Re: Kornet/ChinaNet was Re: ChinaNet Contacts
On Fri, 18 Feb 2005 09:43:05 +, Alex Bligh <[EMAIL PROTECTED]> wrote: > --On 18 February 2005 08:32 + Simon Waters <[EMAIL PROTECTED]> wrote: > > > Whilst I can appreciate that Kornet may have issues with a lot of > > broadband users, but the other big Korean company seems to have it > > solved. What I see is what appear to be (using whois data!) US companies > > buying transit from them. > > How are US companies with Korean offices meant to take connectivity > then? I think what Simon has been seeing is the Wholesalebandwidth AS -- Suresh Ramasubramanian ([EMAIL PROTECTED])
Re: Kornet/ChinaNet was Re: ChinaNet Contacts
--On 18 February 2005 08:32 + Simon Waters <[EMAIL PROTECTED]> wrote: Whilst I can appreciate that Kornet may have issues with a lot of broadband users, but the other big Korean company seems to have it solved. What I see is what appear to be (using whois data!) US companies buying transit from them. How are US companies with Korean offices meant to take connectivity then? Alex
Kornet/ChinaNet was Re: ChinaNet Contacts
On Thursday 17 Feb 2005 8:11 pm, Dave Crocker wrote: > > Any chance of trying to get some granularity to this? As I understand > their operation, there are enormous differences among the operations in > different provinces. 220.175 550 ChinaNet Jiangxi not wanted here see SBL12656 Persistent email abuse that led to the email server being overwhelmed on occaisons, we introduce these manually, and cross reference them against the big block list databases to ensure it is a "persistent" issue. We use blocking only to protect our own SMTP service not for filtering purposes. Kornet Whilst I can appreciate that Kornet may have issues with a lot of broadband users, but the other big Korean company seems to have it solved. What I see is what appear to be (using whois data!) US companies buying transit from them. I'm no routing guru, but I assume it must be pretty obvious to Kornet if some small US company starts buying transit from them (rather than say some local US telecom provider) that they want it for nefarious purposes?! Or is there something going on here that makes Kornet look unduely bad. Anyone got a handle on what is going on in that regard.
Re: ChinaNet Contacts
On Thu, 17 Feb 2005 10:48:40 -0800 (PST), Dan Hollis <[EMAIL PROTECTED]> wrote: > From what I understand the answer is no. People I know who have attended > asia-pacific regional network meetings described them as "clueless". > Unfortunately the same goes for kornet. :-/ If anybody here is attending APRICOT 2005 in Kyoto this week, and is interested in this issue, there'll be a bunch of chinanet people and I think at least one guy from the Chinese CERT around in the security and antispam tracks on 2/24 That's in addition to Dave Crocker, Jim Fenton etc as speakers :) --srs -- Suresh Ramasubramanian ([EMAIL PROTECTED])
Re: ChinaNet Contacts
On Thu, 17 Feb 2005, Dave O'Shea wrote: > They do have people in an LA office, as I got a call > from one of them when I had a BGP session to them go > down due to a max-prefix which had been exceeded. > > I guess if you have three times the population of the > US, you're going to have one or two "black hats". Despite China playing a role in spam distribution, almost all hardcore spammers are from US, in fact there is really no big spamhouse there. Now, I'm sure they do have their own blackhats, but if anything I know is true even if they are three times size of US, number of blackhats there is probably 3-10 times smaller and I'd not be surprised if all scans you see from China are really blackhats from US and other countries who rented computer there. So its not the blackhats that is a problem in China, its the corruption which is always present in communist and similar seemingly state-controlled totalitarian societies. Add to that, US & EU money has greater value in China and you will understand how its possible that they pretend to not have received reports and delay removing abusers. Note that while corruption is worse when its present at or near the top, that one is easier to deal with if you get to the right people, but its the corruption at the bottom which has become rooted, that is most difficult to get rid of. And with Chinanet being so large and largely organized so that provinces and individual cities have more control then the center, you can see why it may take some time until current efforts by spamhaus and others have overall result. -- William Leibzon Elan Networks [EMAIL PROTECTED]
Re: ChinaNet Contacts
On Thu, 17 Feb 2005, Gadi Evron wrote: > It would still be my guess there are more black hats in the US. yahoo and hotmail come close, but it will take some real balls to top chinanet's official blackhat lying autoresponder: "In your SPAM eMail,I can't find the IP or the IP is not by my control.Please give me the correct IP.Thank you." hats dont get any darker than that. -Dan
Re: ChinaNet Contacts
Yo Vladis! Those of us who have *enough* trouble keeping our own broadband users zombie-free should be glad we're not the Korean CIRT staff. *THEY* got handed an entire *COUNTRY* full of clueless users on high-speed connections. Indeed, KrCERT is doing a very good job at cluing KR. They are very good at handling incidents as well. China.. now that's a different problem. So many organizations and no clue as to who to contact. Their CERT is a part of FIRST, but that's about it as far as *I* know. But hey, we are a community. This is where we make this happen. On my personal back yard, Israeli ISP's are divided to those who don't care, and the few that make an effort. As it is my back yard, if you ever need help with an incident, please ping me. Gadi.
Re: ChinaNet Contacts
Dave O'Shea wrote: They do have people in an LA office, as I got a call from one of them when I had a BGP session to them go down due to a max-prefix which had been exceeded. I guess if you have three times the population of the US, you're going to have one or two "black hats". Undoubtedly. It would still be my guess there are more black hats in the US. The problem with China is a ton of compromised machines and close to no incident and abuse handling. Not to mention centralized coordination. Gadi.
Re: ChinaNet Contacts
Hi Jon, there were two guys at nanog33.. if you didnt meet them then perhaps keep an eye out at nanog34 http://www.nanog.org/mtg-0501/attendee.list.html short answer is i see chinanet folks on a whole bunch of forums and lists, Steve On Thu, 17 Feb 2005, Jon R. Kibler wrote: > I know that this is a REALLY sore point, but has anyone ever established any > good working relations with anyone in CHINANET or other China-based ISPs? > > In recent weeks, over 80% of our port scans and various miscreant probes have > originated from a very small number of IPs in China. Trying to contact the IP > owner via email usually finds either the mailbox is full, the email address > is invalid, or the mail server is not working. > > Anyone had any success in this area? > > THANKS! > Jon Kibler >
Re: ChinaNet Contacts
They do have people in an LA office, as I got a call from one of them when I had a BGP session to them go down due to a max-prefix which had been exceeded. I guess if you have three times the population of the US, you're going to have one or two "black hats". --- Dave Crocker <[EMAIL PROTECTED]> wrote: > > On Thu, 17 Feb 2005 10:48:40 -0800 (PST), Dan Hollis > wrote: > > >From what I understand the answer is no. People > I know who have attended > > asia-pacific regional network meetings described > them as "clueless". > > As of this past Summer, this was no longer true for > all of China Telecom. In fact they had started > putting in enough effort that I am confused about > the current round of problems being described. > > Any chance of trying to get some granularity to > this? As I understand their operation, there are > enormous differences among the operations in > different provinces. > > > d/ > -- > Dave Crocker > Brandenburg InternetWorking > +1.408.246.8253 > dcrocker a t ... > WE'VE MOVED to: www.bbiw.net > >
Re: ChinaNet Contacts
On Thu, 17 Feb 2005 10:48:40 -0800 (PST), Dan Hollis wrote: > >From what I understand the answer is no. People I know who have attended > asia-pacific regional network meetings described them as "clueless". As of this past Summer, this was no longer true for all of China Telecom. In fact they had started putting in enough effort that I am confused about the current round of problems being described. Any chance of trying to get some granularity to this? As I understand their operation, there are enormous differences among the operations in different provinces. d/ -- Dave Crocker Brandenburg InternetWorking +1.408.246.8253 dcrocker a t ... WE'VE MOVED to: www.bbiw.net
Re: ChinaNet Contacts
On Thu, 17 Feb 2005, Richard Cox wrote: : : On Thu, 17 Feb 2005 12:13:07 -0500 : "Jon R. Kibler" <[EMAIL PROTECTED]> wrote: : : > I know that this is a REALLY sore point, but has anyone ever : > established any good working relations with anyone in CHINANET : > or other China-based ISPs? : : Yes, indeed. And been out to Beijing to have meetings with them. Heh, you shoulda tried getting in there in the mid 90s. The only clue was in the universities. They were mostly are worried about VoIP taking money from the government telco and the unwashed western ideas brainwashing the masses. I doubt things have changed. Be prepared for outages. Get more than one link to the country if you want high quality cold potato. scott
Re: ChinaNet Contacts
On Thu, 17 Feb 2005 14:09:58 EST, "Hannigan, Martin" said: > I wouldn't go as far as label it systemic. Both Chinese and > Korean organizations are participating in some of the behind > the scenes security/mitigation activities going on and have been > helpful. Not all. Some. Yes, however the clue is spread very thin indeed - I'm sure the clued have their hands full dealing with the *really* egregious issues, and "yet another compromised host" is too common a case for them to be able to deal with it. Those of us who have *enough* trouble keeping our own broadband users zombie-free should be glad we're not the Korean CIRT staff. *THEY* got handed an entire *COUNTRY* full of clueless users on high-speed connections. pgpgXkwj5hpZZ.pgp Description: PGP signature
RE: ChinaNet Contacts
On Thu, 17 Feb 2005, Hannigan, Martin wrote: > I wouldn't go as far as label it systemic. Both Chinese and > Korean organizations are participating in some of the behind > the scenes security/mitigation activities going on and have been > helpful. Not all. Some. Remember that chinanet was the one who setup the infamous lying autoresponder: "In your SPAM eMail,I can't find the IP or the IP is not by my control.Please give me the correct IP.Thank you." Then they attend regional meetings and complain that people are blocking them. Gee I wonder why. -Dan
Re: ChinaNet Contacts
On Thu, 17 Feb 2005, Dan Hollis wrote: From what I understand the answer is no. People I know who have attended asia-pacific regional network meetings described them as "clueless". Unfortunately the same goes for kornet. :-/ Clueless? Which is worse, ignorance or entropy? Who knows? Who cares? (and which is it, really?) -Dan -- "It doesn't matter where I live, because I live in dataspace. That's my hometown." -Steve Roberts, Builder of BEHEMOTH Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org ---
RE: ChinaNet Contacts
> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of > Richard Cox > Sent: Thursday, February 17, 2005 2:01 PM > To: nanog@merit.edu > Subject: Re: ChinaNet Contacts > > > > On Thu, 17 Feb 2005 12:13:07 -0500 > "Jon R. Kibler" <[EMAIL PROTECTED]> wrote: > > > I know that this is a REALLY sore point, but has anyone ever > > established any good working relations with anyone in CHINANET > > or other China-based ISPs? > > Yes, indeed. And been out to Beijing to have meetings with them. I wouldn't go as far as label it systemic. Both Chinese and Korean organizations are participating in some of the behind the scenes security/mitigation activities going on and have been helpful. Not all. Some. -M<
Re: ChinaNet Contacts
On Thu, 17 Feb 2005 12:13:07 -0500 "Jon R. Kibler" <[EMAIL PROTECTED]> wrote: > I know that this is a REALLY sore point, but has anyone ever > established any good working relations with anyone in CHINANET > or other China-based ISPs? Yes, indeed. And been out to Beijing to have meetings with them. -- Richard Cox
Re: ChinaNet Contacts
On Thu, 17 Feb 2005, Jon R. Kibler wrote: > I know that this is a REALLY sore point, but has anyone ever > established any good working relations with anyone in CHINANET or other > China-based ISPs? >From what I understand the answer is no. People I know who have attended asia-pacific regional network meetings described them as "clueless". Unfortunately the same goes for kornet. :-/ -Dan
Re: ChinaNet Contacts
On Thu, 17 Feb 2005, Jon R. Kibler wrote: better still, has anyone ever come up with a bgp-distributed list of prefixes that trace back to such addresses? -Dan -- "Ca. Tas. Tro. Phy." -John Smedley, March 28th 1998, 3AM Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org ---
ChinaNet Contacts
I know that this is a REALLY sore point, but has anyone ever established any good working relations with anyone in CHINANET or other China-based ISPs? In recent weeks, over 80% of our port scans and various miscreant probes have originated from a very small number of IPs in China. Trying to contact the IP owner via email usually finds either the mailbox is full, the email address is invalid, or the mail server is not working. Anyone had any success in this area? THANKS! Jon Kibler -- Jon R. Kibler Chief Technical Officer A.S.E.T., Inc. Charleston, SC USA (843) 849-8214 == Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.