


From: Stefan Englhardt 
Sent: Tuesday, September 20, 2016 9:26 AM
To: af@afmug.com 
Subject: Re: [AFMUG] everyone should be blocking SMB ports

We say our customers: You get free unblocked access. So we dont block.

If we see a problem we block and notify the customer.

 

 

Von: Af [mailto:af-boun...@afmug.com] Im Auftrag von Dave
Gesendet: Dienstag, 20. September 2016 16:21
An: af@afmug.com
Betreff: Re: [AFMUG] everyone should be blocking SMB ports

 

+1

 

On 09/20/2016 09:12 AM, Jon Bruce wrote:

  +1

  On 9/20/2016 10:01 AM, Lewis Bergman wrote:

I am a firm believer in the stance that as your ISP, I am not your mommy. 
We did no filtering or firewalling for our customers. The only exception being 
the blocking of certain traffic that had no business being on the open 
Internet. This is one of those things.

 

On Tue, Sep 20, 2016, 7:21 AM Richard Strittmatter  wrote:

  We block, have for years and years..

   

  Richard Strittmatter

   

  From: Af [mailto:af-boun...@afmug.com] On Behalf Of Mike Hammett
  Sent: Monday, September 19, 2016 11:59 AM


  To: af@afmug.com
  Subject: Re: [AFMUG] everyone should be blocking SMB ports

   

  Yes, block.



  -
  Mike Hammett
  Intelligent Computing Solutions

  Midwest Internet Exchange

  The Brothers WISP






--

  From: "That One Guy /sarcasm" 
  To: af@afmug.com
  Sent: Monday, September 19, 2016 11:57:44 AM


  Subject: Re: [AFMUG] everyone should be blocking SMB ports

  Whats the WISP consensus on blocking those ports at the edge? also, whats 
the best religion? if Ford or Chevy better? Whats the greatest sports team?

   

  On Mon, Sep 19, 2016 at 11:50 AM, Zach Underwood  
wrote:

My work has its own IP address and get upstream from atnt and charter. 
The smb ports are not blocked.

Zach Underwood (RHCE,RHCSA,RHCT,UACA)

http://ZachUnderwood.me

advance-networking.com



 

On Sep 19, 2016 12:47 PM, "Josh Luthman"  
wrote:

  Cable/Telco probably.


  WISP?  I dunno...




   

  Josh Luthman
  Office: 937-552-2340
  Direct: 937-552-2343
  1100 Wayne St
  Suite 1337
  Troy, OH 45373

   

  On Mon, Sep 19, 2016 at 12:47 PM, Sean Heskett  
wrote:

i think everyone has been blocking those ports since 1998-ish (or 
at least you should be)

 

-sean

 

 

On Mon, Sep 19, 2016 at 10:22 AM, Zach Underwood 
 wrote:

  This was written from the view point of windows AD setup can 
affect home users  too since MS makes people use MS live accounts to log in to 
windows.

   

  Problem:

  Outside servers can get username/domain/password hash. Once a 
remote server has the login info they could connect to VPN, Office365 or an 
other service that using AD domain user info.

  See attachment for example. I got the example from a VM with a 
test account on it.




  Details:

  Microsoft based browsers like IE and Edge can be induced to make 
a outbound smb connection to a remote server. In this connection Microsoft will 
send over username, domain, and password hash. The remote server then can do a 
decryption of the password hash using brute force, password, dictionary and 
rainbow tables.  

   

  Fix:

  The fastest way to stop this is to block all of the smb networks 
ports on the edge firewall for incoming and outgoing. The ports are 137-138udp, 
137tcp,139tcp, 445tcp

   

  Sources:

  
http://www.zdnet.com/article/windows-attack-can-steal-your-username-password-and-other-logins/

  Testing site:

  https://msleak.perfect-privacy.com/

   

  -- 

  Zach Underwood (RHCE,RHCSA,RHCT,UACA)

  My website

  advance-networking.com

 

   





   

  -- 

  If you only see yourself as part of the team but you don't

Re: [AFMUG] OT Being a good citizen

[Daniel White]

Maybe in North America.  Remember they have yet to release anything about stuff 
in the US.



I guarantee the Panama Papers are still being discussed in countries like 
Iceland.



Daniel White



From: Af [mailto:af-boun...@afmug.com] On Behalf Of Josh Reynolds
Sent: Tuesday, September 20, 2016 9:41 AM
To: af@afmug.com
Subject: Re: [AFMUG] OT Being a good citizen



Sadly those started being ignored the 2nd day of their release.

Snowden became a national discussion. The panama papers ended up being a minor 
footnote.



On Sep 20, 2016 8:07 AM, "Chuck McCown" mailto:ch...@wbmfg.com> > wrote:

Yep, Snowden never had to expose himself.  But that was probably one of his 
goals.



From: Daniel White 

Sent: Tuesday, September 20, 2016 6:53 AM

To: af@afmug.com 

Subject: Re: [AFMUG] OT Being a good citizen



This is the right way to do it:



https://en.wikipedia.org/wiki/Panama_Papers



Daniel White



From: Af [mailto:af-boun...@afmug.com  ] On Behalf 
Of Josh Luthman
Sent: Monday, September 19, 2016 10:24 AM
To: af@afmug.com 
Subject: Re: [AFMUG] OT Being a good citizen



Work with the media?  Are you serious?  The same media that is reporting this 
election?



I think someone spiked your O'Douls.






Josh Luthman
Office: 937-552-2340 
Direct: 937-552-2343 
1100 Wayne St
Suite 1337
Troy, OH 45373



On Mon, Sep 19, 2016 at 12:22 PM, Chuck McCown mailto:ch...@wbmfg.com> > wrote:

Perhaps work with the media.  A la deep throat etc.  Have someone with 
experience help vet the leaks and protect vital interests.

I would never leak info that could get someone killed.  I might leak that the 
information has gotten off the reservation.  Perhaps place it in escrow with a 
trusted third party.  New York Times has done this many times over the years.



From: Josh Luthman 

Sent: Monday, September 19, 2016 10:17 AM

To: af@afmug.com 

Subject: Re: [AFMUG] OT Being a good citizen



Differently, how?





Josh Luthman
Office: 937-552-2340 
Direct: 937-552-2343 
1100 Wayne St
Suite 1337
Troy, OH 45373



On Mon, Sep 19, 2016 at 12:16 PM, Chuck McCown mailto:ch...@wbmfg.com> > wrote:

I am in the same boat.  It is good to get bad stuff out in the light.  It is 
better to be loyal to your country.  If you are going to uncover bad things, do 
it differently.



From: Jeff Broadwick - Lists 

Sent: Monday, September 19, 2016 10:05 AM

To: af@afmug.com 

Subject: Re: [AFMUG] OT Being a good citizen



Does it make sense that I hate what he did but I'm kinda glad he did it?

Jeff Broadwick

ConVergence Technologies, Inc.

312-205-2519   Office

574-220-7826   Cell

jbroadw...@converge-tech.com 


On Sep 19, 2016, at 11:57 AM, That One Guy /sarcasm mailto:thatoneguyst...@gmail.com> > wrote:

Down with Snowden



On Sun, Sep 18, 2016 at 6:14 PM, Chuck McCown mailto:ch...@wbmfg.com> > wrote:

Yeah, I think Snowden is getting a whitewash courtesy of hollywood.



From: George Skorup 

Sent: Sunday, September 18, 2016 4:43 PM

To: af@afmug.com 

Subject: Re: [AFMUG] OT Being a good citizen



He signed a contract. If he saw things being done that he believed were against 
the constitution, then he should've went to his superiors and said that he 
cannot carry out his duties since he feels that they are unlawful. Then walked 
out, got a lawyer and said not a fucking thing about anything classified. He 
leaked info that our enemies used against us. He's a traitor, plain and simple. 
Not a hero. He deserves no pardon and no sympathy.

I'm all for whistle blowing, standing up for the rights of the people and the 
spirit of the constitution and all that, but he went about it completely the 
wrong way. And look where it got him. Idiot.

On 9/18/2016 4:29 PM, Ken Hohhof wrote:

Snowden “does not work for a Russian organization, yet is financially secure 
thanks to substantial savings from his years as a well-paid contractor and more 
recently numerous awards and speaking fees from around the world.”  3 years.  
That’s a lot of savings, or he’s eating a lot of ramen noodles.



I guess Vladimir could let him live there for free just to piss off the US.  
And Russia has good hackers of their own (maybe Fancy Bear and Cozy Bear will 
get their own movies), so maybe they haven’t needed any help in the recent 
hacks.  Certainly Assange seems to be in bed with Pootie-Poot.

http://www.thedailybeast.com/articles/2016/08/01/julian-assange-donald-trump-and-vladimir-putin-a-troika-for-our-insane-era.html





From: Jaime Solorza 

Sent: Sunday, September 18, 2016 4:13 PM

To: Animal Farm 

Subject: Re: [AFMUG] OT Being a good citizen



You mean Trumpass, Trumpfuck,  Trumpshit... worse than calling one a

Re: [AFMUG] OT Being a good citizen

[That One Guy /sarcasm]

Panama Papers are just an auction item now though, the US just hasnt
clicked the buy it now button

On Tue, Sep 20, 2016 at 10:25 AM, Daniel White  wrote:

> Maybe in North America.  Remember they have yet to release anything about
> stuff in the US.
>
>
>
> I guarantee the Panama Papers are still being discussed in countries like
> Iceland.
>
>
>
> Daniel White
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Josh Reynolds
> *Sent:* Tuesday, September 20, 2016 9:41 AM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] OT Being a good citizen
>
>
>
> Sadly those started being ignored the 2nd day of their release.
>
> Snowden became a national discussion. The panama papers ended up being a
> minor footnote.
>
>
>
> On Sep 20, 2016 8:07 AM, "Chuck McCown"  wrote:
>
> Yep, Snowden never had to expose himself.  But that was probably one of
> his goals.
>
>
>
> *From:* Daniel White 
>
> *Sent:* Tuesday, September 20, 2016 6:53 AM
>
> *To:* af@afmug.com
>
> *Subject:* Re: [AFMUG] OT Being a good citizen
>
>
>
> This is the right way to do it:
>
>
>
> https://en.wikipedia.org/wiki/Panama_Papers
>
>
>
> Daniel White
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Josh Luthman
> *Sent:* Monday, September 19, 2016 10:24 AM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] OT Being a good citizen
>
>
>
> Work with the media?  Are you serious?  The same media that is reporting
> this election?
>
>
>
> I think someone spiked your O'Douls.
>
>
>
>
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
>
>
>
> On Mon, Sep 19, 2016 at 12:22 PM, Chuck McCown  wrote:
>
> Perhaps work with the media.  A la deep throat etc.  Have someone with
> experience help vet the leaks and protect vital interests.
>
> I would never leak info that could get someone killed.  I might leak that
> the information has gotten off the reservation.  Perhaps place it in escrow
> with a trusted third party.  New York Times has done this many times over
> the years.
>
>
>
> *From:* Josh Luthman 
>
> *Sent:* Monday, September 19, 2016 10:17 AM
>
> *To:* af@afmug.com
>
> *Subject:* Re: [AFMUG] OT Being a good citizen
>
>
>
> Differently, how?
>
>
>
>
>
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
>
>
>
> On Mon, Sep 19, 2016 at 12:16 PM, Chuck McCown  wrote:
>
> I am in the same boat.  It is good to get bad stuff out in the light.  It
> is better to be loyal to your country.  If you are going to uncover bad
> things, do it differently.
>
>
>
> *From:* Jeff Broadwick - Lists 
>
> *Sent:* Monday, September 19, 2016 10:05 AM
>
> *To:* af@afmug.com
>
> *Subject:* Re: [AFMUG] OT Being a good citizen
>
>
>
> Does it make sense that I hate what he did but I'm kinda glad he did it?
>
> Jeff Broadwick
>
> ConVergence Technologies, Inc.
>
> 312-205-2519 Office
>
> 574-220-7826 Cell
>
> jbroadw...@converge-tech.com
>
>
> On Sep 19, 2016, at 11:57 AM, That One Guy /sarcasm <
> thatoneguyst...@gmail.com> wrote:
>
> Down with Snowden
>
>
>
> On Sun, Sep 18, 2016 at 6:14 PM, Chuck McCown  wrote:
>
> Yeah, I think Snowden is getting a whitewash courtesy of hollywood.
>
>
>
> *From:* George Skorup 
>
> *Sent:* Sunday, September 18, 2016 4:43 PM
>
> *To:* af@afmug.com
>
> *Subject:* Re: [AFMUG] OT Being a good citizen
>
>
>
> He signed a contract. If he saw things being done that he believed were
> against the constitution, then he should've went to his superiors and said
> that he cannot carry out his duties since he feels that they are unlawful.
> Then walked out, got a lawyer and said not a fucking thing about anything
> classified. He leaked info that our enemies used against us. He's a
> traitor, plain and simple. Not a hero. He deserves no pardon and no
> sympathy.
>
> I'm all for whistle blowing, standing up for the rights of the people and
> the spirit of the constitution and all that, but he went about it
> completely the wrong way. And look where it got him. Idiot.
>
> On 9/18/2016 4:29 PM, Ken Hohhof wrote:
>
> Snowden “does not work for a Russian organization, yet is financially
> secure thanks to substantial savings from his years as a well-paid
> contractor and more recently numerous awards and speaking fees from around
> the world.”  3 years.  That’s a lot of savings, or he’s eating a lot of
> ramen noodles.
>
>
>
> I guess Vladimir could let him live there for free just to piss off the
> US.  And Russia has good hackers of their own (maybe Fancy Bear and Cozy
> Bear will get their own movies), so maybe they haven’t needed any help in
> the recent hacks.  Certainly Assange seems to be in bed with Pootie-Poot.
>
> http://www.thedailybeast.com/articles/2016/08/01/julian-
> assange-donald-trump-and-vladimir-putin-a-troika-for-our-insane-era.html
>
>
>
>
>
> *From:* Jaime Solorza 
>
> *Sent:* Sunday, September 18, 2016 4:13 PM
>
> *To:* Animal Farm 
>
> *Subject:* Re: [AFMUG] OT Being a good citizen
>
>
>
> You mean Trumpass

Re: [AFMUG] everyone should be blocking SMB ports

[Justin Wilson]

Butch Evans has an awesome firewalling script.   It’s worth it to buy it and 
see what is going on.


Justin Wilson
j...@mtin.net

---
http://www.mtin.net Owner/CEO
xISP Solutions- Consulting – Data Centers - Bandwidth

http://www.midwest-ix.com  COO/Chairman
Internet Exchange - Peering - Distributed Fabric

> On Sep 20, 2016, at 11:20 AM, Ken Hohhof  wrote:
> 
> I agree with what Lewis said.  Ports 135-139 and 445 are well known ports 
> assigned to Windows networking and have no business being on the open 
> Internet.
>  
> There should be a strong presumption that outbound traffic on these ports is 
> malicious traffic from a worm like Blaster trying to propagate over the 
> Internet.  Best case, a customer has misconfigured something to send LAN 
> traffic over a WAN connection.
>  
> There are many pros and zero cons to blocking this traffic.  Do not get hung 
> up on the word “blocked”.  This is not a Net Neutrality issue.  NetBIOS/SMB 
> is LAN traffic not WAN traffic, if someone needs it to go site-to-site, then 
> it should be inside something like a VPN.
>  
>  
> From: Stefan Englhardt 
> Sent: Tuesday, September 20, 2016 9:26 AM
> To: af@afmug.com 
> Subject: Re: [AFMUG] everyone should be blocking SMB ports
>  
> We say our customers: You get free unblocked access. So we dont block. <>
> If we see a problem we block and notify the customer.
>  
>  
> Von: Af [mailto:af-boun...@afmug.com ] Im 
> Auftrag von Dave
> Gesendet: Dienstag, 20. September 2016 16:21
> An: af@afmug.com 
> Betreff: Re: [AFMUG] everyone should be blocking SMB ports
>  
> +1
> 
>  
> On 09/20/2016 09:12 AM, Jon Bruce wrote:
>> +1
>> 
>> On 9/20/2016 10:01 AM, Lewis Bergman wrote:
>>> I am a firm believer in the stance that as your ISP, I am not your mommy. 
>>> We did no filtering or firewalling for our customers. The only exception 
>>> being the blocking of certain traffic that had no business being on the 
>>> open Internet. This is one of those things.
>>> 
>>>  
>>> On Tue, Sep 20, 2016, 7:21 AM Richard Strittmatter >> > wrote:
 We block, have for years and years..
  
 Richard Strittmatter
  
 From: Af [mailto:af-boun...@afmug.com ] On 
 Behalf Of Mike Hammett
 Sent: Monday, September 19, 2016 11:59 AM
 
 To: af@afmug.com 
 Subject: Re: [AFMUG] everyone should be blocking SMB ports
  
 Yes, block.
 
 
 
 -
 Mike Hammett
 Intelligent Computing Solutions 
   
  
  
 
 Midwest Internet Exchange 
   
  
 
 The Brothers WISP 
  
 
 
  
 From: "That One Guy /sarcasm" >>> >
 To: af@afmug.com 
 Sent: Monday, September 19, 2016 11:57:44 AM
 
 
 Subject: Re: [AFMUG] everyone should be blocking SMB ports
 
 Whats the WISP consensus on blocking those ports at the edge? also, whats 
 the best religion? if Ford or Chevy better? Whats the greatest sports team?
  
 On Mon, Sep 19, 2016 at 11:50 AM, Zach Underwood >>> > wrote:
> My work has its own IP address and get upstream from atnt and charter. 
> The smb ports are not blocked.
> 
> Zach Underwood (RHCE,RHCSA,RHCT,UACA)
> 
> http://ZachUnderwood.me 
> advance-networking.com 
> 
> 
>  
> On Sep 19, 2016 12:47 PM, "Josh Luthman"  > wrote:
>> Cable/Telco probably.
>> 
>> WISP?  I dunno...
>> 
>>  
>> Josh Luthman
>> Office: 937-552-2340 
>> Direct: 937-552-2343 
>> 1100 Wayne St
>> Suite 1337
>> Troy, OH 45373
>>  
>> On Mon, Sep 19, 2016 at 12:47 PM, Sean Heskett > > wrote:
>>> i think everyone has been blocking those ports since 1998-ish (or at 
>>> least you should be)
>>>  
>>> -sean
>>>  
>>>  
>>> On Mon, Sep 19, 2016 at 10:22 AM, Zach Underwood >> > wrote:
 This was written from the view point of windows AD setup can affect 
 home users  too since MS makes people use MS live accounts to log in 
 to windows.
  
 Problem:
 Outside servers can ge

Re: [AFMUG] everyone should be blocking SMB ports

[That One Guy /sarcasm]

we run his script, oddly though its not blocking this now, I will have to
go investigate what i did wrong

On Tue, Sep 20, 2016 at 10:27 AM, Justin Wilson  wrote:

> Butch Evans has an awesome firewalling script.   It’s worth it to buy it
> and see what is going on.
>
>
> Justin Wilson
> j...@mtin.net
>
> ---
> http://www.mtin.net Owner/CEO
> xISP Solutions- Consulting – Data Centers - Bandwidth
>
> http://www.midwest-ix.com  COO/Chairman
> Internet Exchange - Peering - Distributed Fabric
>
> On Sep 20, 2016, at 11:20 AM, Ken Hohhof  wrote:
>
> I agree with what Lewis said.  Ports 135-139 and 445 are well known ports
> assigned to Windows networking and have no business being on the open
> Internet.
>
> There should be a strong presumption that outbound traffic on these ports
> is malicious traffic from a worm like Blaster trying to propagate over the
> Internet.  Best case, a customer has misconfigured something to send LAN
> traffic over a WAN connection.
>
> There are many pros and zero cons to blocking this traffic.  Do not get
> hung up on the word “blocked”.  This is not a Net Neutrality issue.
> NetBIOS/SMB is LAN traffic not WAN traffic, if someone needs it to go
> site-to-site, then it should be inside something like a VPN.
>
>
> *From:* Stefan Englhardt 
> *Sent:* Tuesday, September 20, 2016 9:26 AM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] everyone should be blocking SMB ports
>
> We say our customers: You get free unblocked access. So we dont block.
> If we see a problem we block and notify the customer.
>
>
> *Von:* Af [mailto:af-boun...@afmug.com ] *Im
> Auftrag von *Dave
> *Gesendet:* Dienstag, 20. September 2016 16:21
> *An:* af@afmug.com
> *Betreff:* Re: [AFMUG] everyone should be blocking SMB ports
>
>
> +1
>
> On 09/20/2016 09:12 AM, Jon Bruce wrote:
>
> +1
> On 9/20/2016 10:01 AM, Lewis Bergman wrote:
>
> I am a firm believer in the stance that as your ISP, I am not your mommy.
> We did no filtering or firewalling for our customers. The only exception
> being the blocking of certain traffic that had no business being on the
> open Internet. This is one of those things.
>
> On Tue, Sep 20, 2016, 7:21 AM Richard Strittmatter 
> wrote:
>
> We block, have for years and years..
>
> Richard Strittmatter
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Mike Hammett
> *Sent:* Monday, September 19, 2016 11:59 AM
>
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] everyone should be blocking SMB ports
>
>
> Yes, block.
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions 
> 
> 
> 
> 
> Midwest Internet Exchange 
> 
> 
> 
> The Brothers WISP 
> 
>
>
> 
> --
>
> *From: *"That One Guy /sarcasm" 
> *To: *af@afmug.com
> *Sent: *Monday, September 19, 2016 11:57:44 AM
>
>
> *Subject: *Re: [AFMUG] everyone should be blocking SMB ports
> Whats the WISP consensus on blocking those ports at the edge? also, whats
> the best religion? if Ford or Chevy better? Whats the greatest sports team?
>
> On Mon, Sep 19, 2016 at 11:50 AM, Zach Underwood 
> wrote:
>
> My work has its own IP address and get upstream from atnt and charter. The
> smb ports are not blocked.
>
> Zach Underwood (RHCE,RHCSA,RHCT,UACA)
>
> http://ZachUnderwood.me 
>
> advance-networking.com
>
>
>
> On Sep 19, 2016 12:47 PM, "Josh Luthman" 
> wrote:
>
> Cable/Telco probably.
>
> WISP?  I dunno...
>
>
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
>
> On Mon, Sep 19, 2016 at 12:47 PM, Sean Heskett  wrote:
>
> i think everyone has been blocking those ports since 1998-ish (or at least
> you should be)
>
> -sean
>
>
> On Mon, Sep 19, 2016 at 10:22 AM, Zach Underwood 
> wrote:
>
> This was written from the view point of windows AD setup can affect home
> users  too since MS makes people use MS live accounts to log in to windows.
>
> *Problem:*
> Outside servers can get username/domain/password hash. Once a remote
> server has the login info they could connect to VPN, Office365 or an other
> service that using AD domain user info.
> See attachment for example. I got the example from a VM with a test
> account on it.
>
> *Details:*
> Microsoft based browsers like IE and Edge can be induced to make a
> outbound smb connection to a remote server. In this connection Microsoft
> will send over username, domain, and password hash. The remote server then
> can do a decryption of the password hash using brute force, password,
> dictionary and

Re: [AFMUG] Cogent...

[Dennis Burgess]

Fine.

Thanks,

Dennis Burgess – Network Engineer/Consutant
MikroTik Certified 
Trianer/Consultant
 – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE
Cambium ePMP Certified, Telrad Certified, Cisco CCNA

For Wireless Hardware/Routers visit www.linktechs.net
RF Mapping: www.towercoverage.com
Office: 314-735-0270
dmburg...@linktechs.net

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Sam Lambie
Sent: Tuesday, September 20, 2016 10:05 AM
To: af@afmug.com
Subject: Re: [AFMUG] Cogent...

Is Cogent still down or limping along?

On Tue, Sep 20, 2016 at 8:17 AM, Seth Mattinen 
mailto:se...@rollernet.us>> wrote:
On 9/19/16 6:12 PM, Mike Hammett wrote:
Charter doesn't have communities you could use to no-export Cogent?


Oh probably, but we're dropping Charter anyway in a couple months.

~Seth



--
--
Sam Lambie
Taosnet Wireless Tech.
575-758-7598 Office
www.Taosnet.com

Re: [AFMUG] Cogent...

[Mike Hammett]

They were back yesterday evening from my observation. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "Sam Lambie"  
To: af@afmug.com 
Sent: Tuesday, September 20, 2016 10:05:16 AM 
Subject: Re: [AFMUG] Cogent... 


Is Cogent still down or limping along? 




On Tue, Sep 20, 2016 at 8:17 AM, Seth Mattinen < se...@rollernet.us > wrote: 


On 9/19/16 6:12 PM, Mike Hammett wrote: 


Charter doesn't have communities you could use to no-export Cogent? 




Oh probably, but we're dropping Charter anyway in a couple months. 

~Seth 





-- 

-- 
Sam Lambie 
Taosnet Wireless Tech. 
575-758-7598 Office 
www.Taosnet.com 

Re: [AFMUG] Cogent...

[Dennis Burgess]

Yap, they were not down ,just high latency going though LAX..  issue is LOTS of 
traffic goes though IAX.

Thanks,

Dennis Burgess – Network Engineer/Consutant
MikroTik Certified 
Trianer/Consultant
 – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE
Cambium ePMP Certified, Telrad Certified, Cisco CCNA

For Wireless Hardware/Routers visit www.linktechs.net
RF Mapping: www.towercoverage.com
Office: 314-735-0270
dmburg...@linktechs.net

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Mike Hammett
Sent: Tuesday, September 20, 2016 10:36 AM
To: af@afmug.com
Subject: Re: [AFMUG] Cogent...

They were back yesterday evening from my observation.


-
Mike Hammett
Intelligent Computing Solutions
[http://www.ics-il.com/images/fbicon.png][http://www.ics-il.com/images/googleicon.png][http://www.ics-il.com/images/linkedinicon.png][http://www.ics-il.com/images/twittericon.png]
Midwest Internet Exchange
[http://www.ics-il.com/images/fbicon.png][http://www.ics-il.com/images/linkedinicon.png][http://www.ics-il.com/images/twittericon.png]
The Brothers WISP
[http://www.ics-il.com/images/fbicon.png][http://www.ics-il.com/images/youtubeicon.png]




From: "Sam Lambie" mailto:samtaos...@gmail.com>>
To: af@afmug.com
Sent: Tuesday, September 20, 2016 10:05:16 AM
Subject: Re: [AFMUG] Cogent...
Is Cogent still down or limping along?

On Tue, Sep 20, 2016 at 8:17 AM, Seth Mattinen 
mailto:se...@rollernet.us>> wrote:
On 9/19/16 6:12 PM, Mike Hammett wrote:
Charter doesn't have communities you could use to no-export Cogent?


Oh probably, but we're dropping Charter anyway in a couple months.

~Seth



--
--
Sam Lambie
Taosnet Wireless Tech.
575-758-7598 Office
www.Taosnet.com

Re: [AFMUG] Cogent...

[SmarterBroadband]

;-)

-Original Message-
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Ken Hohhof
Sent: Monday, September 19, 2016 10:18 PM
To: af@afmug.com
Subject: Re: [AFMUG] Cogent...

Sad, so sad.  But I'm going to have the best routes, believe me.  And Cogent is 
going to pay for them.  Okay?

-Original Message-
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Faisal Imtiaz
Sent: Monday, September 19, 2016 10:32 PM
To: af@afmug.com
Subject: Re: [AFMUG] Cogent...

???  So much for the people who believe taking full BGP routes will 
automatically choose the best routes.  (Why does "best routes" sound like 
something Trump  would say?)

I think at this point in time it would be fair to say that both are 'myths' 

LOL !


Faisal Imtiaz
Snappy Internet & Telecom
7266 SW 48 Street
Miami, FL 33155
Tel: 305 663 5518 x 232

Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net

- Original Message -
> From: "Ken Hohhof" 
> To: af@afmug.com
> Sent: Monday, September 19, 2016 8:21:48 PM
> Subject: Re: [AFMUG] Cogent...

> So much for the people who believe taking full BGP routes will 
> automatically choose the best routes.  (Why does "best routes" sound 
> like something Trump would say?)
> 
> 
> -Original Message-
> From: Af [mailto:af-boun...@afmug.com] On Behalf Of Seth Mattinen
> Sent: Monday, September 19, 2016 6:03 PM
> To: af@afmug.com
> Subject: Re: [AFMUG] Cogent...
> 
> On 9/19/16 13:48, Robert Andrews wrote:
>> Anybody hear what's going on with Cogent..??   Lots' of packet loss on
>> all their cross connects.  I am hearing a lot of people having 
>> problems with financial transactions ( IP CC readers ) failing and 
>> connectivity
>> to Citrix and such failing..   IS this the new world order?
> 
> 
> They're fubar for the last 3 days for different reasons. Today it's a
> (another?) fiber cut in LA. Had to pull routes away from Charter to 
> get traffic away from Cogent.
> 
> ~Seth

Re: [AFMUG] Cambium 450d

[Matt]

We are struggling with the 450d vs old style sm decision as well.
Installers find carrying old style sm and reflectors in service
vehicle so much easier.  Everyone is so used to the old sm's its a
hard change.  Many/most of our upgrades have a reflector already as
well.  We do see just a bit better link test out of 450d though.  In
one case tiny bit worse but usually tiny bit better.

Does Cambium sell spare parts for the 450d in case something breaks?
Could be a factor as well when we get more deployed.  The bare SM has
always been tough as nails.



>
> Well, reflector dishes have their merits.  I have upgraded from Trango, FSK, 
> 430, 450 sometimes twice by just popping a new radio into the existing dish.  
> I have changed frequencies.  You can bring one radio for use as standalone 
> “integrated” or if you don’t get the numbers you want, pop on a CLIP or use 
> the same radio with a reflector dish.  It also reduces the number of spares 
> you need to keep in the truck for repairs.  Another advantage over many of 
> the integrated dish solutions is the mount provides independent adjustments 
> for elevation and azimuth, which lends itself to better alignment, and 
> reduces the need to hire 3-handed installers (or monkeys with prehensile 
> tails).
>
>
>
> Visually, one may look better to some, but the eye is so used to seeing 
> satellite dishes that one more reflector dish goes unnoticed.
>
>
>
>
>
> From: Af [mailto:af-boun...@afmug.com] On Behalf Of Mike Hammett
> Sent: Sunday, September 18, 2016 7:06 AM
> To: af@afmug.com
>
>
> Subject: Re: [AFMUG] Cambium 450d
>
>
>
> So PMP finally joins what everyone else has been doing for 10 years?
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions
>
> Midwest Internet Exchange
>
> The Brothers WISP
>
>
>
> 
>
> From: "Daniel White" 
> To: af@afmug.com
> Sent: Saturday, September 17, 2016 10:35:44 PM
> Subject: Re: [AFMUG] Cambium 450d
>
> Cambium is moving towards EOL the reflectors from some of the roadmap stuff 
> I’ve seen.  I think the ePMP Force 200/450d type configuration and Force 180 
> design are here to stay.
>
>
>
> Daniel White
>
> Managing Director – Hardware Distribution Sales
>
> ConVergence Technologies
>
> Cell: +1 (303) 746-3590
>
> dwh...@converge-tech.com
>
>
>
> From: Af [mailto:af-boun...@afmug.com] On Behalf Of Steve D
> Sent: Saturday, September 17, 2016 9:13 PM
> To: af 
> Subject: Re: [AFMUG] Cambium 450d
>
>
>
> So over reflectors.  Love to see lower priced versions of these and the 
> reflector crap phased right out.
>
>
>
> On Sep 16, 2016 2:13 PM, "Jeff Broadwick - Lists"  wrote:
>
> That have an integrated 3.65 unit Timothy.  It's only uncapped at this point, 
> but it exists.  C036045C014A.
>
> Jeff Broadwick
>
> ConVergence Technologies, Inc.
>
> 312-205-2519 Office
>
> 574-220-7826 Cell
>
> jbroadw...@converge-tech.com
>
>
> On Sep 16, 2016, at 4:37 PM, Timothy Steele  wrote:
>
> I have gotten 5db better with the 450d also inner feed designed dishes seems 
> to work much better when under a tower also much more simple to mount on a 
> tower I hope they do the same with 2.4 and 365 soon
>
>
>
> On Fri, Sep 16, 2016, 12:57 PM SmarterBroadband  
> wrote:
>
> +1
>
>
>
> From: Af [mailto:af-boun...@afmug.com] On Behalf Of Gino Villarini
> Sent: Friday, September 16, 2016 9:53 AM
> To: Animal Farm
> Subject: Re: [AFMUG] Cambium 450d
>
>
>
> We love it! We have standardized on it
>
>
>
> -looks way better that a SM+dish, more professional
>
> -gain the same or 1-2db better
>
> -easier to assemble / align
>
> -less windload
>
>
>
> On Fri, Sep 16, 2016 at 12:51 PM, Ken Hohhof  wrote:
>
> I see several WISPs deploying the 450d, but I suspect it's because they don't 
> like reflector dishes, or because of the 40M license key.
>
> Cambium has indicated the 450d has a little more antenna gain than the 
> regular 450 SM plus a reflector dish, but the spec sheets say 25 dBi either 
> way.  What are people really seeing in the field?  Is there a performance 
> difference in an apples-to-apples comparison?  How much?  I'm not going to 
> get too excited about 1 dB.
>
> Otherwise, we're looking at the connectorized 450 SM.  Or the connectorized 
> 450i SM, which is pretty pricey.
>
>
>
>
>
> Virus-free. www.avast.com
>
>

Re: [AFMUG] Cogent...

[Mike Hammett]

High LAX latency because it was rerouting all over the globe. LAX - SFO was 
going through Singapore, Toyko, etc. LAX - ORD went through Europe. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "Dennis Burgess"  
To: af@afmug.com 
Sent: Tuesday, September 20, 2016 10:36:37 AM 
Subject: Re: [AFMUG] Cogent... 



Yap, they were not down ,just high latency going though LAX.. issue is LOTS of 
traffic goes though IAX. 


Thanks, 

Dennis Burgess – Network Engineer/Consutant 
MikroTik Certified Trianer/Consultant – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE 
Cambium ePMP Certified, Telrad Certified, Cisco CCNA 

For Wireless Hardware/Routers visit www.linktechs.net 
RF Mapping: www.towercoverage.com 
Office: 314-735-0270 
dmburg...@linktechs.net 



From: Af [mailto:af-boun...@afmug.com] On Behalf Of Mike Hammett 
Sent: Tuesday, September 20, 2016 10:36 AM 
To: af@afmug.com 
Subject: Re: [AFMUG] Cogent... 


They were back yesterday evening from my observation. 



- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -


From: "Sam Lambie" < samtaos...@gmail.com > 
To: af@afmug.com 
Sent: Tuesday, September 20, 2016 10:05:16 AM 
Subject: Re: [AFMUG] Cogent... 

Is Cogent still down or limping along? 



On Tue, Sep 20, 2016 at 8:17 AM, Seth Mattinen < se...@rollernet.us > wrote: 


On 9/19/16 6:12 PM, Mike Hammett wrote: 


Charter doesn't have communities you could use to no-export Cogent? 




Oh probably, but we're dropping Charter anyway in a couple months. 

~Seth 





-- 

-- 
Sam Lambie 
Taosnet Wireless Tech. 
575-758-7598 Office 
www.Taosnet.com 

[AFMUG] Antenna side lobes...do they move much?

[Adam Moffett]

My question is about the polar plot for a sector antenna where you see 
tiny lobes coming off it.  Such as in between the rear lobe and the main 
lobe there might be several tiny lobes.  I've always thought RSSI was 
unstable when you hit the sector from a weird direction like that.


If I could see the radiation pattern in realtime would those lobes be 
stationary or would they dance around a little?


I'm just looking for an underlying reason for things I've seen in the 
field, and maybe a real justification to use when I tell people not to 
do that.

Re: [AFMUG] Antenna side lobes...do they move much?

[Chuck McCown]

They would be rock solid if nothing is moving in the nearfield of the antenna.  
However your particular antenna will have lobes in slightly different positions 
and magnitudes.  The plot you get is the antenna that was hand tweaked and 
tested on the range.  Production models vary a bit from antenna to antenna.  

This is kind of like the pattern your headlights cast on your garage door.  You 
will see bands and irregularities on the edges of the light pattern.  They 
really don’t move but are a function of how the light was sealed together.  

From: Adam Moffett 
Sent: Tuesday, September 20, 2016 10:57 AM
To: Animal Farm 
Subject: [AFMUG] Antenna side lobes...do they move much?

My question is about the polar plot for a sector antenna where you see tiny 
lobes coming off it.  Such as in between the rear lobe and the main lobe there 
might be several tiny lobes.  I've always thought RSSI was unstable when you 
hit the sector from a weird direction like that.

If I could see the radiation pattern in realtime would those lobes be 
stationary or would they dance around a little?  

I'm just looking for an underlying reason for things I've seen in the field, 
and maybe a real justification to use when I tell people not to do that.

Re: [AFMUG] Antenna side lobes...do they move much?

[Adam Moffett]

Good to know, thanks.

In Canopy FSK I remember getting re-regs from people on the side of a 
sector...seemingly regardless of how hot their RSSI was.  In Wimax I 
sometimes see fluctuations of 5-10db in the same circumstance.


I guess I'm just reaching for explanations.


-- Original Message --
From: "Chuck McCown" 
To: "Animal Farm" 
Sent: 9/20/2016 1:00:47 PM
Subject: Re: [AFMUG] Antenna side lobes...do they move much?

They would be rock solid if nothing is moving in the nearfield of the 
antenna.  However your particular antenna will have lobes in slightly 
different positions and magnitudes.  The plot you get is the antenna 
that was hand tweaked and tested on the range.  Production models vary 
a bit from antenna to antenna.


This is kind of like the pattern your headlights cast on your garage 
door.  You will see bands and irregularities on the edges of the light 
pattern.  They really don’t move but are a function of how the light 
was sealed together.


From:Adam Moffett
Sent: Tuesday, September 20, 2016 10:57 AM
To:Animal Farm
Subject: [AFMUG] Antenna side lobes...do they move much?

My question is about the polar plot for a sector antenna where you see 
tiny lobes coming off it.  Such as in between the rear lobe and the 
main lobe there might be several tiny lobes.  I've always thought RSSI 
was unstable when you hit the sector from a weird direction like that.


If I could see the radiation pattern in realtime would those lobes be 
stationary or would they dance around a little?


I'm just looking for an underlying reason for things I've seen in the 
field, and maybe a real justification to use when I tell people not to 
do that.

Re: [AFMUG] everyone should be blocking SMB ports

[Paul Stewart]

I’ve seen some custom VPN applications run over 445 and shook my head as to 
why….

We limit our filtering specifically to SMTP, DNS, and UPNP type stuff where 
attacks/misuse are most common … 

> On Sep 20, 2016, at 11:20 AM, Ken Hohhof  wrote:
> 
> I agree with what Lewis said.  Ports 135-139 and 445 are well known ports 
> assigned to Windows networking and have no business being on the open 
> Internet.
>  
> There should be a strong presumption that outbound traffic on these ports is 
> malicious traffic from a worm like Blaster trying to propagate over the 
> Internet.  Best case, a customer has misconfigured something to send LAN 
> traffic over a WAN connection.
>  
> There are many pros and zero cons to blocking this traffic.  Do not get hung 
> up on the word “blocked”.  This is not a Net Neutrality issue.  NetBIOS/SMB 
> is LAN traffic not WAN traffic, if someone needs it to go site-to-site, then 
> it should be inside something like a VPN.
>  
>  
> From: Stefan Englhardt 
> Sent: Tuesday, September 20, 2016 9:26 AM
> To: af@afmug.com 
> Subject: Re: [AFMUG] everyone should be blocking SMB ports
>  
> We say our customers: You get free unblocked access. So we dont block. <>
> If we see a problem we block and notify the customer.
>  
>  
> Von: Af [mailto:af-boun...@afmug.com ] Im 
> Auftrag von Dave
> Gesendet: Dienstag, 20. September 2016 16:21
> An: af@afmug.com 
> Betreff: Re: [AFMUG] everyone should be blocking SMB ports
>  
> +1
> 
>  
> On 09/20/2016 09:12 AM, Jon Bruce wrote:
>> +1
>> 
>> On 9/20/2016 10:01 AM, Lewis Bergman wrote:
>>> I am a firm believer in the stance that as your ISP, I am not your mommy. 
>>> We did no filtering or firewalling for our customers. The only exception 
>>> being the blocking of certain traffic that had no business being on the 
>>> open Internet. This is one of those things.
>>> 
>>>  
>>> On Tue, Sep 20, 2016, 7:21 AM Richard Strittmatter >> > wrote:
 We block, have for years and years..
  
 Richard Strittmatter
  
 From: Af [mailto:af-boun...@afmug.com ] On 
 Behalf Of Mike Hammett
 Sent: Monday, September 19, 2016 11:59 AM
 
 To: af@afmug.com 
 Subject: Re: [AFMUG] everyone should be blocking SMB ports
  
 Yes, block.
 
 
 
 -
 Mike Hammett
 Intelligent Computing Solutions 
   
  
  
 
 Midwest Internet Exchange 
   
  
 
 The Brothers WISP 
  
 
 
  
 From: "That One Guy /sarcasm" >>> >
 To: af@afmug.com 
 Sent: Monday, September 19, 2016 11:57:44 AM
 
 
 Subject: Re: [AFMUG] everyone should be blocking SMB ports
 
 Whats the WISP consensus on blocking those ports at the edge? also, whats 
 the best religion? if Ford or Chevy better? Whats the greatest sports team?
  
 On Mon, Sep 19, 2016 at 11:50 AM, Zach Underwood >>> > wrote:
> My work has its own IP address and get upstream from atnt and charter. 
> The smb ports are not blocked.
> 
> Zach Underwood (RHCE,RHCSA,RHCT,UACA)
> 
> http://ZachUnderwood.me 
> advance-networking.com 
> 
> 
>  
> On Sep 19, 2016 12:47 PM, "Josh Luthman"  > wrote:
>> Cable/Telco probably.
>> 
>> WISP?  I dunno...
>> 
>>  
>> Josh Luthman
>> Office: 937-552-2340 
>> Direct: 937-552-2343 
>> 1100 Wayne St
>> Suite 1337
>> Troy, OH 45373
>>  
>> On Mon, Sep 19, 2016 at 12:47 PM, Sean Heskett > > wrote:
>>> i think everyone has been blocking those ports since 1998-ish (or at 
>>> least you should be)
>>>  
>>> -sean
>>>  
>>>  
>>> On Mon, Sep 19, 2016 at 10:22 AM, Zach Underwood >> > wrote:
 This was written from the view point of windows AD setup can affect 
 home users  too since MS makes people use MS live accounts to log in 
 to windows.
  
 Problem:
 Outside servers can get username/domain/password hash. Once a remote 
 server has the login info they could connect to VPN, Offi

Re: [AFMUG] Antenna side lobes...do they move much?

[That One Guy /sarcasm]

would the energy of a nearby SM alter the lobe pattern from the AP antenna

On Tue, Sep 20, 2016 at 12:07 PM, Adam Moffett  wrote:

> Good to know, thanks.
>
> In Canopy FSK I remember getting re-regs from people on the side of a
> sector...seemingly regardless of how hot their RSSI was.  In Wimax I
> sometimes see fluctuations of 5-10db in the same circumstance.
>
> I guess I'm just reaching for explanations.
>
>
> -- Original Message --
> From: "Chuck McCown" 
> To: "Animal Farm" 
> Sent: 9/20/2016 1:00:47 PM
> Subject: Re: [AFMUG] Antenna side lobes...do they move much?
>
>
> They would be rock solid if nothing is moving in the nearfield of the
> antenna.  However your particular antenna will have lobes in slightly
> different positions and magnitudes.  The plot you get is the antenna that
> was hand tweaked and tested on the range.  Production models vary a bit
> from antenna to antenna.
>
> This is kind of like the pattern your headlights cast on your garage
> door.  You will see bands and irregularities on the edges of the light
> pattern.  They really don’t move but are a function of how the light was
> sealed together.
>
> *From:* Adam Moffett 
> *Sent:* Tuesday, September 20, 2016 10:57 AM
> *To:* Animal Farm 
> *Subject:* [AFMUG] Antenna side lobes...do they move much?
>
> My question is about the polar plot for a sector antenna where you see
> tiny lobes coming off it.  Such as in between the rear lobe and the main
> lobe there might be several tiny lobes.  I've always thought RSSI was
> unstable when you hit the sector from a weird direction like that.
>
> If I could see the radiation pattern in realtime would those lobes be
> stationary or would they dance around a little?
>
> I'm just looking for an underlying reason for things I've seen in the
> field, and maybe a real justification to use when I tell people not to do
> that.
>
>
>


-- 
If you only see yourself as part of the team but you don't see your team as
part of yourself you have already failed as part of the team.

Re: [AFMUG] everyone should be blocking SMB ports

[Josh Luthman]

Taking about a Microsoft VPN maybe?  Don't they have an HTTPS tunnel for
this?

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Sep 20, 2016 1:08 PM, "Paul Stewart"  wrote:

I’ve seen some custom VPN applications run over 445 and shook my head as to
why….

We limit our filtering specifically to SMTP, DNS, and UPNP type stuff where
attacks/misuse are most common …

On Sep 20, 2016, at 11:20 AM, Ken Hohhof  wrote:

I agree with what Lewis said.  Ports 135-139 and 445 are well known ports
assigned to Windows networking and have no business being on the open
Internet.

There should be a strong presumption that outbound traffic on these ports
is malicious traffic from a worm like Blaster trying to propagate over the
Internet.  Best case, a customer has misconfigured something to send LAN
traffic over a WAN connection.

There are many pros and zero cons to blocking this traffic.  Do not get
hung up on the word “blocked”.  This is not a Net Neutrality issue.
NetBIOS/SMB is LAN traffic not WAN traffic, if someone needs it to go
site-to-site, then it should be inside something like a VPN.


*From:* Stefan Englhardt 
*Sent:* Tuesday, September 20, 2016 9:26 AM
*To:* af@afmug.com
*Subject:* Re: [AFMUG] everyone should be blocking SMB ports

We say our customers: You get free unblocked access. So we dont block.
If we see a problem we block and notify the customer.


*Von:* Af [mailto:af-boun...@afmug.com ] *Im Auftrag
von *Dave
*Gesendet:* Dienstag, 20. September 2016 16:21
*An:* af@afmug.com
*Betreff:* Re: [AFMUG] everyone should be blocking SMB ports


+1

On 09/20/2016 09:12 AM, Jon Bruce wrote:

+1
On 9/20/2016 10:01 AM, Lewis Bergman wrote:

I am a firm believer in the stance that as your ISP, I am not your mommy.
We did no filtering or firewalling for our customers. The only exception
being the blocking of certain traffic that had no business being on the
open Internet. This is one of those things.

On Tue, Sep 20, 2016, 7:21 AM Richard Strittmatter  wrote:

We block, have for years and years..

Richard Strittmatter

*From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Mike Hammett
*Sent:* Monday, September 19, 2016 11:59 AM

*To:* af@afmug.com
*Subject:* Re: [AFMUG] everyone should be blocking SMB ports


Yes, block.


-
Mike Hammett
Intelligent Computing Solutions 




Midwest Internet Exchange 



The Brothers WISP 




--

*From: *"That One Guy /sarcasm" 
*To: *af@afmug.com
*Sent: *Monday, September 19, 2016 11:57:44 AM


*Subject: *Re: [AFMUG] everyone should be blocking SMB ports
Whats the WISP consensus on blocking those ports at the edge? also, whats
the best religion? if Ford or Chevy better? Whats the greatest sports team?

On Mon, Sep 19, 2016 at 11:50 AM, Zach Underwood 
wrote:

My work has its own IP address and get upstream from atnt and charter. The
smb ports are not blocked.

Zach Underwood (RHCE,RHCSA,RHCT,UACA)

http://ZachUnderwood.me 

advance-networking.com



On Sep 19, 2016 12:47 PM, "Josh Luthman" 
wrote:

Cable/Telco probably.

WISP?  I dunno...


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Mon, Sep 19, 2016 at 12:47 PM, Sean Heskett  wrote:

i think everyone has been blocking those ports since 1998-ish (or at least
you should be)

-sean


On Mon, Sep 19, 2016 at 10:22 AM, Zach Underwood 
wrote:

This was written from the view point of windows AD setup can affect home
users  too since MS makes people use MS live accounts to log in to windows.

*Problem:*
Outside servers can get username/domain/password hash. Once a remote server
has the login info they could connect to VPN, Office365 or an other service
that using AD domain user info.
See attachment for example. I got the example from a VM with a test account
on it.

*Details:*
Microsoft based browsers like IE and Edge can be induced to make a outbound
smb connection to a remote server. In this connection Microsoft will send
over username, domain, and password hash. The remote server then can do a
decryption of the password hash using brute force, password, dictionary and
rainbow tables.

*Fix:*
The fastest way to stop this is to block all of the smb networks ports on
the edge firewall for incoming and outgoing. The ports are 137-138udp,
137tcp,139tcp, 445tcp

*Sources:*
http://www.zdnet.com/article/windows-attack-can-steal-your-
username-password-and-other-logins/
*Testing site*:
https

Re: [AFMUG] Antenna side lobes...do they move much?

[Chuck McCown]

Yes, not the energy but just the presence of a physical object.  

From: That One Guy /sarcasm 
Sent: Tuesday, September 20, 2016 11:09 AM
To: af@afmug.com 
Subject: Re: [AFMUG] Antenna side lobes...do they move much?

would the energy of a nearby SM alter the lobe pattern from the AP antenna

On Tue, Sep 20, 2016 at 12:07 PM, Adam Moffett  wrote:

  Good to know, thanks.

  In Canopy FSK I remember getting re-regs from people on the side of a 
sector...seemingly regardless of how hot their RSSI was.  In Wimax I sometimes 
see fluctuations of 5-10db in the same circumstance.  

  I guess I'm just reaching for explanations. 


  -- Original Message --
  From: "Chuck McCown" 
  To: "Animal Farm" 
  Sent: 9/20/2016 1:00:47 PM
  Subject: Re: [AFMUG] Antenna side lobes...do they move much?

They would be rock solid if nothing is moving in the nearfield of the 
antenna.  However your particular antenna will have lobes in slightly different 
positions and magnitudes.  The plot you get is the antenna that was hand 
tweaked and tested on the range.  Production models vary a bit from antenna to 
antenna.  

This is kind of like the pattern your headlights cast on your garage door.  
You will see bands and irregularities on the edges of the light pattern.  They 
really don’t move but are a function of how the light was sealed together.  

From: Adam Moffett 
Sent: Tuesday, September 20, 2016 10:57 AM
To: Animal Farm 
Subject: [AFMUG] Antenna side lobes...do they move much?

My question is about the polar plot for a sector antenna where you see tiny 
lobes coming off it.  Such as in between the rear lobe and the main lobe there 
might be several tiny lobes.  I've always thought RSSI was unstable when you 
hit the sector from a weird direction like that.

If I could see the radiation pattern in realtime would those lobes be 
stationary or would they dance around a little?  

I'm just looking for an underlying reason for things I've seen in the 
field, and maybe a real justification to use when I tell people not to do that.





-- 

If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.

Re: [AFMUG] Beam me up Scotty...... Quantum Teleportation Moves Out Of Lab As Scientists Achieve Long-Distance Information Transfer Via City Optic Fiber

[Sterling Jacobson]

Couldn’t this theoretically be used to house a quantum particle at your house 
and then ‘connect’ to another server, but then transmit faster than the speed 
of light and with lots of data eventually?

Then our fiber infrastructure would just be for connections only, and not have 
to actually carry the data?


From: Af [mailto:af-boun...@afmug.com] On Behalf Of Jaime Solorza
Sent: Tuesday, September 20, 2016 7:00 AM
To: Animal Farm 
Subject: [AFMUG] Beam me up Scotty.. Quantum Teleportation Moves Out Of Lab 
As Scientists Achieve Long-Distance Information Transfer Via City Optic Fiber


http://www.ibtimes.com/quantum-teleportation-moves-out-lab-scientists-achieve-long-distance-information-2418939

Re: [AFMUG] Cogent...

[Jon Auer]

Sometimes sh*t happens.
The Level3 we have for one of our ASNs was flaking out regularly from a
faulty linecard in MSP a few months back.
Last summer the HE we have on the other ASN was going down for 6-12 hours
at a time multiple times per week for a month because their POP transport
was a single unprotected wave going along a highway that was being moved.

We still use all of them.

On Mon, Sep 19, 2016 at 6:49 PM, That One Guy /sarcasm <
thatoneguyst...@gmail.com> wrote:

> How is cogent still operating at the level they do. It's like I'm the guy
> in charge of their network.
>
> On Sep 19, 2016 6:03 PM, "Seth Mattinen"  wrote:
>
>> On 9/19/16 13:48, Robert Andrews wrote:
>>
>>> Anybody hear what's going on with Cogent..??   Lots' of packet loss on
>>> all their cross connects.  I am hearing a lot of people having problems
>>> with financial transactions ( IP CC readers ) failing and connectivity
>>> to Citrix and such failing..   IS this the new world order?
>>>
>>
>>
>> They're fubar for the last 3 days for different reasons. Today it's a
>> (another?) fiber cut in LA. Had to pull routes away from Charter to get
>> traffic away from Cogent.
>>
>> ~Seth
>>
>

Re: [AFMUG] Beam me up Scotty...... Quantum Teleportation Moves Out Of Lab As Scientists Achieve Long-Distance Information Transfer Via City Optic Fiber

[Jaime Solorza]

No Tecate.. Does not compute

On Sep 20, 2016 11:50 AM, "Sterling Jacobson"  wrote:

> Couldn’t this theoretically be used to house a quantum particle at your
> house and then ‘connect’ to another server, but then transmit faster than
> the speed of light and with lots of data eventually?
>
>
>
> Then our fiber infrastructure would just be for connections only, and not
> have to actually carry the data?
>
>
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Jaime Solorza
> *Sent:* Tuesday, September 20, 2016 7:00 AM
> *To:* Animal Farm 
> *Subject:* [AFMUG] Beam me up Scotty.. Quantum Teleportation Moves
> Out Of Lab As Scientists Achieve Long-Distance Information Transfer Via
> City Optic Fiber
>
>
>
> http://www.ibtimes.com/quantum-teleportation-moves-
> out-lab-scientists-achieve-long-distance-information-2418939
>

Re: [AFMUG] CDN Overload

[Mike Hammett]

Well if you're having issues with Level 3, then you're in luck. I have the ear 
of a Level 3 CDN engineer. They're very anxious to help. Once I get all of the 
information gathered , we'll be able to make some progress. 

I look forward to additional information. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "Ken Hohhof"  
To: af@afmug.com 
Sent: Tuesday, September 20, 2016 1:54:10 PM 
Subject: Re: [AFMUG] CDN Overload 




Mike, I know this doesn’t have all the information you are looking for, but 
it’s all I have time to capture right now. The source IPs seem to be Level3 
CDN, and it’s sending just under 6 Mbps of traffic to a customer rate-limited 
by the tower router to 3 Mbps (Cisco rate limiting which is RED). The torch 
results are from a Mikrotik router upstream of the tower. The 10 second torch 
shows around 40 TCP connections. This seems to be a common pattern, push 
traffic until packet loss is around 50%, with around 50 TCP connections. 

I tried blocking individual IPs and it was like whack-a-mole, it just added 
more IPs. Then I blocked 8.0.0.0/8 which did stop the traffic, but I didn’t 
want to leave that in place. Once I stopped dropping that traffic, it started 
up again. 

I don’t know what the traffic is, but I suspect Windows 10 update. It’s a 
little old lady with one desktop computer. She says it started around 4pm 
yesterday, which seems a little early for Patch Tuesday. It is making her 
Internet totally unusable, can’t look up directions, can’t check Facebook, 
sporadically gets email. 





From: Mike Hammett 
Sent: Tuesday, September 20, 2016 9:09 AM 
To: af@afmug.com 
Subject: Re: [AFMUG] CDN Overload 


Can you address the questions I posed in the initial e-mail? 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "Jim Bouse [Brazos WiFi]"  
To: af@afmug.com 
Sent: Tuesday, September 20, 2016 8:58:12 AM 
Subject: Re: [AFMUG] CDN Overload 



I’ve seen it the most from Limelight. Don’t know what they are cramming down my 
user’s throats but I suspect it is either Microsoft or Apple. 


Jim Bouse 
Owner 
Mobile IT Pro - Brazos WiFi 
979-985-5912 
j...@brazoswifi.com 



From: Af [mailto:af-boun...@afmug.com] On Behalf Of Mike Hammett 
Sent: Monday, September 19, 2016 10:29 PM 
To: af@afmug.com 
Subject: Re: [AFMUG] CDN Overload 


Gather evidence, attempt to work cooperatively, then name and shame if 
necessary. But yes, that's close to my intention. If you do your homework 
properly, the greater networking community is very powerful and will back you. 
Those companies are largely ones that will work with you. Forget Amazon, Sony, 
etc. though. 

I've heard from people seeing this with Microsoft, Akamai, Limelight and Apple. 



- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -


From: "That One Guy /sarcasm" < thatoneguyst...@gmail.com > 
To: af@afmug.com 
Sent: Monday, September 19, 2016 10:16:26 PM 
Subject: Re: [AFMUG] CDN Overload 
Did you just indicate an intention to get a cdn to alter a corporate policy? I 
have a huge satchel, I mean it could probably hold a couple bowling balls, 
reality only fills it with a couple small pecans. Does it hurt? 



On Sep 19, 2016 9:43 PM, "Mike Hammett" < af...@ics-il.net > wrote: 




Have you seen a CDN overloading a customer? Help me gather information on the 
issue. 

What CDN? 
What have you identified the traffic to be? 
What is the access network? 
Where is the rate limiting done? 
How is the rate limiting done (policing vs. queueing, SFQ, PFIFO, etc,, etc.)? 
What is doing the rate limiting? 
What is the rate-limit set to? 
Upstream of the rate-limiter, what are you seeing for inbound traffic? 
One connection or many? 
How much traffic? 
How does other traffic behave when exceeding the rate limit? 
Where is NAT performed? 
What is doing NAT? 
Shared NAT or isolated to that customer? 
Have you done a packet capture before and after the rate limiter? The NAT 
device? 
Would you be willing to send a filtered packet capture (only the frames that 
relate to this CDN) to the CDN if they want it? 



There have been reports of CDNs sending more traffic than the customer can 
handle and ignores TCP convention to slow down. Trying to investigate this 
thoroughly so we can get the CDN to fix their system. Multiple CDNs have been 
shown to do this. 



- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

Re: [AFMUG] CDN Overload

[castarritt .]

What CDN?  Mostly LLNW and Microsoft
What have you identified the traffic to be? Mostly Windows Update
What is the access network? I don't understand the question; PTMP wireless?
Where is the rate limiting done? At the PMP450 Access Point
How is the rate limiting done (policing vs. queueing, SFQ, PFIFO, etc,,
etc.)? However the PMP450 does it; token bucket I think?
What is doing the rate limiting? PMP450
What is the rate-limit set to? Burst up to 15 Mbps, and sustained between
2-10 Mbps depending on plan.
Upstream of the rate-limiter, what are you seeing for inbound traffic? Up
to the burst bandwidth limit, but never higher.
One connection or many? I've seen 30+, but this is rare; it's usually ~5-10.
How much traffic? I don't understand the question.
How does other traffic behave when exceeding the rate limit? Other
applications and services fall apart when most of their packets
get discarded at the PMP450.
Where is NAT performed? NAT to the public IP is performed at our upstream
edge, but there are usually two more layers at the PMP450 CPE, and at the
customer's router.
What is doing NAT? Mikrotik, PMP450, and SOHO router
Shared NAT or isolated to that customer?  Shared public IP for everyone on
that PTMP Access Point.
Have you done a packet capture before and after the rate limiter? The NAT
device? No
Would you be willing to send a filtered packet capture (only the frames
that relate to this CDN) to the CDN if they want it? No

On Mon, Sep 19, 2016 at 9:43 PM, Mike Hammett  wrote:

> Have you seen a CDN overloading a customer? Help me gather information on
> the issue.
>
> What CDN?
> What have you identified the traffic to be?
> What is the access network?
> Where is the rate limiting done?
> How is the rate limiting done (policing vs. queueing, SFQ, PFIFO, etc,,
> etc.)?
> What is doing the rate limiting?
> What is the rate-limit set to?
> Upstream of the rate-limiter, what are you seeing for inbound traffic?
> One connection or many?
> How much traffic?
> How does other traffic behave when exceeding the rate limit?
> Where is NAT performed?
> What is doing NAT?
> Shared NAT or isolated to that customer?
> Have you done a packet capture before and after the rate limiter? The NAT
> device?
> Would you be willing to send a filtered packet capture (only the frames
> that relate to this CDN) to the CDN if they want it?
>
>
>
> There have been reports of CDNs sending more traffic than the customer can
> handle and ignores TCP convention to slow down. Trying to investigate this
> thoroughly so we can get the CDN to fix their system. Multiple CDNs have
> been shown to do this.
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions 
> 
> 
> 
> 
> Midwest Internet Exchange 
> 
> 
> 
> The Brothers WISP 
> 
>
>
> 
>

Re: [AFMUG] LTE RRH vs truck, radio wins

[Robert Andrews]

Do'h...  How far was that fall/fail?


On 09/20/2016 03:30 PM, Eric Kuhnke wrote:

Ouch.

[AFMUG] Who bought all the Mikrotik RB260GS modules?

[Sterling Jacobson]

I need 50 of them and they are backordered until November.

Shame on all of you buying all my ONT/CPE devices!

Does anyone have any to sell?

Re: [AFMUG] Beam me up Scotty...... Quantum Teleportation Moves Out Of Lab As Scientists Achieve Long-Distance Information Transfer Via City Optic Fiber

[Chris Wright]

The data is sent through fiber optic cable while the quantum-entangled particle 
is used for encryption/decryption only. No information is passed faster than 
the speed of light.

Chris Wright
Network Administrator

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Sterling Jacobson
Sent: Tuesday, September 20, 2016 10:50 AM
To: af@afmug.com
Subject: Re: [AFMUG] Beam me up Scotty.. Quantum Teleportation Moves Out Of 
Lab As Scientists Achieve Long-Distance Information Transfer Via City Optic 
Fiber

Couldn’t this theoretically be used to house a quantum particle at your house 
and then ‘connect’ to another server, but then transmit faster than the speed 
of light and with lots of data eventually?

Then our fiber infrastructure would just be for connections only, and not have 
to actually carry the data?


From: Af [mailto:af-boun...@afmug.com] On Behalf Of Jaime Solorza
Sent: Tuesday, September 20, 2016 7:00 AM
To: Animal Farm mailto:af@afmug.com>>
Subject: [AFMUG] Beam me up Scotty.. Quantum Teleportation Moves Out Of Lab 
As Scientists Achieve Long-Distance Information Transfer Via City Optic Fiber


http://www.ibtimes.com/quantum-teleportation-moves-out-lab-scientists-achieve-long-distance-information-2418939

Re: [AFMUG] LTE RRH vs truck, radio wins

[Darin Steffl]

Thank God no one was in the truck lol. Could've ended badly.

On Tue, Sep 20, 2016 at 5:38 PM, Robert Andrews 
wrote:

> Do'h...  How far was that fall/fail?
>
>
> On 09/20/2016 03:30 PM, Eric Kuhnke wrote:
>
>> Ouch.
>>
>>
>>


-- 
Darin Steffl
Minnesota WiFi
www.mnwifi.com
507-634-WiFi
 Like us on Facebook

Re: [AFMUG] LTE RRH vs truck, radio wins

[Jay Weekley]

I hate it when I do that.

Eric Kuhnke wrote:

Ouch.

Re: [AFMUG] Who bought all the Mikrotik RB260GS modules?

[Ken Hohhof]

Roc-Noc shows 27 of the GSP models in stock.

-Original Message- 
From: Sterling Jacobson 
Sent: Tuesday, September 20, 2016 5:46 PM 
To: 'af@afmug.com' 
Subject: [AFMUG] Who bought all the Mikrotik RB260GS modules? 


I need 50 of them and they are backordered until November.

Shame on all of you buying all my ONT/CPE devices!

Does anyone have any to sell?

[AFMUG] OT... My buddy the joker

[Jaime Solorza]

A GOP lackey friend of mine subscribed me to Donald Frumps mailing list..
I blocked it and now getting stuff from gas chamber skittles brat son...
Blocked him... Who is next?   I think I will get back at my friend

Re: [AFMUG] Who bought all the Mikrotik RB260GS modules?

[Gino Villarini]

I have 50 $200 each 😂😂😂

On Tuesday, September 20, 2016, Sterling Jacobson 
wrote:

> I need 50 of them and they are backordered until November.
>
> Shame on all of you buying all my ONT/CPE devices!
>
> Does anyone have any to sell?
>
>
>

Re: [AFMUG] LTE RRH vs truck, radio wins

[Craig Schmaderer]

"Hope that's not a deposit bottle"

Craig Schmaderer
Cell 402-380-1245
Skywave Wireless, Inc.




On Tue, Sep 20, 2016 at 6:17 PM -0500, "Jay Weekley" 
mailto:par...@cyberbroadband.net>> wrote:

I hate it when I do that.

Eric Kuhnke wrote:
> Ouch.
>
>

Re: [AFMUG] Who bought all the Mikrotik RB260GS modules?

[Sterling Jacobson]

Not funny!

I did have to buy them at a slight premium from Flytech Computing.

But at least they have inventory.



From: Af [mailto:af-boun...@afmug.com] On Behalf Of Gino Villarini
Sent: Tuesday, September 20, 2016 6:10 PM
To: af@afmug.com
Subject: Re: [AFMUG] Who bought all the Mikrotik RB260GS modules?

I have 50 $200 each 😂😂😂

On Tuesday, September 20, 2016, Sterling Jacobson 
mailto:sterl...@avative.net>> wrote:
I need 50 of them and they are backordered until November.

Shame on all of you buying all my ONT/CPE devices!

Does anyone have any to sell?

[AFMUG] AT&T Broadband over power

[Jason McKemie]

AT&T just refuses to learn from history:

http://about.att.com/newsroom/att_to_test_delivering_multi_gigabit_wireless_internet_speeds_using_power_lines.html

Re: [AFMUG] AT&T Broadband over power

[Craig Schmaderer]

Sounds like another brilliant idea to waste unlicensed spectrum.
[Image]
Craig Schmaderer
Cell 402-380-1245
Skywave Wireless, Inc.




On Tue, Sep 20, 2016 at 7:34 PM -0500, "Jason McKemie" 
mailto:j.mcke...@veloxinetbroadband.com>> 
wrote:

AT&T just refuses to learn from history:

http://about.att.com/newsroom/att_to_test_delivering_multi_gigabit_wireless_internet_speeds_using_power_lines.html

Re: [AFMUG] AT&T Broadband over power

[Josh Reynolds]

Another company that will likely suck up 3.5 (or whatever), along with
Google, Verizon, and others. :(


On Tue, Sep 20, 2016 at 8:44 PM, Craig Schmaderer 
wrote:

> Sounds like another brilliant idea to waste unlicensed spectrum.
> [image: Image]
> Craig Schmaderer
> Cell 402-380-1245
> Skywave Wireless, Inc.
>
>
>
>
> On Tue, Sep 20, 2016 at 7:34 PM -0500, "Jason McKemie" <
> j.mcke...@veloxinetbroadband.com> wrote:
>
> AT&T just refuses to learn from history:
>
> http://about.att.com/newsroom/att_to_test_delivering_multi_
> gigabit_wireless_internet_speeds_using_power_lines.html
>

[AFMUG] PAL bidding

[Adam Moffett]

Does anyone know how PAL bidding in CBRS is going to work?  I'm too 
tired for deep reading tonight.


My first thought was "maybe we should just bid $1 (or the minimum) for a 
channel in every tract around us just in case nobody else does."


Second thought was "There are only around 73,000 census tracts in the 
US, what stops somebody with deep pockets from bidding $1000 on all of 
them? If I'm Google, why not bid $10,000 each?"

Re: [AFMUG] AT&T Broadband over power

[Adam Moffett]

The subject line might give the wrong impression.  If they were fooling 
with BPL in this day and age that would be worthy of a facepalm for 
sure.  However, the article and the photos in it seem to describe 
millimeter wave repeaters on power line poles.
Gigabit millimeter wave along the path of the lines, and then LTE of 
some type to the end user.


I LOL'd at this sentence though:
"It could also allow for early detection of line integrity issues, such 
as encroaching tree branches."

I bet it could :)



-- Original Message --
From: "Craig Schmaderer" 
To: "af@afmug.com" 
Sent: 9/20/2016 9:44:40 PM
Subject: Re: [AFMUG] AT&T Broadband over power


Sounds like another brilliant idea to waste unlicensed spectrum.

Craig Schmaderer
Cell 402-380-1245
Skywave Wireless, Inc.




On Tue, Sep 20, 2016 at 7:34 PM -0500, "Jason McKemie" 
 wrote:


AT&T just refuses to learn from history:

http://about.att.com/newsroom/att_to_test_delivering_multi_gigabit_wireless_internet_speeds_using_power_lines.html