TeliaSonera IC Contacts
Hi all, Does anyone have a contact for an account manager at TeliaSonera IC? We’ve sent at least 3 requests for a quote through their website over a month or so and haven’t got a single reply except for the automated “we’ve received your query” email. We’re looking for IP transit in Amsterdam, NL. Best Regards, Ammar Zuberi FastReturn, Inc Email: am...@fastreturn.net This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received it by mistake, please let us know by e-mail reply and delete it from your system; you may not copy this message or disclose its contents to anyone. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
Re: TeliaSonera IC Contacts
Hi, Does anyone have a contact for an account manager at TeliaSonera IC? We’ve sent at least 3 requests for a quote through their website over a month or so and haven’t got a single reply except for the automated “we’ve received your query” email. And you still want to buy from them?!? Sander
Re: Transparent hijacking of SMTP submission...
I don't see this in my home market, but I do see it in someone else's... I kind of expect this for port 25 but... J@mb-aye:~$telnet 147.28.0.81 587 Trying 147.28.0.81... Connected to nagasaki.bogus.com. Escape character is '^]'. 220 nagasaki.bogus.com ESMTP Sendmail 8.14.9/8.14.9; Thu, 27 Nov 2014 19:17:44 GMT ehlo bogus.com 250-nagasaki.bogus.com Hello XXX.wa.comcast.net [XXX.XXX.XXX.XXX], pleased to meet you 250 ENHANCEDSTATUSCODES J@mb-aye:~$telnet 2001:418:1::81 587 Trying 2001:418:1::81... Connected to nagasaki.bogus.com. Escape character is '^]'. 220 nagasaki.bogus.com ESMTP Sendmail 8.14.9/8.14.9; Thu, 27 Nov 2014 19:18:33 GMT ehlo bogus.com 250-nagasaki.bogus.com Hello [IPv6:2601:7:2380::::c1ae:7d73], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN 250-STARTTLS 250-DELIVERBY 250 HELP that's essentially a downgrade attack on my ability to use encryption which seems to be in pretty poor taste frankly. i think of it as an intentional traffic hijack. i would be talking to a lawyer. randy, who plans to test next time he is behind comcast
Re: Transparent hijacking of SMTP submission...
On Thu, Nov 27, 2014 at 9:51 PM, Jay Ashworth j...@baylink.com wrote: - Original Message - From: William Herrin b...@herrin.us I'm not sure I follow your complaint here. Are you saying that Comcast or a Comcast customer in Washington state stripped the STARTTLS verb from the IPv4 port 587 SMTP submission connection between you and a third party? Yup; that's what he's saying. This was in the technical press earlier this week -- or the end of last. Hi Jay, Seems to me that if an ISP is altering the contents of its users' packets (not just blocking them, altering them) then that ISP should be named and shamed, if not worse. Unless the customer contracted for special account type where that was a desired and intended feature, such behavior is inexcusable. If it's a customer of that ISP, on the other hand, then it's just the normal idiocy and paranoia, no different than the retarded behavior by amateur sysadmins that block all ICMP because they don't want to be pinged (see PMTUD and its effects on TCP). Anyway, I was curious which accusation was being leveled. Regards, Bill Herrin -- William Herrin her...@dirtside.com b...@herrin.us Owner, Dirtside Systems . Web: http://www.dirtside.com/ May I solve your unusual networking challenges?
Re: TeliaSonera IC Contacts
Hi Sander, It's more of a have to buy from them as opposed to a want to buy from them. I'd much prefer NTT, but they are nowhere near where we are unfortunately. Ammar. On 29 Nov 2014, at 7:25 pm, Sander Steffann san...@steffann.nl wrote: Hi, Does anyone have a contact for an account manager at TeliaSonera IC? We’ve sent at least 3 requests for a quote through their website over a month or so and haven’t got a single reply except for the automated “we’ve received your query” email. And you still want to buy from them?!? Sander
Re: Transparent hijacking of SMTP submission...
Op 29 nov. 2014, om 19:37 heeft Randy Bush ra...@psg.com het volgende geschreven: i think of it as an intentional traffic hijack. i would be talking to a lawyer. randy, who plans to test next time he is behind comcast I am so glad that our Dutch net neutrality laws state that providers of Internet access services may not hinder or delay any services or applications on the Internet (unless [...], but those exceptions make sense) Cheers, Sander
Re: TeliaSonera IC Contacts
Hi, It's more of a have to buy from them as opposed to a want to buy from them. I'd much prefer NTT, but they are nowhere near where we are unfortunately. You were talking about Amsterdam, right? There are plenty of transits you can buy from. Cheers, Sander
Re: Transparent hijacking of SMTP submission...
On 14-11-29 11:07, Sander Steffann wrote: I am so glad that our Dutch net neutrality laws state that providers of Internet access services may not hinder or delay any services or applications on the Internet (unless [...], but those exceptions make sense) However, in the case of SMTP, due to the amount of spam, most ISPs break network neutrality by blocking outbound port 25 for instance, and their SMTP servers will block much incoming emails (spam). However, SMTP is a layer or two above the network. But blocking port 25 is at the network level. I have seen wi-fi systems where you ask to connect to 20.21.22.23 port 25, and you get connected to 50.51.52.53 port 25. (the ISPs own SMTP server). I would rather they just block it than redirect you without warning to an SMTP server of their own where they can look and your outbound email, pretend to acccept it, and never deliver it.
Re: Transparent hijacking of SMTP submission...
backing up a bit in the conversation, perhaps this is just in some regions of comcastlandia? I don't see this in Northern Virginia... $ openssl s_client -starttls smtp -connect my-mailserver.net:587 CONNECTED(0003) depth=0 description = kVjtrCL8rUdvd00q, C = US, CN = my-mailserver.net, emailAddress = my-emailaddrss.com verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 description = kVjtrCL8rUdvd00q, C = US, CN = my-mailsever.net, emailAddress = my-emailaddress.com verify error:num=27:certificate not trusted verify return:1 depth=0 description = kVjtrCL8rUdvd00q, C = US, CN = my-mailserver.net, emailAddress = my-emailaddress.com verify error:num=21:unable to verify the first certificate verify return:1 ... Certificate chain 0 s:/description=kVjtrCL8rUdvd00q/C=US/CN=my-mailserver.net/emailAddress=y-emailaddress.com i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA ... New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher: ECDHE-RSA-AES256-GCM-SHA384 Session-ID: FC3E47AF2A2A96BF6DE6E11F96B02A0C41A6542864271F2901F09594DE9A48FA Session-ID-ctx: Master-Key: BE7FB76EF5C0A9BA507B175026F73E67080D6442201FDF28F536FA38197A9B1353D644EEAF8D0D264328F94B2EF5742C Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1417286582 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate) --- 250 DSN ehlo me 250-my-mailserver.net 250-PIPELINING On Sat, Nov 29, 2014 at 12:26 PM, Jean-Francois Mezei jfmezei_na...@vaxination.ca wrote: On 14-11-29 11:07, Sander Steffann wrote: I am so glad that our Dutch net neutrality laws state that providers of Internet access services may not hinder or delay any services or applications on the Internet (unless [...], but those exceptions make sense) However, in the case of SMTP, due to the amount of spam, most ISPs break network neutrality by blocking outbound port 25 for instance, and their SMTP servers will block much incoming emails (spam). However, SMTP is a layer or two above the network. But blocking port 25 is at the network level. I have seen wi-fi systems where you ask to connect to 20.21.22.23 port 25, and you get connected to 50.51.52.53 port 25. (the ISPs own SMTP server). I would rather they just block it than redirect you without warning to an SMTP server of their own where they can look and your outbound email, pretend to acccept it, and never deliver it.
Re: Transparent hijacking of SMTP submission...
In article cal9jlay1q_rbkyb6kczkzuifr5b1r3kuvz8wivwr0rjj_oa...@mail.gmail.com you write: backing up a bit in the conversation, perhaps this is just in some regions of comcastlandia? I don't see this in Northern Virginia... I don't see it in New Jersey, either. Is this a direct connection, or a coffee shop sharing a cable connection or something like that?
Re: Transparent hijacking of SMTP submission...
i think of it as an intentional traffic hijack. i would be talking to a lawyer. If the lawyer says anything other than that 47 USC 230(c)(2)(A) provides broad immunity for ISP content filtering, even if the filters sometimes screw up, you need a new lawyer. Filtering STARTTLS on port 587 is pretty stupid, but not everything that's stupid is illegal. R's, John PS: I know enough technical people at Comcast that I would be extremely surprised if it were Comcast doing this. There's plenty not to like about the corporation, but the technical staff are quite competent.
Re: Transparent hijacking of SMTP submission...
On 11/29/2014 14:09, John Levine wrote: In article cal9jlay1q_rbkyb6kczkzuifr5b1r3kuvz8wivwr0rjj_oa...@mail.gmail.com you write: backing up a bit in the conversation, perhaps this is just in some regions of comcastlandia? I don't see this in Northern Virginia... I don't see it in New Jersey, either. Is this a direct connection, or a coffee shop sharing a cable connection or something like that? I am a little confused but have note yet had time and interest at the same time to back through the thread I thought when it started that the complaint was somebody using a public wiffy had been victimized by something I read about recently (and thought it was here that I had red it) where somebody sets up a fraudulent server on the wiffy that advertises a false-flag email server that strips out the security stuff and then sends the traffic to an accomplice-site that eventually gets the stripped traffic to its original destination. -- The unique Characteristics of System Administrators: The fact that they are infallible; and, The fact that they learn from their mistakes. Quis custodiet ipsos custodes
Re: Transparent hijacking of SMTP submission...
The STARTTLS filter was merely a tool used to divert and tap the traffic. It is the latter which is over the line. randy, on a teensy non-computer On Nov 29, 2014, at 15:17, John Levine jo...@iecc.com wrote: i think of it as an intentional traffic hijack. i would be talking to a lawyer. If the lawyer says anything other than that 47 USC 230(c)(2)(A) provides broad immunity for ISP content filtering, even if the filters sometimes screw up, you need a new lawyer. Filtering STARTTLS on port 587 is pretty stupid, but not everything that's stupid is illegal. R's, John PS: I know enough technical people at Comcast that I would be extremely surprised if it were Comcast doing this. There's plenty not to like about the corporation, but the technical staff are quite competent.
Re: Transparent hijacking of SMTP submission...
On Thu, 27 Nov 2014, joel jaeggli wrote: I don't see this in my home market, but I do see it in someone else's... I kind of expect this for port 25 but... J@mb-aye:~$telnet 147.28.0.81 587 Trying 147.28.0.81... Connected to nagasaki.bogus.com. Escape character is '^]'. 220 nagasaki.bogus.com ESMTP Sendmail 8.14.9/8.14.9; Thu, 27 Nov 2014 19:17:44 GMT ehlo bogus.com 250-nagasaki.bogus.com Hello XXX.wa.comcast.net [XXX.XXX.XXX.XXX], pleased to meet you 250 ENHANCEDSTATUSCODES Seen some anti-virus software (on Windows) doing this. You might not be running Windows though. Some home router with some security improvement ? //Marcin
Re: Phasing out of copper
Subject: Phasing out of copper Date: Fri, Nov 28, 2014 at 10:46:03AM -0500 Quoting Jean-Francois Mezei (jfmezei_na...@vaxination.ca): Currently in the midst of a CRTC policy hearing in Canada on future of competition in ISPs. Incumbents claim they have no plans to retire their copper plant after deploying FTTP/FTTH. (strategically to convince regulator that keeping ISPs on copper is fine and no need to let them access FTTP). Maintaining copper plant is expensive. It will be retired as soon as buy-in on FTTH is high enough. Telia Sonera is doing it in Sweden, so the trend is global. (OTOH, in Sweden, young people moving out from their parents, if they can find somewhere to rent, usually only get a fixed connection for Internet access. Telephony is all mobile.) -- Måns Nilsson primary/secondary/besserwisser/machina MN-1334-RIPE +46 705 989668 Four thousand different MAGNATES, MOGULS NABOBS are romping in my gothic solarium!! signature.asc Description: Digital signature
Re: Phasing out of copper
On 2014-11-30 9:19 am, Måns Nilsson wrote: Maintaining copper plant is expensive. It will be retired as soon as buy-in on FTTH is high enough. Telia Sonera is doing it in Sweden, so the trend is global. (OTOH, in Sweden, young people moving out from their parents, if they can find somewhere to rent, usually only get a fixed connection for Internet access. Telephony is all mobile.) This is pretty common in other countries as well. At a $JOB-1 in Australia all our residential DSL services were provided over ULLs and came with a dial tone provided by us but only a tiny fraction of active lines ever made or received a call.
Re: Transparent hijacking of SMTP submission...
On Sat, Nov 29, 2014 at 3:09 PM, John Levine jo...@iecc.com wrote: In article cal9jlay1q_rbkyb6kczkzuifr5b1r3kuvz8wivwr0rjj_oa...@mail.gmail.com you write: backing up a bit in the conversation, perhaps this is just in some regions of comcastlandia? I don't see this in Northern Virginia... I don't see it in New Jersey, either. Is this a direct connection, or a coffee shop sharing a cable connection or something like that? my test was a home consumer cable link, not business grade and not shared (more than cable is).
Re: Transparent hijacking of SMTP submission...
On 11/29/14 6:32 PM, Christopher Morrow wrote: On Sat, Nov 29, 2014 at 3:09 PM, John Levine jo...@iecc.com wrote: In article cal9jlay1q_rbkyb6kczkzuifr5b1r3kuvz8wivwr0rjj_oa...@mail.gmail.com you write: backing up a bit in the conversation, perhaps this is just in some regions of comcastlandia? I don't see this in Northern Virginia... I don't see it in New Jersey, either. Is this a direct connection, or a coffee shop sharing a cable connection or something like that? my test was a home consumer cable link, not business grade and not shared (more than cable is). The phenomena I reported was observed on a consumer cable service (not my own). it is now no-longer in evidence with that same source ip. In answer an intermediate observation, the cpe and the devices on it are sufficiently well understood now to rule them out. from the mail servers vantage point... Nov 27 x nagasaki sm-mta[5698]: NOQUEUE: tcpwrappers ((reverse).wa.comcast.net, (ip) ) rejection given that the client gives up because it can't startssl and therefore won't attempt to auth. whereas a successful attempt with the same source ip is: Nov 26 x nagasaki sm-mta[397]: STARTTLS=server, relay=c-(reverse).wa.comcast.net [(ip)], version=TLSv1/SSLv3, verify=NOT, cipher=DHE-RSA-AES128-SHA, bits=128/128 signature.asc Description: OpenPGP digital signature
Re: Transparent hijacking of SMTP submission...
On Sat, Nov 29, 2014 at 10:27 PM, joel jaeggli joe...@bogus.com wrote: On 11/29/14 6:32 PM, Christopher Morrow wrote: On Sat, Nov 29, 2014 at 3:09 PM, John Levine jo...@iecc.com wrote: In article cal9jlay1q_rbkyb6kczkzuifr5b1r3kuvz8wivwr0rjj_oa...@mail.gmail.com you write: backing up a bit in the conversation, perhaps this is just in some regions of comcastlandia? I don't see this in Northern Virginia... I don't see it in New Jersey, either. Is this a direct connection, or a coffee shop sharing a cable connection or something like that? my test was a home consumer cable link, not business grade and not shared (more than cable is). The phenomena I reported was observed on a consumer cable service (not my own). it is now no-longer in evidence with that same source ip. In answer an intermediate observation, the cpe and the devices on it are sufficiently well understood now to rule them out. ah, phew. from the mail servers vantage point... Nov 27 x nagasaki sm-mta[5698]: NOQUEUE: tcpwrappers ((reverse).wa.comcast.net, (ip) ) rejection super odd, and telling. given that the client gives up because it can't startssl and therefore won't attempt to auth. whereas a successful attempt with the same source ip is: Nov 26 x nagasaki sm-mta[397]: STARTTLS=server, relay=c-(reverse).wa.comcast.net [(ip)], version=TLSv1/SSLv3, verify=NOT, cipher=DHE-RSA-AES128-SHA, bits=128/128 perhaps comcast (technician) was trying to do the 'right thing' here and mistook 'but someone is operating a mailserver that the trust' vs 'spammer' from the situation with TLS being 'a good thing' and 'please do not subvert my tls, yo!' glad to see this returned to expected flows.
Phasing out of telco TDM Backbones (was: Phasing out of copper)
- Original Message - From: Måns Nilsson mansa...@besserwisser.org Maintaining copper plant is expensive. It will be retired as soon as buy-in on FTTH is high enough. Telia Sonera is doing it in Sweden, so the trend is global. (OTOH, in Sweden, young people moving out from their parents, if they can find somewhere to rent, usually only get a fixed connection for Internet access. Telephony is all mobile.) Absolutely: maintaining analog copper last-mile is expensive. But let us not conflate being ok with telcos replacing analog copper last-mile with being ok with telcos replacing PCM with VoIP, especially in trunking applications, and *especially* using non-dedicated backbones, as these are the directions the RBOCs appear to be going in, and those are much less acceptable ideas than the former. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
RE: Phasing out of telco TDM Backbones (was: Phasing out of copper)
On Saturday, November 29, 2014 9:10 PM, Jay Ashworth wrote: But let us not conflate being ok with telcos replacing analog copper last-mile with being ok with telcos replacing PCM with VoIP, especially in trunking applications, ... [snip] Let's also not conflate audio codecs with L2. PCM and VoIP are not mutually-exclusive things by any stretch. -- Nathan Anderson First Step Internet, LLC nath...@fsr.com
Re: Phasing out of telco TDM Backbones (was: Phasing out of copper)
- Original Message - From: Nathan Anderson nath...@fsr.com kbones (was: Phasing out of copper) On Saturday, November 29, 2014 9:10 PM, Jay Ashworth wrote: But let us not conflate being ok with telcos replacing analog copper last-mile with being ok with telcos replacing PCM with VoIP, especially in trunking applications, ... [snip] Let's also not conflate audio codecs with L2. PCM and VoIP are not mutually-exclusive things by any stretch. Oh, sure. But my point is this: How many Erlangs can you fit through that clear-channel T-3? There's man-centuries of engineering in the design of the TDM backbone, and the people making the decisions about abandoning that design weren't even alive, in some cases, when that work was done, and don't know what Notes On The Networks is. Cheers, -- jr 'I can lay hands on my copy in 60 seconds' a -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: TeliaSonera IC Contacts
I'd be inclined to not buy from them if they are not replying to sales emails. You've got to ask what their NOC will be like once you are a customer... On 29 November 2014 at 16:08, Sander Steffann san...@steffann.nl wrote: Hi, It's more of a have to buy from them as opposed to a want to buy from them. I'd much prefer NTT, but they are nowhere near where we are unfortunately. You were talking about Amsterdam, right? There are plenty of transits you can buy from. Cheers, Sander
Re: Phasing out of telco TDM Backbones (was: Phasing out of copper)
On Sun, 30 Nov 2014, Jay Ashworth wrote: Oh, sure. But my point is this: How many Erlangs can you fit through that clear-channel T-3? Personally I find the use of Erlangs in a packet-switched environment somewhat irrelevant. What has been more useful me in capacity planning and staying out of trouble has been statistical bandwidth peak usage data. Antonio Querubin e-mail: t...@lavanauts.org xmpp: antonioqueru...@gmail.com