[AFMUG] ubnt devices intermittantly stop responding to pings

[TJ Trout]

I did a little searching on the forum and I can't see to find anyone who
has ran into this issue, I'm noticing that many of my ubnt devices will
randomly stop responding to pings but the web ui and radio keep passing
traffic normally? within an hour the radio will start responding to pings
again like it never even happened... No power cycling or any intervention
required.

Re: [AFMUG] IPv4 auction alternatives?

[Paul Stewart]

Yeah … that was an insane chunk of change - the MS purchase of Nortel blocks….

JJ and team at Comcast did a stand up job with IPv6 enablement, promotion of it 
etc… 

> On Nov 13, 2016, at 5:47 PM, Mike Hammett  wrote:
> 
> *nods* MS spent how much to get Nortel's blocks?
> 
> Comcast is completely dual stacked...  as they manage their modems through 
> IPv6, not IPv4.
> 
> 
> 
> -
> Mike Hammett
> Intelligent Computing Solutions 
>   
>  
>  
> 
> Midwest Internet Exchange 
>   
>  
> 
> The Brothers WISP 
>  
> 
> 
>  
> From: "Paul Stewart" >
> To: af@afmug.com 
> Sent: Sunday, November 13, 2016 4:45:33 PM
> Subject: Re: [AFMUG] IPv4 auction alternatives?
> 
> Yup .. back in time the major ISP’s were saying “there’s no content on IPv6” 
> … so the content guys responded and through IPv6 day and other initiatives 
> answered back.  That was several years ago and there has been some progress 
> but still lots of small and large players who are slow to get moving …   I 
> feel this pain in $$job where only DSL is dual stack (and recently wireless) 
> but cable modem for example is not ready and it’s going to be a while … 
> 
> The content guys care just as much about IPv6 - they consume massive amount 
> of IPv4 address blocks, especially with even increasing SSL content …..
> 
> 
> On Nov 13, 2016, at 5:35 PM, Mike Hammett  > wrote:
> 
> Many content providers that aren't on Amazon are already completely IPv6, 
> with some dual-stacked elements.  ;-)
> 
> 
> 
> -
> Mike Hammett
> Intelligent Computing Solutions 
>   
>  
>  
> 
> Midwest Internet Exchange 
>   
>  
> 
> The Brothers WISP 
>  
> 
> 
>  
> From: fiber...@mail.com 
> To: af@afmug.com 
> Sent: Sunday, November 13, 2016 4:28:57 PM
> Subject: Re: [AFMUG] IPv4 auction alternatives?
> 
> Content providers like Netflix, Facebook, etc. don't really have any reason 
> to go IPv6 only. Best they can do is start offering IPv6 access also, on top 
> of IPv4. 
> 
> Many content providers don't care. The pain is felt purely on the ISP side. 
> The best we can hope for is that enough ISPs deploy IPv6 (only), so that most 
> content providers can't continue to totally ignore IPv6 in the long term. 
> 
> Not that IPv6 support is always sunshine and roses, as can be seen by Netflix 
> blocking IPv6 tunnels. 
> 
> Jared
>  
>  
> 
> Sent: Sunday, November 13, 2016 at 11:05 PM
> From: "Paul Stewart" >
> To: af@afmug.com 
> Subject: Re: [AFMUG] IPv4 auction alternatives?
> 
> I’m thinking 5 years or less… what it’ll take to start pushing this heavily 
> is for someone like Netflix, Facebook etc to go IPv6 only…. great theory that 
> probably won’t happen unfortunately ….
>  
> 
> On Nov 13, 2016, at 10:54 AM, Chuck McCown  [mailto:ch...@wbmfg.com ]> 
> wrote: 
> 
> That day will come, but I  think it is 5 years in the future or more. 
> 
>  
> 
> From: Cassidy B. Larson
> Sent: Saturday, November 12, 2016 11:16 PM
> To: af@afmug.com 
> Subject: Re: [AFMUG] IPv4 auction alternatives?
>  
> Wonder if I could offer an “IPv6-Only” type of account at a discounted rate.
> They'd get their Netflix, their Facebook and everything else that’s v6 
> reachable. 
> If they can’t get to a v4 only site/service, then they can be the vocal ones 
> complaining to the site owners to get their act in gear.
>  
>  
> 
> On Nov 12, 2016, at 10:47 PM, Sterling Jacobson  > wrote:
>  
> 
> Except that you literally cannot ‘move to IPv6’ and have happy clients yet.
>  
> From: Af [mailto:af-boun...@afmug.com ] On 
> Behalf Of Kurt Fankhauser
> Sent: Saturday, November 12, 2016 7:17 PM
> 

Re: [AFMUG] Trango Security Issue

[Paul Stewart]

True and now it’s been disclosed by a security researcher and this blows up 
badly on the vendor in my opinion….   makes you wonder what else they are doing 
in their software that they are not telling you about - just an example and not 
suggesting there’s more in this case 


> On Nov 13, 2016, at 5:51 PM, Ken Hohhof  wrote:
> 
> Well, it’s not a secret backdoor if you disclose it.
>  
> “You ever flashy thinged me?”
> “No.”
> “I ain’t playing with you, K, you ever flashy thinged me”?
> “No.”
>   <>
> From: Af [mailto:af-boun...@afmug.com ] On 
> Behalf Of Paul Stewart
> Sent: Sunday, November 13, 2016 3:56 PM
> To: af@afmug.com 
> Subject: Re: [AFMUG] Trango Security Issue
>  
> Different people deploy them different ways … good or bad …
>  
> The biggest problem I have with this is when a vendor doesn’t disclose this 
> information and that a customer cannot choose to remove this option if the 
> vendor insists on putting it in place.  
>  
>  
>> On Nov 13, 2016, at 4:35 PM, George Skorup > > wrote:
>>  
>> I don't exactly see the problem, especially with a PTP radio that should 
>> only be accessible from within your network and possibly only from 
>> management subnets/VLANs, too. If it's a public facing piece of equipment 
>> like a router, then sure, I agree.
>> 
>> On 11/13/2016 3:07 PM, Paul Stewart wrote:
>>> Totally disagree with this… we would never let a vendor into our network if 
>>> there was a possibility of this.  It puts our network at risk from their 
>>> stupidity …. 
>>>  
>>> We aggressively look at this when new products are coming into the network 
>>> - realizing that sometimes there’s no way to detect it but it’s a question 
>>> we ask, tests that we run, and hope that our confidence in this being 
>>> possible is low.
>>>  
>>>  
 On Nov 13, 2016, at 11:59 AM, Ken Hohhof > wrote:
  
 Yep.  There are legitimate needs for the factory to have a backdoor

Re: [AFMUG] Trango Security Issue

[Ken Hohhof]

Well, it’s not a secret backdoor if you disclose it.

 

“You ever flashy thinged me?”

“No.”

“I ain’t playing with you, K, you ever flashy thinged me”?

“No.”

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Paul Stewart
Sent: Sunday, November 13, 2016 3:56 PM
To: af@afmug.com
Subject: Re: [AFMUG] Trango Security Issue

 

Different people deploy them different ways … good or bad …

 

The biggest problem I have with this is when a vendor doesn’t disclose this 
information and that a customer cannot choose to remove this option if the 
vendor insists on putting it in place.  

 

 

On Nov 13, 2016, at 4:35 PM, George Skorup  > wrote:

 

I don't exactly see the problem, especially with a PTP radio that should only 
be accessible from within your network and possibly only from management 
subnets/VLANs, too. If it's a public facing piece of equipment like a router, 
then sure, I agree.

On 11/13/2016 3:07 PM, Paul Stewart wrote:

Totally disagree with this… we would never let a vendor into our network if 
there was a possibility of this.  It puts our network at risk from their 
stupidity …. 

 

We aggressively look at this when new products are coming into the network - 
realizing that sometimes there’s no way to detect it but it’s a question we 
ask, tests that we run, and hope that our confidence in this being possible is 
low.

 

 

On Nov 13, 2016, at 11:59 AM, Ken Hohhof  > wrote:

 

Yep.  There are legitimate needs for the factory to have a backdoor

 

 

 

Re: [AFMUG] IPv4 auction alternatives?

[Mike Hammett]

*nods* MS spent how much to get Nortel's blocks? 

Comcast is completely dual stacked... as they manage their modems through IPv6, 
not IPv4. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "Paul Stewart"  
To: af@afmug.com 
Sent: Sunday, November 13, 2016 4:45:33 PM 
Subject: Re: [AFMUG] IPv4 auction alternatives? 

Yup .. back in time the major ISP’s were saying “there’s no content on IPv6” … 
so the content guys responded and through IPv6 day and other initiatives 
answered back. That was several years ago and there has been some progress but 
still lots of small and large players who are slow to get moving … I feel this 
pain in $$$job where only DSL is dual stack (and recently wireless) but cable 
modem for example is not ready and it’s going to be a while … 


The content guys care just as much about IPv6 - they consume massive amount of 
IPv4 address blocks, especially with even increasing SSL content ….. 







On Nov 13, 2016, at 5:35 PM, Mike Hammett < af...@ics-il.net > wrote: 


Many content providers that aren't on Amazon are already completely IPv6, with 
some dual-stacked elements. ;-) 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: fiber...@mail.com 
To: af@afmug.com 
Sent: Sunday, November 13, 2016 4:28:57 PM 
Subject: Re: [AFMUG] IPv4 auction alternatives? 

Content providers like Netflix, Facebook, etc. don't really have any reason to 
go IPv6 only. Best they can do is start offering IPv6 access also, on top of 
IPv4. 

Many content providers don't care. The pain is felt purely on the ISP side. The 
best we can hope for is that enough ISPs deploy IPv6 (only), so that most 
content providers can't continue to totally ignore IPv6 in the long term. 

Not that IPv6 support is always sunshine and roses, as can be seen by Netflix 
blocking IPv6 tunnels. 

Jared 



Sent: Sunday, November 13, 2016 at 11:05 PM 
From: "Paul Stewart" < p...@paulstewart.org > 
To: af@afmug.com 
Subject: Re: [AFMUG] IPv4 auction alternatives? 

I’m thinking 5 years or less… what it’ll take to start pushing this heavily is 
for someone like Netflix, Facebook etc to go IPv6 only…. great theory that 
probably won’t happen unfortunately …. 


On Nov 13, 2016, at 10:54 AM, Chuck McCown < ch...@wbmfg.com [ 
mailto:ch...@wbmfg.com ]> wrote: 

That day will come, but I think it is 5 years in the future or more. 



From: Cassidy B. Larson 
Sent: Saturday, November 12, 2016 11:16 PM 
To: af@afmug.com 
Subject: Re: [AFMUG] IPv4 auction alternatives? 

Wonder if I could offer an “IPv6-Only” type of account at a discounted rate. 
They'd get their Netflix, their Facebook and everything else that’s v6 
reachable. 
If they can’t get to a v4 only site/service, then they can be the vocal ones 
complaining to the site owners to get their act in gear. 



On Nov 12, 2016, at 10:47 PM, Sterling Jacobson < sterl...@avative.net > wrote: 


Except that you literally cannot ‘move to IPv6’ and have happy clients yet. 

From: Af [ mailto:af-boun...@afmug.com ] On Behalf Of Kurt Fankhauser 
Sent: Saturday, November 12, 2016 7:17 PM 
To: af@afmug.com 
Subject: Re: [AFMUG] IPv4 auction alternatives? 


Wow, didn't know that /24's were going for that high. I would move to IPv6 as 
fast as I can! 



On Fri, Nov 11, 2016 at 9:32 PM, Josh Reynolds < j...@kyneticwifi.com > wrote: 
That's actually a pretty good price. 



On Nov 11, 2016 6:42 PM, "Dev" < d...@logicalwebhost.com > wrote: 
Are there any other alternatives than the ipv4auctions.com [ 
http://ipv4auctions.com/ ] style websites, which seem like highway robbery at 
$3584 current bid for a /24? 

Re: [AFMUG] IPv4 auction alternatives?

[Paul Stewart]

Yup .. back in time the major ISP’s were saying “there’s no content on IPv6” … 
so the content guys responded and through IPv6 day and other initiatives 
answered back.  That was several years ago and there has been some progress but 
still lots of small and large players who are slow to get moving …   I feel 
this pain in $$$job where only DSL is dual stack (and recently wireless) but 
cable modem for example is not ready and it’s going to be a while … 

The content guys care just as much about IPv6 - they consume massive amount of 
IPv4 address blocks, especially with even increasing SSL content …..


> On Nov 13, 2016, at 5:35 PM, Mike Hammett  wrote:
> 
> Many content providers that aren't on Amazon are already completely IPv6, 
> with some dual-stacked elements.  ;-)
> 
> 
> 
> -
> Mike Hammett
> Intelligent Computing Solutions 
>   
>  
>  
> 
> Midwest Internet Exchange 
>   
>  
> 
> The Brothers WISP 
>  
> 
> 
>  
> From: fiber...@mail.com 
> To: af@afmug.com 
> Sent: Sunday, November 13, 2016 4:28:57 PM
> Subject: Re: [AFMUG] IPv4 auction alternatives?
> 
> Content providers like Netflix, Facebook, etc. don't really have any reason 
> to go IPv6 only. Best they can do is start offering IPv6 access also, on top 
> of IPv4. 
> 
> Many content providers don't care. The pain is felt purely on the ISP side. 
> The best we can hope for is that enough ISPs deploy IPv6 (only), so that most 
> content providers can't continue to totally ignore IPv6 in the long term. 
> 
> Not that IPv6 support is always sunshine and roses, as can be seen by Netflix 
> blocking IPv6 tunnels. 
> 
> Jared
>  
>  
> 
> Sent: Sunday, November 13, 2016 at 11:05 PM
> From: "Paul Stewart" >
> To: af@afmug.com 
> Subject: Re: [AFMUG] IPv4 auction alternatives?
> 
> I’m thinking 5 years or less… what it’ll take to start pushing this heavily 
> is for someone like Netflix, Facebook etc to go IPv6 only…. great theory that 
> probably won’t happen unfortunately ….
>  
> 
> On Nov 13, 2016, at 10:54 AM, Chuck McCown  [mailto:ch...@wbmfg.com ]> 
> wrote: 
> 
> That day will come, but I  think it is 5 years in the future or more. 
> 
>  
> 
> From: Cassidy B. Larson
> Sent: Saturday, November 12, 2016 11:16 PM
> To: af@afmug.com 
> Subject: Re: [AFMUG] IPv4 auction alternatives?
>  
> Wonder if I could offer an “IPv6-Only” type of account at a discounted rate.
> They'd get their Netflix, their Facebook and everything else that’s v6 
> reachable. 
> If they can’t get to a v4 only site/service, then they can be the vocal ones 
> complaining to the site owners to get their act in gear.
>  
>  
> 
> On Nov 12, 2016, at 10:47 PM, Sterling Jacobson  > wrote:
>  
> 
> Except that you literally cannot ‘move to IPv6’ and have happy clients yet.
>  
> From: Af [mailto:af-boun...@afmug.com ] On 
> Behalf Of Kurt Fankhauser
> Sent: Saturday, November 12, 2016 7:17 PM
> To: af@afmug.com 
> Subject: Re: [AFMUG] IPv4 auction alternatives?
>  
> 
> Wow, didn't know that /24's were going for that high. I would move to IPv6 as 
> fast as I can!
> 
>  
> 
> On Fri, Nov 11, 2016 at 9:32 PM, Josh Reynolds  > wrote:
> That's actually a pretty good price.
> 
>  
> 
> On Nov 11, 2016 6:42 PM, "Dev"  > wrote:
> Are there any other alternatives than the ipv4auctions.com 
> [http://ipv4auctions.com/ 
> ] style websites, which seem like highway robbery 
> at $3584 current bid for a /24?

Re: [AFMUG] IPv4 auction alternatives?

[Mike Hammett]

Many content providers that aren't on Amazon are already completely IPv6, with 
some dual-stacked elements. ;-) 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: fiber...@mail.com 
To: af@afmug.com 
Sent: Sunday, November 13, 2016 4:28:57 PM 
Subject: Re: [AFMUG] IPv4 auction alternatives? 

Content providers like Netflix, Facebook, etc. don't really have any reason to 
go IPv6 only. Best they can do is start offering IPv6 access also, on top of 
IPv4. 

Many content providers don't care. The pain is felt purely on the ISP side. The 
best we can hope for is that enough ISPs deploy IPv6 (only), so that most 
content providers can't continue to totally ignore IPv6 in the long term. 

Not that IPv6 support is always sunshine and roses, as can be seen by Netflix 
blocking IPv6 tunnels. 

Jared 



Sent: Sunday, November 13, 2016 at 11:05 PM 
From: "Paul Stewart"  
To: af@afmug.com 
Subject: Re: [AFMUG] IPv4 auction alternatives? 

I’m thinking 5 years or less… what it’ll take to start pushing this heavily is 
for someone like Netflix, Facebook etc to go IPv6 only…. great theory that 
probably won’t happen unfortunately …. 


On Nov 13, 2016, at 10:54 AM, Chuck McCown 
 wrote: 

That day will come, but I think it is 5 years in the future or more. 



From: Cassidy B. Larson 
Sent: Saturday, November 12, 2016 11:16 PM 
To: af@afmug.com 
Subject: Re: [AFMUG] IPv4 auction alternatives? 

Wonder if I could offer an “IPv6-Only” type of account at a discounted rate. 
They'd get their Netflix, their Facebook and everything else that’s v6 
reachable. 
If they can’t get to a v4 only site/service, then they can be the vocal ones 
complaining to the site owners to get their act in gear. 



On Nov 12, 2016, at 10:47 PM, Sterling Jacobson  wrote: 


Except that you literally cannot ‘move to IPv6’ and have happy clients yet. 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Kurt Fankhauser 
Sent: Saturday, November 12, 2016 7:17 PM 
To: af@afmug.com 
Subject: Re: [AFMUG] IPv4 auction alternatives? 


Wow, didn't know that /24's were going for that high. I would move to IPv6 as 
fast as I can! 



On Fri, Nov 11, 2016 at 9:32 PM, Josh Reynolds  wrote: 
That's actually a pretty good price. 



On Nov 11, 2016 6:42 PM, "Dev"  wrote: 
Are there any other alternatives than the 
ipv4auctions.com[http://ipv4auctions.com/] style websites, which seem like 
highway robbery at $3584 current bid for a /24? 

Re: [AFMUG] Trango Security Issue

[Josh Reynolds]

Consider setting up an openvpn "jump box" for vendors (and yourself!) to
use.

On Nov 13, 2016 4:00 PM, "Bill Prince"  wrote:

> We checked our Trango PTP links, and they all have this issue. They are
> all on private /30 or /29 subnets, but we added a couple firewall rules to
> prevent any SSH interlopers from getting in. Sure, we'll have to disable
> the firewall rules to actually get in to do something, but that doesn't
> happen very often.
>
>
> bp
> 
>
>
> On 11/13/2016 1:35 PM, George Skorup wrote:
>
> I don't exactly see the problem, especially with a PTP radio that should
> only be accessible from within your network and possibly only from
> management subnets/VLANs, too. If it's a public facing piece of equipment
> like a router, then sure, I agree.
>
> On 11/13/2016 3:07 PM, Paul Stewart wrote:
>
> Totally disagree with this… we would never let a vendor into our network
> if there was a possibility of this.  It puts our network at risk from their
> stupidity ….
>
> We aggressively look at this when new products are coming into the network
> - realizing that sometimes there’s no way to detect it but it’s a question
> we ask, tests that we run, and hope that our confidence in this being
> possible is low.
>
>
> On Nov 13, 2016, at 11:59 AM, Ken Hohhof  wrote:
>
> Yep.  There are legitimate needs for the factory to have a backdoor
>
>
>
>
>

Re: [AFMUG] IPv4 auction alternatives?

[fiberrun]

Content providers like Netflix, Facebook, etc. don't really have any reason to 
go IPv6 only. Best they can do is start offering IPv6 access also, on top of 
IPv4. 

Many content providers don't care. The pain is felt purely on the ISP side. The 
best we can hope for is that enough ISPs deploy IPv6 (only), so that most 
content providers can't continue to totally ignore IPv6 in the long term. 

Not that IPv6 support is always sunshine and roses, as can be seen by Netflix 
blocking IPv6 tunnels. 

Jared
 
 

Sent: Sunday, November 13, 2016 at 11:05 PM
From: "Paul Stewart" 
To: af@afmug.com
Subject: Re: [AFMUG] IPv4 auction alternatives?

I’m thinking 5 years or less… what it’ll take to start pushing this heavily is 
for someone like Netflix, Facebook etc to go IPv6 only…. great theory that 
probably won’t happen unfortunately ….
 

On Nov 13, 2016, at 10:54 AM, Chuck McCown 
 wrote: 

That day will come, but I  think it is 5 years in the future or more. 

 

From: Cassidy B. Larson
Sent: Saturday, November 12, 2016 11:16 PM
To: af@afmug.com
Subject: Re: [AFMUG] IPv4 auction alternatives?
 
Wonder if I could offer an “IPv6-Only” type of account at a discounted rate.
They'd get their Netflix, their Facebook and everything else that’s v6 
reachable. 
If they can’t get to a v4 only site/service, then they can be the vocal ones 
complaining to the site owners to get their act in gear.
 
 

On Nov 12, 2016, at 10:47 PM, Sterling Jacobson  wrote:
 

Except that you literally cannot ‘move to IPv6’ and have happy clients yet.
 
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Kurt Fankhauser
Sent: Saturday, November 12, 2016 7:17 PM
To: af@afmug.com
Subject: Re: [AFMUG] IPv4 auction alternatives?
 

Wow, didn't know that /24's were going for that high. I would move to IPv6 as 
fast as I can!

 

On Fri, Nov 11, 2016 at 9:32 PM, Josh Reynolds  wrote:
That's actually a pretty good price.

 

On Nov 11, 2016 6:42 PM, "Dev"  wrote:
Are there any other alternatives than the 
ipv4auctions.com[http://ipv4auctions.com/] style websites, which seem like 
highway robbery at $3584 current bid for a /24?
 

Re: [AFMUG] Trango Security Issue

[Bill Prince]

We checked our Trango PTP links, and they all have this issue. They are 
all on private /30 or /29 subnets, but we added a couple firewall rules 
to prevent any SSH interlopers from getting in. Sure, we'll have to 
disable the firewall rules to actually get in to do something, but that 
doesn't happen very often.



bp


On 11/13/2016 1:35 PM, George Skorup wrote:
I don't exactly see the problem, especially with a PTP radio that 
should only be accessible from within your network and possibly only 
from management subnets/VLANs, too. If it's a public facing piece of 
equipment like a router, then sure, I agree.


On 11/13/2016 3:07 PM, Paul Stewart wrote:
Totally disagree with this… we would never let a vendor into our 
network if there was a possibility of this.  It puts our network at 
risk from their stupidity ….


We aggressively look at this when new products are coming into the 
network - realizing that sometimes there’s no way to detect it but 
it’s a question we ask, tests that we run, and hope that our 
confidence in this being possible is low.



On Nov 13, 2016, at 11:59 AM, Ken Hohhof > wrote:


Yep.  There are legitimate needs for the factory to have a backdoor

Re: [AFMUG] Trango Security Issue

[Paul Stewart]

Different people deploy them different ways … good or bad …

The biggest problem I have with this is when a vendor doesn’t disclose this 
information and that a customer cannot choose to remove this option if the 
vendor insists on putting it in place.  


> On Nov 13, 2016, at 4:35 PM, George Skorup  wrote:
> 
> I don't exactly see the problem, especially with a PTP radio that should only 
> be accessible from within your network and possibly only from management 
> subnets/VLANs, too. If it's a public facing piece of equipment like a router, 
> then sure, I agree.
> 
> On 11/13/2016 3:07 PM, Paul Stewart wrote:
>> Totally disagree with this… we would never let a vendor into our network if 
>> there was a possibility of this.  It puts our network at risk from their 
>> stupidity ….
>> 
>> We aggressively look at this when new products are coming into the network - 
>> realizing that sometimes there’s no way to detect it but it’s a question we 
>> ask, tests that we run, and hope that our confidence in this being possible 
>> is low.
>> 
>> 
>>> On Nov 13, 2016, at 11:59 AM, Ken Hohhof >> > wrote:
>>> 
>>> Yep.  There are legitimate needs for the factory to have a backdoor
>> 
> 

Re: [AFMUG] Trango Security Issue

[George Skorup]

I don't exactly see the problem, especially with a PTP radio that should 
only be accessible from within your network and possibly only from 
management subnets/VLANs, too. If it's a public facing piece of 
equipment like a router, then sure, I agree.


On 11/13/2016 3:07 PM, Paul Stewart wrote:
Totally disagree with this… we would never let a vendor into our 
network if there was a possibility of this.  It puts our network at 
risk from their stupidity ….


We aggressively look at this when new products are coming into the 
network - realizing that sometimes there’s no way to detect it but 
it’s a question we ask, tests that we run, and hope that our 
confidence in this being possible is low.



On Nov 13, 2016, at 11:59 AM, Ken Hohhof > wrote:


Yep.  There are legitimate needs for the factory to have a backdoor

Re: [AFMUG] Trango Security Issue

[Paul Stewart]

Totally disagree with this… we would never let a vendor into our network if 
there was a possibility of this.  It puts our network at risk from their 
stupidity ….

We aggressively look at this when new products are coming into the network - 
realizing that sometimes there’s no way to detect it but it’s a question we 
ask, tests that we run, and hope that our confidence in this being possible is 
low.


> On Nov 13, 2016, at 11:59 AM, Ken Hohhof  wrote:
> 
> Yep.  There are legitimate needs for the factory to have a backdoor

Re: [AFMUG] IPv4 auction alternatives?

[Paul Stewart]

I’m thinking 5 years or less… what it’ll take to start pushing this heavily is 
for someone like Netflix, Facebook etc to go IPv6 only…. great theory that 
probably won’t happen unfortunately ….

> On Nov 13, 2016, at 10:54 AM, Chuck McCown  wrote:
> 
> That day will come, but I  think it is 5 years in the future or more. 
>  
> From: Cassidy B. Larson <>
> Sent: Saturday, November 12, 2016 11:16 PM
> To: af@afmug.com <>
> Subject: Re: [AFMUG] IPv4 auction alternatives?
>  
> Wonder if I could offer an “IPv6-Only” type of account at a discounted rate.
> They'd get their Netflix, their Facebook and everything else that’s v6 
> reachable. 
> If they can’t get to a v4 only site/service, then they can be the vocal ones 
> complaining to the site owners to get their act in gear. 
>  
>> On Nov 12, 2016, at 10:47 PM, Sterling Jacobson > 
>> wrote:
>>  
>> Except that you literally cannot ‘move to IPv6’ and have happy clients yet.
>>  
>> From: Af [mailto:af-boun...@afmug.com <>] On Behalf Of Kurt Fankhauser
>> Sent: Saturday, November 12, 2016 7:17 PM
>> To: af@afmug.com <>
>> Subject: Re: [AFMUG] IPv4 auction alternatives?
>>  
>> Wow, didn't know that /24's were going for that high. I would move to IPv6 
>> as fast as I can!
>>  
>> On Fri, Nov 11, 2016 at 9:32 PM, Josh Reynolds > 
>> wrote:
>>> That's actually a pretty good price.
>>> 
>>>  
>>> On Nov 11, 2016 6:42 PM, "Dev" > wrote:
 Are there any other alternatives than the ipv4auctions.com 
  style websites, which seem like highway robbery 
 at $3584 current bid for a /24?
> 
>  

Re: [AFMUG] IPv4 auction alternatives?

[That One Guy /sarcasm]

thats a prime example of what i said, the fax machine. aside from the non
adopters, you dont see them, but faxes are still really common, but theyre
via ip now, innovation and consumer demand drove a change, its less
expensive to fax now than ever before if you adopt the innovation.
mechanisms were designed to facilitate communication between the old and
new technologies. if you have a fax machine and recieve a fax, you dont
know if it came from a fax or from ring central, and vice versa. the
endpoints have become unimportant because middle mile solved it

On Sun, Nov 13, 2016 at 1:00 PM,  wrote:

> That is funny, back in 1996, an Algerian defense contractor hired me to
> design a phone line sniffer that would decode faxes in real time.  Fun
> project.
>
> Secure it was not.  Perhaps things have advanced from those days.
>
> *From:* Josh Reynolds
> *Sent:* Sunday, November 13, 2016 11:49 AM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] IPv4 auction alternatives?
>
>
> The Federal government considers fax secure.
>
> I have no idea the rationale behind it, but they do.
>
> Applies to HIPAA also.
>
> On Nov 13, 2016 12:44 PM, "Ken Hohhof"  wrote:
>
>> When FAX machines go away, we can start the 10 year countdown for IPv4 to
>> go away.
>>
>>
>>
>> How is FAX still a thing?  But it is, it won’t die, and many businesses
>> absolutely need the ability to send FAXes, even if only to a couple places.
>>
>>
>>
>>
>>
>> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *That One Guy
>> /sarcasm
>> *Sent:* Sunday, November 13, 2016 12:33 PM
>> *To:* af@afmug.com
>> *Subject:* Re: [AFMUG] IPv4 auction alternatives?
>>
>>
>>
>> the interwebs is kind of an innovative industry. Genpop has gotten a
>> taste of ip6, they dont know what it is, but its new and must be better, so
>> theyll demand it. somebody will come up with a solution that gets adopted
>> that doesnt make anybody actually change anything but the world will appear
>> to be all ip6
>>
>>
>>
>> On Sun, Nov 13, 2016 at 10:54 AM, George Skorup 
>> wrote:
>>
>> Josh, I don't disagree with you, but didn't we have this discussion a
>> couple weeks ago? I remember something about issues with DNS64 not quite
>> working as expected.
>>
>>
>>
>> On 11/13/2016 10:49 AM, Josh Reynolds wrote:
>>
>> *facepalm* I guess I have to spell it out.
>>
>> Run ipv6 internal with NAT64 and DNS64. Or DSLite, or just simply
>> dualstack with NAT444 aka CGNAT.
>>
>> We will have need for some ipv4 for the foreseeable future.
>>
>> Nothing is stopping you from running a fully ipv6 internal network
>> assuming you have the proper translation layers in place at either edge
>> (customer edge or transit edge).
>>
>>
>>
>> On Nov 13, 2016 10:40 AM,  wrote:
>>
>> What do you think the 4 stands for in NAT64? You cannot access IPv4
>> resources with IPv4 addresses, even if you use IPv6 everywhere.
>>
>> Jared
>>
>>
>>
>> Sent: Sunday, November 13, 2016 at 5:59 PM
>> From: "Josh Reynolds" 
>> To: af@afmug.com
>> Subject: Re: [AFMUG] IPv4 auction alternatives?
>> NAT64
>> https://en.m.wikipedia.org/wiki/NAT64
>>
>>
>> On Nov 13, 2016 9:54 AM, "Chuck McCown" > wbmfg.com]> wrote:
>>
>> Nope, not if you are v6 and only v6.  No way to get to bazillions of
>> servers that are on v4 still and will be for many moons.
>> You will have to have V4 involved somewhere forever.
>>
>>
>>
>> From: Josh Reynolds
>> Sent: Sunday, November 13, 2016 1:32 AM
>> To: af@afmug.com
>> Subject: Re: [AFMUG] IPv4 auction alternatives?
>>
>> Of course you can. There's many ways to go about it.
>>
>>
>> On Nov 12, 2016 11:47 PM, "Sterling Jacobson" 
>> wrote:
>>
>> Except that you literally cannot ‘move to IPv6’ and have happy clients
>> yet.
>>
>> From: Af [mailto:af-boun...@afmug.com] On Behalf Of Kurt Fankhauser
>> Sent: Saturday, November 12, 2016 7:17 PM
>> To: af@afmug.com
>> Subject: Re: [AFMUG] IPv4 auction alternatives?
>>
>>
>> Wow, didn't know that /24's were going for that high. I would move to
>> IPv6 as fast as I can!
>>
>>
>>
>> On Fri, Nov 11, 2016 at 9:32 PM, Josh Reynolds 
>> wrote:
>>
>> That's actually a pretty good price.
>>
>>
>>
>> On Nov 11, 2016 6:42 PM, "Dev"  wrote:
>> Are there any other alternatives than the ipv4auctions.com[http://ipv4au
>> ctions.com] style websites, which seem like highway robbery at $3584
>> current bid for a /24?
>>
>>
>>
>>
>>
>>
>>
>>
>> --
>>
>> If you only see yourself as part of the team but you don't see your team
>> as part of yourself you have already failed as part of the team.
>>
>


-- 
If you only see yourself as part of the team but you don't see your team as
part of yourself you have already failed as part of the team.

Re: [AFMUG] Site monitor relay temp

[George Skorup]

Haven't messed with that yet, but I will be later this week for an 
enclosure at a new site.


On 11/13/2016 12:55 PM, TJ Trout wrote:
I just updated a site monitor and now it won't turn the relay on with 
temp, my "relay on above" is set to 450 and my current temp reading is 
550 , I was able to manually turn the relay on is there something on 
the binary page that needs to be set? Or is this function broken on 
the lastest firmware?

Re: [AFMUG] gigabit sync injector

[George Skorup]

Yeah, to fully utilize a SyncInjector or PowerInjector+Sync, you need a 
SyncPipe/Box (bare minimum) and a SiteMonitor base unit. I believe 
Forrest said his new stuff with >4 ports will have built-in management.


On 11/13/2016 12:46 PM, ch...@wbmfg.com wrote:

Oh... that would explain it.
*From:* That One Guy /sarcasm
*Sent:* Sunday, November 13, 2016 11:43 AM
*To:* af@afmug.com
*Subject:* Re: [AFMUG] gigabit sync injector
historically you had to have a sitemonitor to manage it
I have a pile of the new ones to deploy, that would be tickly to find 
out theyre independently managable

On Sun, Nov 13, 2016 at 12:39 PM,  wrote:

Trying out one of Forrests new products. Anybody know the default
ip.  Having a hard time finding a manual for it on his website.



--
If you only see yourself as part of the team but you don't see your 
team as part of yourself you have already failed as part of the team.

Re: [AFMUG] IPv4 auction alternatives?

[chuck]

That is funny, back in 1996, an Algerian defense contractor hired me to design 
a phone line sniffer that would decode faxes in real time.  Fun project.  

Secure it was not.  Perhaps things have advanced from those days.  

From: Josh Reynolds 
Sent: Sunday, November 13, 2016 11:49 AM
To: af@afmug.com 
Subject: Re: [AFMUG] IPv4 auction alternatives?

The Federal government considers fax secure.

I have no idea the rationale behind it, but they do.

Applies to HIPAA also.


On Nov 13, 2016 12:44 PM, "Ken Hohhof"  wrote:

  When FAX machines go away, we can start the 10 year countdown for IPv4 to go 
away.



  How is FAX still a thing?  But it is, it won’t die, and many businesses 
absolutely need the ability to send FAXes, even if only to a couple places.





  From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy /sarcasm
  Sent: Sunday, November 13, 2016 12:33 PM
  To: af@afmug.com
  Subject: Re: [AFMUG] IPv4 auction alternatives?



  the interwebs is kind of an innovative industry. Genpop has gotten a taste of 
ip6, they dont know what it is, but its new and must be better, so theyll 
demand it. somebody will come up with a solution that gets adopted that doesnt 
make anybody actually change anything but the world will appear to be all ip6



  On Sun, Nov 13, 2016 at 10:54 AM, George Skorup  wrote:

Josh, I don't disagree with you, but didn't we have this discussion a 
couple weeks ago? I remember something about issues with DNS64 not quite 
working as expected.



On 11/13/2016 10:49 AM, Josh Reynolds wrote:

  *facepalm* I guess I have to spell it out.

  Run ipv6 internal with NAT64 and DNS64. Or DSLite, or just simply 
dualstack with NAT444 aka CGNAT.

  We will have need for some ipv4 for the foreseeable future.

  Nothing is stopping you from running a fully ipv6 internal network 
assuming you have the proper translation layers in place at either edge 
(customer edge or transit edge).



  On Nov 13, 2016 10:40 AM,  wrote:

What do you think the 4 stands for in NAT64? You cannot access IPv4 
resources with IPv4 addresses, even if you use IPv6 everywhere.

Jared
 
 

Sent: Sunday, November 13, 2016 at 5:59 PM
From: "Josh Reynolds" 
To: af@afmug.com
Subject: Re: [AFMUG] IPv4 auction alternatives?
NAT64
https://en.m.wikipedia.org/wiki/NAT64

 
On Nov 13, 2016 9:54 AM, "Chuck McCown" 
 wrote:

Nope, not if you are v6 and only v6.  No way to get to bazillions of 
servers that are on v4 still and will be for many moons.
You will have to have V4 involved somewhere forever. 

 

From: Josh Reynolds
Sent: Sunday, November 13, 2016 1:32 AM
To: af@afmug.com
Subject: Re: [AFMUG] IPv4 auction alternatives?
 
Of course you can. There's many ways to go about it.

 
On Nov 12, 2016 11:47 PM, "Sterling Jacobson"  
wrote:

Except that you literally cannot ‘move to IPv6’ and have happy clients 
yet.
 
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Kurt Fankhauser
Sent: Saturday, November 12, 2016 7:17 PM
To: af@afmug.com
Subject: Re: [AFMUG] IPv4 auction alternatives?
 

Wow, didn't know that /24's were going for that high. I would move to 
IPv6 as fast as I can!

 

On Fri, Nov 11, 2016 at 9:32 PM, Josh Reynolds  
wrote:

That's actually a pretty good price.

 

On Nov 11, 2016 6:42 PM, "Dev"  wrote:
Are there any other alternatives than the 
ipv4auctions.com[http://ipv4auctions.com] style websites, which seem like 
highway robbery at $3584 current bid for a /24?
 









  -- 

  If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.

[AFMUG] Site monitor relay temp

[TJ Trout]

I just updated a site monitor and now it won't turn the relay on with temp,
my "relay on above" is set to 450 and my current temp reading is 550 , I
was able to manually turn the relay on is there something on the binary
page that needs to be set? Or is this function broken on the lastest
firmware?

Re: [AFMUG] IPv4 auction alternatives?

[Josh Reynolds]

The Federal government considers fax secure.

I have no idea the rationale behind it, but they do.

Applies to HIPAA also.

On Nov 13, 2016 12:44 PM, "Ken Hohhof"  wrote:

> When FAX machines go away, we can start the 10 year countdown for IPv4 to
> go away.
>
>
>
> How is FAX still a thing?  But it is, it won’t die, and many businesses
> absolutely need the ability to send FAXes, even if only to a couple places.
>
>
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *That One Guy
> /sarcasm
> *Sent:* Sunday, November 13, 2016 12:33 PM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] IPv4 auction alternatives?
>
>
>
> the interwebs is kind of an innovative industry. Genpop has gotten a taste
> of ip6, they dont know what it is, but its new and must be better, so
> theyll demand it. somebody will come up with a solution that gets adopted
> that doesnt make anybody actually change anything but the world will appear
> to be all ip6
>
>
>
> On Sun, Nov 13, 2016 at 10:54 AM, George Skorup  wrote:
>
> Josh, I don't disagree with you, but didn't we have this discussion a
> couple weeks ago? I remember something about issues with DNS64 not quite
> working as expected.
>
>
>
> On 11/13/2016 10:49 AM, Josh Reynolds wrote:
>
> *facepalm* I guess I have to spell it out.
>
> Run ipv6 internal with NAT64 and DNS64. Or DSLite, or just simply
> dualstack with NAT444 aka CGNAT.
>
> We will have need for some ipv4 for the foreseeable future.
>
> Nothing is stopping you from running a fully ipv6 internal network
> assuming you have the proper translation layers in place at either edge
> (customer edge or transit edge).
>
>
>
> On Nov 13, 2016 10:40 AM,  wrote:
>
> What do you think the 4 stands for in NAT64? You cannot access IPv4
> resources with IPv4 addresses, even if you use IPv6 everywhere.
>
> Jared
>
>
>
> Sent: Sunday, November 13, 2016 at 5:59 PM
> From: "Josh Reynolds" 
> To: af@afmug.com
> Subject: Re: [AFMUG] IPv4 auction alternatives?
> NAT64
> https://en.m.wikipedia.org/wiki/NAT64
>
>
> On Nov 13, 2016 9:54 AM, "Chuck McCown"  wbmfg.com]> wrote:
>
> Nope, not if you are v6 and only v6.  No way to get to bazillions of
> servers that are on v4 still and will be for many moons.
> You will have to have V4 involved somewhere forever.
>
>
>
> From: Josh Reynolds
> Sent: Sunday, November 13, 2016 1:32 AM
> To: af@afmug.com
> Subject: Re: [AFMUG] IPv4 auction alternatives?
>
> Of course you can. There's many ways to go about it.
>
>
> On Nov 12, 2016 11:47 PM, "Sterling Jacobson" 
> wrote:
>
> Except that you literally cannot ‘move to IPv6’ and have happy clients yet.
>
> From: Af [mailto:af-boun...@afmug.com] On Behalf Of Kurt Fankhauser
> Sent: Saturday, November 12, 2016 7:17 PM
> To: af@afmug.com
> Subject: Re: [AFMUG] IPv4 auction alternatives?
>
>
> Wow, didn't know that /24's were going for that high. I would move to IPv6
> as fast as I can!
>
>
>
> On Fri, Nov 11, 2016 at 9:32 PM, Josh Reynolds 
> wrote:
>
> That's actually a pretty good price.
>
>
>
> On Nov 11, 2016 6:42 PM, "Dev"  wrote:
> Are there any other alternatives than the ipv4auctions.com[http://
> ipv4auctions.com] style websites, which seem like highway robbery at
> $3584 current bid for a /24?
>
>
>
>
>
>
>
>
> --
>
> If you only see yourself as part of the team but you don't see your team
> as part of yourself you have already failed as part of the team.
>

Re: [AFMUG] IPv4 auction alternatives?

[chuck]

Seems like doctors and pharmacies have some kind of legal requirement.  They 
are both the only businesses I know of that absolutely demand to have fax.  

From: Ken Hohhof 
Sent: Sunday, November 13, 2016 11:44 AM
To: af@afmug.com 
Subject: Re: [AFMUG] IPv4 auction alternatives?

When FAX machines go away, we can start the 10 year countdown for IPv4 to go 
away.

 

How is FAX still a thing?  But it is, it won’t die, and many businesses 
absolutely need the ability to send FAXes, even if only to a couple places.

 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy /sarcasm
Sent: Sunday, November 13, 2016 12:33 PM
To: af@afmug.com
Subject: Re: [AFMUG] IPv4 auction alternatives?

 

the interwebs is kind of an innovative industry. Genpop has gotten a taste of 
ip6, they dont know what it is, but its new and must be better, so theyll 
demand it. somebody will come up with a solution that gets adopted that doesnt 
make anybody actually change anything but the world will appear to be all ip6

 

On Sun, Nov 13, 2016 at 10:54 AM, George Skorup  wrote:

  Josh, I don't disagree with you, but didn't we have this discussion a couple 
weeks ago? I remember something about issues with DNS64 not quite working as 
expected.

   

  On 11/13/2016 10:49 AM, Josh Reynolds wrote:

*facepalm* I guess I have to spell it out.

Run ipv6 internal with NAT64 and DNS64. Or DSLite, or just simply dualstack 
with NAT444 aka CGNAT.

We will have need for some ipv4 for the foreseeable future.

Nothing is stopping you from running a fully ipv6 internal network assuming 
you have the proper translation layers in place at either edge (customer edge 
or transit edge).

 

On Nov 13, 2016 10:40 AM,  wrote:

  What do you think the 4 stands for in NAT64? You cannot access IPv4 
resources with IPv4 addresses, even if you use IPv6 everywhere.

  Jared
   
   

  Sent: Sunday, November 13, 2016 at 5:59 PM
  From: "Josh Reynolds" 
  To: af@afmug.com
  Subject: Re: [AFMUG] IPv4 auction alternatives?
  NAT64
  https://en.m.wikipedia.org/wiki/NAT64

   
  On Nov 13, 2016 9:54 AM, "Chuck McCown" 
 wrote:

  Nope, not if you are v6 and only v6.  No way to get to bazillions of 
servers that are on v4 still and will be for many moons.
  You will have to have V4 involved somewhere forever. 

   

  From: Josh Reynolds
  Sent: Sunday, November 13, 2016 1:32 AM
  To: af@afmug.com
  Subject: Re: [AFMUG] IPv4 auction alternatives?
   
  Of course you can. There's many ways to go about it.

   
  On Nov 12, 2016 11:47 PM, "Sterling Jacobson"  
wrote:

  Except that you literally cannot ‘move to IPv6’ and have happy clients 
yet.
   
  From: Af [mailto:af-boun...@afmug.com] On Behalf Of Kurt Fankhauser
  Sent: Saturday, November 12, 2016 7:17 PM
  To: af@afmug.com
  Subject: Re: [AFMUG] IPv4 auction alternatives?
   

  Wow, didn't know that /24's were going for that high. I would move to 
IPv6 as fast as I can!

   

  On Fri, Nov 11, 2016 at 9:32 PM, Josh Reynolds  
wrote:

  That's actually a pretty good price.

   

  On Nov 11, 2016 6:42 PM, "Dev"  wrote:
  Are there any other alternatives than the 
ipv4auctions.com[http://ipv4auctions.com] style websites, which seem like 
highway robbery at $3584 current bid for a /24?
   

   





 

-- 

If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.

Re: [AFMUG] gigabit sync injector

[chuck]

Oh... that would explain it.  

From: That One Guy /sarcasm 
Sent: Sunday, November 13, 2016 11:43 AM
To: af@afmug.com 
Subject: Re: [AFMUG] gigabit sync injector

historically you had to have a sitemonitor to manage it 
I have a pile of the new ones to deploy, that would be tickly to find out 
theyre independently managable

On Sun, Nov 13, 2016 at 12:39 PM,  wrote:

  Trying out one of Forrests new products.  Anybody know the default ip.  
Having a hard time finding a manual for it on his website.  




-- 

If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.

Re: [AFMUG] IPv4 auction alternatives?

[Ken Hohhof]

When FAX machines go away, we can start the 10 year countdown for IPv4 to go 
away.

 

How is FAX still a thing?  But it is, it won’t die, and many businesses 
absolutely need the ability to send FAXes, even if only to a couple places.

 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy /sarcasm
Sent: Sunday, November 13, 2016 12:33 PM
To: af@afmug.com
Subject: Re: [AFMUG] IPv4 auction alternatives?

 

the interwebs is kind of an innovative industry. Genpop has gotten a taste of 
ip6, they dont know what it is, but its new and must be better, so theyll 
demand it. somebody will come up with a solution that gets adopted that doesnt 
make anybody actually change anything but the world will appear to be all ip6

 

On Sun, Nov 13, 2016 at 10:54 AM, George Skorup  > wrote:

Josh, I don't disagree with you, but didn't we have this discussion a couple 
weeks ago? I remember something about issues with DNS64 not quite working as 
expected.

 

On 11/13/2016 10:49 AM, Josh Reynolds wrote:

*facepalm* I guess I have to spell it out.

Run ipv6 internal with NAT64 and DNS64. Or DSLite, or just simply dualstack 
with NAT444 aka CGNAT.

We will have need for some ipv4 for the foreseeable future.

Nothing is stopping you from running a fully ipv6 internal network assuming you 
have the proper translation layers in place at either edge (customer edge or 
transit edge).

 

On Nov 13, 2016 10:40 AM,  > wrote:

What do you think the 4 stands for in NAT64? You cannot access IPv4 resources 
with IPv4 addresses, even if you use IPv6 everywhere.

Jared
 
 

Sent: Sunday, November 13, 2016 at 5:59 PM
From: "Josh Reynolds"  >
To: af@afmug.com  
Subject: Re: [AFMUG] IPv4 auction alternatives?
NAT64
https://en.m.wikipedia.org/wiki/NAT64

 
On Nov 13, 2016 9:54 AM, "Chuck McCown"  [mailto:ch...@wbmfg.com  ]> 
wrote:

Nope, not if you are v6 and only v6.  No way to get to bazillions of servers 
that are on v4 still and will be for many moons.
You will have to have V4 involved somewhere forever. 

 

From: Josh Reynolds
Sent: Sunday, November 13, 2016 1:32 AM
To: af@afmug.com  
Subject: Re: [AFMUG] IPv4 auction alternatives?
 
Of course you can. There's many ways to go about it.

 
On Nov 12, 2016 11:47 PM, "Sterling Jacobson"  > wrote:

Except that you literally cannot ‘move to IPv6’ and have happy clients yet.
 
From: Af [mailto:af-boun...@afmug.com  ] On Behalf 
Of Kurt Fankhauser
Sent: Saturday, November 12, 2016 7:17 PM
To: af@afmug.com  
Subject: Re: [AFMUG] IPv4 auction alternatives?
 

Wow, didn't know that /24's were going for that high. I would move to IPv6 as 
fast as I can!

 

On Fri, Nov 11, 2016 at 9:32 PM, Josh Reynolds  > wrote:

That's actually a pretty good price.

 

On Nov 11, 2016 6:42 PM, "Dev"  > wrote:
Are there any other alternatives than the ipv4auctions.com 
 [http://ipv4auctions.com] style websites, which seem 
like highway robbery at $3584 current bid for a /24?
 

 





 

-- 

If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.

Re: [AFMUG] gigabit sync injector

[That One Guy /sarcasm]

historically you had to have a sitemonitor to manage it
I have a pile of the new ones to deploy, that would be tickly to find out
theyre independently managable

On Sun, Nov 13, 2016 at 12:39 PM,  wrote:

> Trying out one of Forrests new products.  Anybody know the default ip.
> Having a hard time finding a manual for it on his website.
>



-- 
If you only see yourself as part of the team but you don't see your team as
part of yourself you have already failed as part of the team.

[AFMUG] gigabit sync injector

[chuck]

Trying out one of Forrests new products.  Anybody know the default ip.  Having 
a hard time finding a manual for it on his website.  

Re: [AFMUG] IPv4 auction alternatives?

[That One Guy /sarcasm]

the interwebs is kind of an innovative industry. Genpop has gotten a taste
of ip6, they dont know what it is, but its new and must be better, so
theyll demand it. somebody will come up with a solution that gets adopted
that doesnt make anybody actually change anything but the world will appear
to be all ip6

On Sun, Nov 13, 2016 at 10:54 AM, George Skorup  wrote:

> Josh, I don't disagree with you, but didn't we have this discussion a
> couple weeks ago? I remember something about issues with DNS64 not quite
> working as expected.
>
>
> On 11/13/2016 10:49 AM, Josh Reynolds wrote:
>
> *facepalm* I guess I have to spell it out.
>
> Run ipv6 internal with NAT64 and DNS64. Or DSLite, or just simply
> dualstack with NAT444 aka CGNAT.
>
> We will have need for some ipv4 for the foreseeable future.
>
> Nothing is stopping you from running a fully ipv6 internal network
> assuming you have the proper translation layers in place at either edge
> (customer edge or transit edge).
>
> On Nov 13, 2016 10:40 AM,  wrote:
>
>> What do you think the 4 stands for in NAT64? You cannot access IPv4
>> resources with IPv4 addresses, even if you use IPv6 everywhere.
>>
>> Jared
>>
>>
>>
>> Sent: Sunday, November 13, 2016 at 5:59 PM
>> From: "Josh Reynolds" 
>> To: af@afmug.com
>> Subject: Re: [AFMUG] IPv4 auction alternatives?
>> NAT64
>> https://en.m.wikipedia.org/wiki/NAT64
>>
>>
>> On Nov 13, 2016 9:54 AM, "Chuck McCown" > wbmfg.com]> wrote:
>>
>> Nope, not if you are v6 and only v6.  No way to get to bazillions of
>> servers that are on v4 still and will be for many moons.
>> You will have to have V4 involved somewhere forever.
>>
>>
>>
>> From: Josh Reynolds
>> Sent: Sunday, November 13, 2016 1:32 AM
>> To: af@afmug.com
>> Subject: Re: [AFMUG] IPv4 auction alternatives?
>>
>> Of course you can. There's many ways to go about it.
>>
>>
>> On Nov 12, 2016 11:47 PM, "Sterling Jacobson" 
>> wrote:
>>
>> Except that you literally cannot ‘move to IPv6’ and have happy clients
>> yet.
>>
>> From: Af [mailto:af-boun...@afmug.com] On Behalf Of Kurt Fankhauser
>> Sent: Saturday, November 12, 2016 7:17 PM
>> To: af@afmug.com
>> Subject: Re: [AFMUG] IPv4 auction alternatives?
>>
>>
>> Wow, didn't know that /24's were going for that high. I would move to
>> IPv6 as fast as I can!
>>
>>
>>
>> On Fri, Nov 11, 2016 at 9:32 PM, Josh Reynolds 
>> wrote:
>> That's actually a pretty good price.
>>
>>
>>
>> On Nov 11, 2016 6:42 PM, "Dev"  wrote:
>> Are there any other alternatives than the ipv4auctions.com[http://ipv4au
>> ctions.com] style websites, which seem like highway robbery at $3584
>> current bid for a /24?
>>
>>
>
>


-- 
If you only see yourself as part of the team but you don't see your team as
part of yourself you have already failed as part of the team.

Re: [AFMUG] IPv4 auction alternatives?

[Josh Reynolds]

Oh there's a literal minefield of issues across the whole landscape, to be
sure :(

Imagine the pre-802.11n / draft-802.11n days? Imagine this be much worse.
It's the protocols, kernel handling, application handling, vendor support,
etc.

On Nov 13, 2016 10:54 AM, "George Skorup"  wrote:

> Josh, I don't disagree with you, but didn't we have this discussion a
> couple weeks ago? I remember something about issues with DNS64 not quite
> working as expected.
>
> On 11/13/2016 10:49 AM, Josh Reynolds wrote:
>
> *facepalm* I guess I have to spell it out.
>
> Run ipv6 internal with NAT64 and DNS64. Or DSLite, or just simply
> dualstack with NAT444 aka CGNAT.
>
> We will have need for some ipv4 for the foreseeable future.
>
> Nothing is stopping you from running a fully ipv6 internal network
> assuming you have the proper translation layers in place at either edge
> (customer edge or transit edge).
>
> On Nov 13, 2016 10:40 AM,  wrote:
>
>> What do you think the 4 stands for in NAT64? You cannot access IPv4
>> resources with IPv4 addresses, even if you use IPv6 everywhere.
>>
>> Jared
>>
>>
>>
>> Sent: Sunday, November 13, 2016 at 5:59 PM
>> From: "Josh Reynolds" 
>> To: af@afmug.com
>> Subject: Re: [AFMUG] IPv4 auction alternatives?
>> NAT64
>> https://en.m.wikipedia.org/wiki/NAT64
>>
>>
>> On Nov 13, 2016 9:54 AM, "Chuck McCown" > wbmfg.com]> wrote:
>>
>> Nope, not if you are v6 and only v6.  No way to get to bazillions of
>> servers that are on v4 still and will be for many moons.
>> You will have to have V4 involved somewhere forever.
>>
>>
>>
>> From: Josh Reynolds
>> Sent: Sunday, November 13, 2016 1:32 AM
>> To: af@afmug.com
>> Subject: Re: [AFMUG] IPv4 auction alternatives?
>>
>> Of course you can. There's many ways to go about it.
>>
>>
>> On Nov 12, 2016 11:47 PM, "Sterling Jacobson" 
>> wrote:
>>
>> Except that you literally cannot ‘move to IPv6’ and have happy clients
>> yet.
>>
>> From: Af [mailto:af-boun...@afmug.com] On Behalf Of Kurt Fankhauser
>> Sent: Saturday, November 12, 2016 7:17 PM
>> To: af@afmug.com
>> Subject: Re: [AFMUG] IPv4 auction alternatives?
>>
>>
>> Wow, didn't know that /24's were going for that high. I would move to
>> IPv6 as fast as I can!
>>
>>
>>
>> On Fri, Nov 11, 2016 at 9:32 PM, Josh Reynolds 
>> wrote:
>> That's actually a pretty good price.
>>
>>
>>
>> On Nov 11, 2016 6:42 PM, "Dev"  wrote:
>> Are there any other alternatives than the ipv4auctions.com[http://ipv4au
>> ctions.com] style websites, which seem like highway robbery at $3584
>> current bid for a /24?
>>
>>
>
>

Re: [AFMUG] Trango Security Issue

[Ken Hohhof]

Yep.  There are legitimate needs for the factory to have a backdoor, I assume 
Trango regularly bails out customers using that capability.  But a 
cryptographic key that the factory can generate from the MAC address seems an 
ideal solution.  Is there anything keeping Trango (and other vendors) from 
moving to this via a firmware upgrade?

 

No way to fix already deployed equipment without a firmware upgrade (or a time 
machine).  And if you don’t upgrade firmware on critical infrastructure, well, 
to quote Pogo, we have met the enemy and he is us.

 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Josh Reynolds
Sent: Saturday, November 12, 2016 3:14 PM
To: af@afmug.com
Subject: Re: [AFMUG] Trango Security Issue

 

+1

 

On Nov 12, 2016 1:37 PM, "Colin Stanners"  wrote:

Any security holes are perfectly secure until they are discovered. Having a 
backdoor into your products can be argued as good or bad, mostly depending on 
whether customers know or not.

But the crux is that having a hard-coded password on devices is still 
monumentally stupid, when it's trivially easy to secure a backdoor in such 
cases (as long as the private key isn't stolen), e.g. the method of the 
password being a hash of the unit's MAC address run through public key 
cryptography.. that way customers need to contact tech support with the unit's 
MAC address to get the reset password. 



 

On Sat, Nov 12, 2016 at 1:17 PM, Chris Gustaf  > wrote:

A couple clarifications on this-

 

1) All Trango microwave products have separate control and data planes, so root 
level access does not allow any packet sniffing. No user data goes through the 
CPU.

 

2) Trango investigated using a Salt to make each root level password unique, 
but opted against it since our support team frequently has been requested to 
access radios where the user level passwords were forgotten and reset to 
defaults. Without a known root password, a tower climb may be required to 
physically reset the radio to factory.

 

3) Trango opted instead to periodically change root passwords on firmware 
updates.

 

The current method has worked well for 10 years with no breaches reported to 
us. In fact, Trango has passed PCI compliance testing with it's SL24 product 
using this method.

 

That said, we would welcome a discussion on this since this type of tower 
mounted product differs from other network devices residing in a network closet.

 

Regards,

 

Chris Gustaf

Trango Engineering

 

 

 

 

 



Sent from my mobile


On Nov 12, 2016, at 4:09 AM, Paul Stewart  > wrote:

Yikes….

 

 

 

[+] Credits: Ian Ling
[+] Website: iancaling.com  
[+] Source: http://blog.iancaling.com/post/153011925478/

Vendor:
=
www.trangosys.com  

Products:
==
All models. Newer versions use a different password.

Vulnerability Type:
===
Default Root Account

CVE Reference:
==
N/A

Vulnerability Details:
=

Trango devices all have a built-in, hidden root account, with a default 
password that is the same across many devices and software revisions. This 
account is accessible via ssh and grants access to the underlying embedded unix 
OS on the device, allowing full control over it. Recent software updates for 
some models have changed this password, but have not removed this backdoor. See 
source above for details on how the password was found.

The particular password I found is 9 characters, all lowercase, no numbers: 
"bakergiga"
Their support team informed me that there is a different password on newer 
devices.

The password I found works on the following devices:

-Apex <= 2.1.1 (latest)
-ApexLynx < 2.0
-ApexOrion < 2.0
-ApexPlus <= 3.2.0 (latest)
-Giga <= 2.6.1 (latest)
-GigaLynx < 2.0
-GigaOrion < 2.0
-GigaPlus <= 3.2.3 (latest)
-GigaPro <= 1.4.1 (latest)
-StrataLink < 3.0
-StrataPro - all versions?

Impact:
The remote attacker has full control over the device, including shell access. 
This can lead to packet sniffing and tampering, bricking the device, and use in 
botnets.


Disclosure Timeline:
===
Vendor Notification: October 7, 2016
Public Disclosure: November 10, 2016

Exploitation Technique:
===
Remote

Severity Level:

Critical

 

Re: [AFMUG] IPv4 auction alternatives?

[George Skorup]

Josh, I don't disagree with you, but didn't we have this discussion a 
couple weeks ago? I remember something about issues with DNS64 not quite 
working as expected.


On 11/13/2016 10:49 AM, Josh Reynolds wrote:


*facepalm* I guess I have to spell it out.

Run ipv6 internal with NAT64 and DNS64. Or DSLite, or just simply 
dualstack with NAT444 aka CGNAT.


We will have need for some ipv4 for the foreseeable future.

Nothing is stopping you from running a fully ipv6 internal network 
assuming you have the proper translation layers in place at either 
edge (customer edge or transit edge).



On Nov 13, 2016 10:40 AM, > wrote:


What do you think the 4 stands for in NAT64? You cannot access
IPv4 resources with IPv4 addresses, even if you use IPv6 everywhere.

Jared



Sent: Sunday, November 13, 2016 at 5:59 PM
From: "Josh Reynolds" >
To: af@afmug.com 
Subject: Re: [AFMUG] IPv4 auction alternatives?
NAT64
https://en.m.wikipedia.org/wiki/NAT64



On Nov 13, 2016 9:54 AM, "Chuck McCown" [mailto:ch...@wbmfg.com
]> wrote:

Nope, not if you are v6 and only v6.  No way to get to bazillions
of servers that are on v4 still and will be for many moons.
You will have to have V4 involved somewhere forever.



From: Josh Reynolds
Sent: Sunday, November 13, 2016 1:32 AM
To: af@afmug.com 
Subject: Re: [AFMUG] IPv4 auction alternatives?

Of course you can. There's many ways to go about it.


On Nov 12, 2016 11:47 PM, "Sterling Jacobson"
> wrote:

Except that you literally cannot ‘move to IPv6’ and have happy
clients yet.

From: Af [mailto:af-boun...@afmug.com
] On Behalf Of Kurt Fankhauser
Sent: Saturday, November 12, 2016 7:17 PM
To: af@afmug.com 
Subject: Re: [AFMUG] IPv4 auction alternatives?


Wow, didn't know that /24's were going for that high. I would move
to IPv6 as fast as I can!



On Fri, Nov 11, 2016 at 9:32 PM, Josh Reynolds
> wrote:
That's actually a pretty good price.



On Nov 11, 2016 6:42 PM, "Dev" > wrote:
Are there any other alternatives than the ipv4auctions.com
[http://ipv4auctions.com
] style websites, which seem like highway
robbery at $3584 current bid for a /24?

Re: [AFMUG] IPv4 auction alternatives?

[Josh Reynolds]

*facepalm* I guess I have to spell it out.

Run ipv6 internal with NAT64 and DNS64. Or DSLite, or just simply dualstack
with NAT444 aka CGNAT.

We will have need for some ipv4 for the foreseeable future.

Nothing is stopping you from running a fully ipv6 internal network assuming
you have the proper translation layers in place at either edge (customer
edge or transit edge).

On Nov 13, 2016 10:40 AM,  wrote:

> What do you think the 4 stands for in NAT64? You cannot access IPv4
> resources with IPv4 addresses, even if you use IPv6 everywhere.
>
> Jared
>
>
>
> Sent: Sunday, November 13, 2016 at 5:59 PM
> From: "Josh Reynolds" 
> To: af@afmug.com
> Subject: Re: [AFMUG] IPv4 auction alternatives?
> NAT64
> https://en.m.wikipedia.org/wiki/NAT64
>
>
> On Nov 13, 2016 9:54 AM, "Chuck McCown"  wbmfg.com]> wrote:
>
> Nope, not if you are v6 and only v6.  No way to get to bazillions of
> servers that are on v4 still and will be for many moons.
> You will have to have V4 involved somewhere forever.
>
>
>
> From: Josh Reynolds
> Sent: Sunday, November 13, 2016 1:32 AM
> To: af@afmug.com
> Subject: Re: [AFMUG] IPv4 auction alternatives?
>
> Of course you can. There's many ways to go about it.
>
>
> On Nov 12, 2016 11:47 PM, "Sterling Jacobson" 
> wrote:
>
> Except that you literally cannot ‘move to IPv6’ and have happy clients yet.
>
> From: Af [mailto:af-boun...@afmug.com] On Behalf Of Kurt Fankhauser
> Sent: Saturday, November 12, 2016 7:17 PM
> To: af@afmug.com
> Subject: Re: [AFMUG] IPv4 auction alternatives?
>
>
> Wow, didn't know that /24's were going for that high. I would move to IPv6
> as fast as I can!
>
>
>
> On Fri, Nov 11, 2016 at 9:32 PM, Josh Reynolds 
> wrote:
> That's actually a pretty good price.
>
>
>
> On Nov 11, 2016 6:42 PM, "Dev"  wrote:
> Are there any other alternatives than the ipv4auctions.com[http://
> ipv4auctions.com] style websites, which seem like highway robbery at
> $3584 current bid for a /24?
>
>

Re: [AFMUG] IPv4 auction alternatives?

[Chuck McCown]

But you have to have V4 hooked to the NAT device.  Nothing will let you go V6 
with V4 not appearing anywhere in your network.   

From: Josh Reynolds 
Sent: Sunday, November 13, 2016 8:59 AM
To: af@afmug.com 
Subject: Re: [AFMUG] IPv4 auction alternatives?

NAT64
https://en.m.wikipedia.org/wiki/NAT64


On Nov 13, 2016 9:54 AM, "Chuck McCown"  wrote:

  Nope, not if you are v6 and only v6.  No way to get to bazillions of servers 
that are on v4 still and will be for many moons.
  You will have to have V4 involved somewhere forever.  

  From: Josh Reynolds 
  Sent: Sunday, November 13, 2016 1:32 AM
  To: af@afmug.com 
  Subject: Re: [AFMUG] IPv4 auction alternatives?

  Of course you can. There's many ways to go about it.


  On Nov 12, 2016 11:47 PM, "Sterling Jacobson"  wrote:

Except that you literally cannot ‘move to IPv6’ and have happy clients yet.



From: Af [mailto:af-boun...@afmug.com] On Behalf Of Kurt Fankhauser
Sent: Saturday, November 12, 2016 7:17 PM
To: af@afmug.com
Subject: Re: [AFMUG] IPv4 auction alternatives?



Wow, didn't know that /24's were going for that high. I would move to IPv6 
as fast as I can! 



On Fri, Nov 11, 2016 at 9:32 PM, Josh Reynolds  wrote:

  That's actually a pretty good price.



  On Nov 11, 2016 6:42 PM, "Dev"  wrote:

Are there any other alternatives than the ipv4auctions.com style 
websites, which seem like highway robbery at $3584 current bid for a /24?

Re: [AFMUG] IPv4 auction alternatives?

[fiberrun]

What do you think the 4 stands for in NAT64? You cannot access IPv4 resources 
with IPv4 addresses, even if you use IPv6 everywhere. 

Jared
 
 

Sent: Sunday, November 13, 2016 at 5:59 PM
From: "Josh Reynolds" 
To: af@afmug.com
Subject: Re: [AFMUG] IPv4 auction alternatives?
NAT64
https://en.m.wikipedia.org/wiki/NAT64

 
On Nov 13, 2016 9:54 AM, "Chuck McCown" 
 wrote:

Nope, not if you are v6 and only v6.  No way to get to bazillions of servers 
that are on v4 still and will be for many moons.
You will have to have V4 involved somewhere forever. 

 

From: Josh Reynolds
Sent: Sunday, November 13, 2016 1:32 AM
To: af@afmug.com
Subject: Re: [AFMUG] IPv4 auction alternatives?
 
Of course you can. There's many ways to go about it.

 
On Nov 12, 2016 11:47 PM, "Sterling Jacobson"  wrote:

Except that you literally cannot ‘move to IPv6’ and have happy clients yet.
 
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Kurt Fankhauser
Sent: Saturday, November 12, 2016 7:17 PM
To: af@afmug.com
Subject: Re: [AFMUG] IPv4 auction alternatives?
 

Wow, didn't know that /24's were going for that high. I would move to IPv6 as 
fast as I can!

 

On Fri, Nov 11, 2016 at 9:32 PM, Josh Reynolds  wrote:
That's actually a pretty good price.

 

On Nov 11, 2016 6:42 PM, "Dev"  wrote:
Are there any other alternatives than the 
ipv4auctions.com[http://ipv4auctions.com] style websites, which seem like 
highway robbery at $3584 current bid for a /24?
 

Re: [AFMUG] IPv4 auction alternatives?

[Josh Reynolds]

NAT64
https://en.m.wikipedia.org/wiki/NAT64

On Nov 13, 2016 9:54 AM, "Chuck McCown"  wrote:

> Nope, not if you are v6 and only v6.  No way to get to bazillions of
> servers that are on v4 still and will be for many moons.
> You will have to have V4 involved somewhere forever.
>
> *From:* Josh Reynolds
> *Sent:* Sunday, November 13, 2016 1:32 AM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] IPv4 auction alternatives?
>
>
> Of course you can. There's many ways to go about it.
>
> On Nov 12, 2016 11:47 PM, "Sterling Jacobson" 
> wrote:
>
>> Except that you literally cannot ‘move to IPv6’ and have happy clients
>> yet.
>>
>>
>>
>> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Kurt Fankhauser
>> *Sent:* Saturday, November 12, 2016 7:17 PM
>> *To:* af@afmug.com
>> *Subject:* Re: [AFMUG] IPv4 auction alternatives?
>>
>>
>>
>> Wow, didn't know that /24's were going for that high. I would move to
>> IPv6 as fast as I can!
>>
>>
>>
>> On Fri, Nov 11, 2016 at 9:32 PM, Josh Reynolds 
>> wrote:
>>
>> That's actually a pretty good price.
>>
>>
>>
>> On Nov 11, 2016 6:42 PM, "Dev"  wrote:
>>
>> Are there any other alternatives than the ipv4auctions.com style
>> websites, which seem like highway robbery at $3584 current bid for a /24?
>>
>>
>>
>

Re: [AFMUG] IPv4 auction alternatives?

[Chuck McCown]

That day will come, but I  think it is 5 years in the future or more.  

From: Cassidy B. Larson 
Sent: Saturday, November 12, 2016 11:16 PM
To: af@afmug.com 
Subject: Re: [AFMUG] IPv4 auction alternatives?

Wonder if I could offer an “IPv6-Only” type of account at a discounted rate. 
They'd get their Netflix, their Facebook and everything else that’s v6 
reachable.  
If they can’t get to a v4 only site/service, then they can be the vocal ones 
complaining to the site owners to get their act in gear. 


  On Nov 12, 2016, at 10:47 PM, Sterling Jacobson  wrote:

  Except that you literally cannot ‘move to IPv6’ and have happy clients yet.
   
  From: Af [mailto:af-boun...@afmug.com] On Behalf Of Kurt Fankhauser
  Sent: Saturday, November 12, 2016 7:17 PM
  To: af@afmug.com
  Subject: Re: [AFMUG] IPv4 auction alternatives?
   
  Wow, didn't know that /24's were going for that high. I would move to IPv6 as 
fast as I can!
   
  On Fri, Nov 11, 2016 at 9:32 PM, Josh Reynolds  wrote:
That's actually a pretty good price.

 
On Nov 11, 2016 6:42 PM, "Dev"  wrote:
  Are there any other alternatives than the ipv4auctions.com style 
websites, which seem like highway robbery at $3584 current bid for a /24?

Re: [AFMUG] IPv4 auction alternatives?

[Chuck McCown]

Nope, not if you are v6 and only v6.  No way to get to bazillions of servers 
that are on v4 still and will be for many moons.
You will have to have V4 involved somewhere forever.  

From: Josh Reynolds 
Sent: Sunday, November 13, 2016 1:32 AM
To: af@afmug.com 
Subject: Re: [AFMUG] IPv4 auction alternatives?

Of course you can. There's many ways to go about it.


On Nov 12, 2016 11:47 PM, "Sterling Jacobson"  wrote:

  Except that you literally cannot ‘move to IPv6’ and have happy clients yet.



  From: Af [mailto:af-boun...@afmug.com] On Behalf Of Kurt Fankhauser
  Sent: Saturday, November 12, 2016 7:17 PM
  To: af@afmug.com
  Subject: Re: [AFMUG] IPv4 auction alternatives?



  Wow, didn't know that /24's were going for that high. I would move to IPv6 as 
fast as I can! 



  On Fri, Nov 11, 2016 at 9:32 PM, Josh Reynolds  wrote:

That's actually a pretty good price.



On Nov 11, 2016 6:42 PM, "Dev"  wrote:

  Are there any other alternatives than the ipv4auctions.com style 
websites, which seem like highway robbery at $3584 current bid for a /24?

Re: [AFMUG] Trango Security Issue

[Paul Stewart]

Haven’t been a customer in years but I’ll still comment..

1) Sure that’s nice … but doesn’t mean damage can’t be done
2) Sure passwords get lost - but if a tower climb to hit a reset button is the 
only option then so be it instead of a fixed root “backdoor” password…. I think 
that part that is most disturbing is the surprise customers will get from this 
being disclosed and how that would effect their trust in their vendor.  
3) You’re assuming customers upgrade their firmware.  I know of some folks with 
Tlink10’s out there that never seen a firmware upgrade ever - probably deployed 
for 10 years now I’m guessing.

10 years doesn’t make it right.  How do you know it worked well?  Just because 
something isn’t reported doesn’t mean it wasn’t a problem.

PCI compliance doesn’t mean something has a higher level of security and 
follows non-stupid practices.  With a backdoor vendor password,  you have 
essentially put all of your customers networks at risk and provide them with 
very limited means to protect themselves.

Just my two cents worth

Paul


> On Nov 12, 2016, at 2:17 PM, Chris Gustaf  wrote:
> 
> A couple clarifications on this-
> 
> 1) All Trango microwave products have separate control and data planes, so 
> root level access does not allow any packet sniffing. No user data goes 
> through the CPU.
> 
> 2) Trango investigated using a Salt to make each root level password unique, 
> but opted against it since our support team frequently has been requested to 
> access radios where the user level passwords were forgotten and reset to 
> defaults. Without a known root password, a tower climb may be required to 
> physically reset the radio to factory.
> 
> 3) Trango opted instead to periodically change root passwords on firmware 
> updates.
> 
> The current method has worked well for 10 years with no breaches reported to 
> us. In fact, Trango has passed PCI compliance testing with it's SL24 product 
> using this method.
> 
> That said, we would welcome a discussion on this since this type of tower 
> mounted product differs from other network devices residing in a network 
> closet.
> 
> Regards,
> 
> Chris Gustaf
> Trango Engineering
> 
> 
> 
> 
> 
> 
> 
> Sent from my mobile
> 
> On Nov 12, 2016, at 4:09 AM, Paul Stewart  > wrote:
> 
>> Yikes….
>> 
>> 
>> 
>> [+] Credits: Ian Ling
>> [+] Website: iancaling.com 
>> [+] Source: http://blog.iancaling.com/post/153011925478/ 
>> 
>> 
>> Vendor:
>> =
>> www.trangosys.com 
>> 
>> Products:
>> ==
>> All models. Newer versions use a different password.
>> 
>> Vulnerability Type:
>> ===
>> Default Root Account
>> 
>> CVE Reference:
>> ==
>> N/A
>> 
>> Vulnerability Details:
>> =
>> 
>> Trango devices all have a built-in, hidden root account, with a default 
>> password that is the same across many devices and software revisions. This 
>> account is accessible via ssh and grants access to the underlying embedded 
>> unix OS on the device, allowing full control over it. Recent software 
>> updates for some models have changed this password, but have not removed 
>> this backdoor. See source above for details on how the password was found.
>> 
>> The particular password I found is 9 characters, all lowercase, no numbers: 
>> "bakergiga"
>> Their support team informed me that there is a different password on newer 
>> devices.
>> 
>> The password I found works on the following devices:
>> 
>> -Apex <= 2.1.1 (latest)
>> -ApexLynx < 2.0
>> -ApexOrion < 2.0
>> -ApexPlus <= 3.2.0 (latest)
>> -Giga <= 2.6.1 (latest)
>> -GigaLynx < 2.0
>> -GigaOrion < 2.0
>> -GigaPlus <= 3.2.3 (latest)
>> -GigaPro <= 1.4.1 (latest)
>> -StrataLink < 3.0
>> -StrataPro - all versions?
>> 
>> Impact:
>> The remote attacker has full control over the device, including shell 
>> access. This can lead to packet sniffing and tampering, bricking the device, 
>> and use in botnets.
>> 
>> 
>> Disclosure Timeline:
>> ===
>> Vendor Notification: October 7, 2016
>> Public Disclosure: November 10, 2016
>> 
>> Exploitation Technique:
>> ===
>> Remote
>> 
>> Severity Level:
>> 
>> Critical
>> 

Re: [AFMUG] IPv4 auction alternatives?

[Josh Reynolds]

Of course you can. There's many ways to go about it.

On Nov 12, 2016 11:47 PM, "Sterling Jacobson"  wrote:

> Except that you literally cannot ‘move to IPv6’ and have happy clients yet.
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Kurt Fankhauser
> *Sent:* Saturday, November 12, 2016 7:17 PM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] IPv4 auction alternatives?
>
>
>
> Wow, didn't know that /24's were going for that high. I would move to IPv6
> as fast as I can!
>
>
>
> On Fri, Nov 11, 2016 at 9:32 PM, Josh Reynolds 
> wrote:
>
> That's actually a pretty good price.
>
>
>
> On Nov 11, 2016 6:42 PM, "Dev"  wrote:
>
> Are there any other alternatives than the ipv4auctions.com style
> websites, which seem like highway robbery at $3584 current bid for a /24?
>
>
>