Re: ARIN Fantasy WHOIS: NET-216-179-183-0-1

[TJ Trout]

If it's legacy, there are no bills?

On Thu, Aug 15, 2019 at 7:54 PM Quan Zhou  wrote:

> I wonder whom did the ARIN have sent bills to.
>
> On 8/15/19 12:40 PM, Ronald F. Guilmette wrote:
> > As if to underscore the point I just tried to make about the fundamental
> > unreliability of ARIN WHOIS records, I just stumbled onto this rather
> > curious entity which was apparently given a sub-allocation of
> 216.179.183.0/24
> > beneath the 216.179.128.0/17 (Azuki, Inc.) block as of 2012-01-10:
> >
> > OrgName:Rogers Communications Inc
> > OrgId:  RC-82
> > Address:E 2nd St,Campbell
> > City:   Gillette
> > StateProv:  WY
> > PostalCode: 82716
> > Country:US
> > RegDate:2012-01-10
> > Updated:2012-01-10
> > Ref:https://rdap.arin.net/registry/entity/RC-82
> >
> > Other that the fact that it has an oddly similar name to one of Canada's
> > largest and most well-known Internet and cell phone companies, the only
> > other thing that's rather remarkable about it is that it was given the
> > 216.179.183.0/24 block, by Azuki, Inc. in 2012.  What's odd about that?
> > Well, only the fact that this *Wyoming* incarnation of Rogers
> Communications
> > had apparently already died and gone to Valhalla some 14 years earlier,
> > in 1998:
> >
> >
> https://wyobiz.wy.gov/Business/FilingDetails.aspx?eFNum=070023242004106130056183154143023082073130141117
> >
> > Moral of the story:  Don't ever let anybody tell you that ghosts... even
> > ghosts of long dead companies... aren't real or that they do not walk
> > among us.  Their immortal auras pervade the very ether we breath.
> >
> > And they have their own IPs, apparently.
> >
> > But, you know, if your customers are getting hack attacks emmanating from
> > 216.179.183.0/24... well... to quote the old Ghostbusters tag line "Who
> > you gonna call?"  (Hint:  Don't waste your time calling the number in the
> > WHOIS record.  It's just some bloody preschool.)
> >
> > Regards,
> > rfg
>

Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17

[Christopher Morrow]

(I hate to step into the pond, but...)

On Thu, Aug 15, 2019 at 8:02 AM John Curran  wrote:
>
> On 14 Aug 2019, at 11:16 PM, Ronald F. Guilmette  
> wrote:
>
>
>
> Report it on some webpage and call it "Internet
> Resources stolen", document every incident as you do via email, send a
> copy to the appropriate RIR and upstream ISP allowing the hijack in
> question to show that you did the appropriate effort and we can then
> move on.
>
>
> I can and will stop posting here, and go off an blog about this stuff
> instead, if the consensus is that I'm utterly off-topic or utterly
> uninteresting and useless.  But a few folks have told me they find
> this stuff interesting, and it has operational significance, I think.
> So for now, at least, I'd like to continue to share here.
>
> As regards to reporting to RIRs or upstreams, what makes you think that
> either of those would care one wit?  The RIRs are not the Internet
> Police, or so I am told.
>
>
> Good morning Ron –
>
> The RIRs are not the Internet Police, but we do care very much about the 
> integrity of the Internet number registry system.
>
> Please report to ARIN any instances of number resource records in the ARIN 
> registry whose organization you believe to be incorrect – while such records 
> are updated only based on appropriate documentation, that doesn’t preclude 
> the use of fraudulent documentation that goes undetected.

There seem to be 2 different (at least) classes of thing Ron's noting here:
  1) an aggregate (an ALLOCATION in RIR resource divying-up parlance)
with (perhaps) bad data showing in WHOIS:
   216.179.128.0/17

  2) a subnet (an ASSIGNMENT in IR resource divying-up parlance) with
bad data showing in WHOIS:
  216.179.183.0/24

How data gets into the WHOIS system here is mechanically the same, but
the control ARIN (or any RIR) can exert is drastically different.
During the process of ALLOCATION from the RIR to an LIR (or end-site)
there is some process which includes validating "who" and "where" and
such, which John (and a few others) have outlined.
During the ASSIGNMENT from LIR -> customer / end-site the LIR is
solely (well.. mostly, yes the LIR can create and ORG and permit the
Customer the ability to send SWIP updates)  in control of what
data ends up in the WHOIS. ARIN (for example) has no real say in the
records for ASSIGNMENTS. They could, I suppose, do something ... but
that seems a lot like drinking from a firehose without any real
ability on the part of ARIN (for instance) to validate anything in the
inbound data :(

-chris

Re: ARIN Fantasy WHOIS: NET-216-179-183-0-1

[Quan Zhou]

I wonder whom did the ARIN have sent bills to.

On 8/15/19 12:40 PM, Ronald F. Guilmette wrote:
> As if to underscore the point I just tried to make about the fundamental
> unreliability of ARIN WHOIS records, I just stumbled onto this rather
> curious entity which was apparently given a sub-allocation of 216.179.183.0/24
> beneath the 216.179.128.0/17 (Azuki, Inc.) block as of 2012-01-10:
>
> OrgName:Rogers Communications Inc
> OrgId:  RC-82
> Address:E 2nd St,Campbell
> City:   Gillette
> StateProv:  WY
> PostalCode: 82716
> Country:US
> RegDate:2012-01-10
> Updated:2012-01-10
> Ref:https://rdap.arin.net/registry/entity/RC-82
>
> Other that the fact that it has an oddly similar name to one of Canada's
> largest and most well-known Internet and cell phone companies, the only
> other thing that's rather remarkable about it is that it was given the
> 216.179.183.0/24 block, by Azuki, Inc. in 2012.  What's odd about that?
> Well, only the fact that this *Wyoming* incarnation of Rogers Communications
> had apparently already died and gone to Valhalla some 14 years earlier,
> in 1998:
>
> https://wyobiz.wy.gov/Business/FilingDetails.aspx?eFNum=070023242004106130056183154143023082073130141117
>
> Moral of the story:  Don't ever let anybody tell you that ghosts... even
> ghosts of long dead companies... aren't real or that they do not walk
> among us.  Their immortal auras pervade the very ether we breath.
>
> And they have their own IPs, apparently.
>
> But, you know, if your customers are getting hack attacks emmanating from
> 216.179.183.0/24... well... to quote the old Ghostbusters tag line "Who
> you gonna call?"  (Hint:  Don't waste your time calling the number in the
> WHOIS record.  It's just some bloody preschool.)
>
> Regards,
> rfg


pEpkey.asc
Description: application/pgp-keys

RE: RPKI adoption (was: Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17)

[Michel Py]

Hi John,

> John Curran wrote :
> Even so, we at ARIN are in the midst of a Board-directed review of the RPKI 
> legal framework to see if any improvements can be made
> 
>   – I will provide further updates once it is completed.

Thanks, we appreciate the effort.

That being said, something has to be done. I feel that the RPKI validation by 
ARIN is somehow useless. Why : because few download the TAL (at least in part 
because of the indemnisation clause).
Therefore, many networks that do RPKI validation do validate prefixes from the 
other 4 RIRs but not mine.
In simple words : why bother validating, if all of most of the networks that 
could block invalid prefixes don't, because the TAL agreement is not palatable.

I understand that ARIN has to deal with a legal system that makes things 
difficult, but OTOH I would like ARIN's RPKI validation to provide the same 
protection than the other RIRs, which it currently does not.

I created my ROAs, but I am not protected as well as an Org belonging to 
another RIR.

Michel


TSI Disclaimer:  This message and any files or text attached to it are intended 
only for the recipients named above and contain information that may be 
confidential or privileged. If you are not the intended recipient, you must not 
forward, copy, use or otherwise disclose this communication or the information 
contained herein. In the event you have received this message in error, please 
notify the sender immediately by replying to this message, and then delete all 
copies of it from your system. Thank you!...

Re: AT Wireless Calls Failing to Level - 3 DID's

[Jay Hennigan]

On 8/15/19 09:50, Ahmed Jalal wrote:

Hi,

I am trying to get in touch with someone at AT to look into call 
failures to our DID's in the southern Mississippi region. Please let me 
know if I am in the wrong list.


VoiceOps is likely to be more specific for this issue.

https://puck.nether.net/mailman/listinfo/voiceops


--
Jay Hennigan - j...@west.net
Network Engineering - CCIE #7880
503 897-8550 - WB6RDV

Re: User Unknown (WAS: really amazon?)

[Dan Hollis]

On Mon, 12 Aug 2019, Bruce H McIntosh wrote:

On 8/12/19 3:26 PM, Rich Kulawiec wrote:

Half my grump with Amazon here is that they have, for all practical
purposes, unlimited money and unlimited personnel.  They should be the
go-to example for How To Do It Right.  They should be the model (or one
of the models) that we're all trying to emulate, the gold standard that
we can all point to.

But they're not.

The other half of my grump is that they're enormous, and therefore capable
of inflicting enormous damage.  The larger an operation, the more critical
it is that abuse/security/et.al. be fully supported, highly responsive,
empowered to act decisively, etc.

But they're not.

And I have yet to see anyone from Amazon (a) admit this and (b) ask for 
help

fixing it.


The larger they are, the more immune from having to follow the rules they 
think they are.


SBL seems the only way to wake them up.

-Dan

AT Wireless Calls Failing to Level - 3 DID's

[Ahmed Jalal]

Hi,

I am trying to get in touch with someone at AT to look into call failures
to our DID's in the southern Mississippi region. Please let me know if I am
in the wrong list.

Any help would be greatly appreciated.

Best Regards

Service function chaining technologies in service provider networks

[Tim Upthegrove]

Hi folks,

I am wondering if service provider networks are actively implementing
service function chaining, and if so, what kinds of technologies they are
using in the network to steer traffic to services.  Segment routing was
suggested to me as an option that could work, and it seems like a good fit;
however, I have no clue how widely deployed it is specifically for service
function chaining.  At this point I'd just like to understand what some of
the common deployment models are from anyone who is willing to share.

Thanks,
-- 

Tim Upthegrove

Re: new BGP hijack & visibility tool “BGPalerter”

[Christopher Morrow]

This looks like fun!
(a few questions for the RIPE folk, I think though below)

What is the expected load of streaming clients on the RIPE service? (I
wonder because I was/am messing about with something similar, though
less node and js... not that that's relevant here).

I hadn't seen the ripe folk pipe up anywhere with what their SLO/etc
is for the ris-live service? (except their quip about: "used to run in
a tmux session I had to occassioanlly ssh into  and restart when
 rebooted" I believe the end of that quip in Iceland was: "and
now its' running as a real service")

Also, one of the strengths to the 'monitoring as a service' folks is
their number of collection points and breadth of ASN to which they
interconnect those points/ RISLive, I think, reports out from ~37 or
so RIPE probes, how do we (the internet) get more deployed (or better
interconnection to the current sets)? and maybe even more
imoprtantly... what's the right spread/location/interconnectivity map
for these probes?

thanks! for showing what's possible with tooling being developed by
like minded individuals :)

-chris
On Thu, Aug 15, 2019 at 11:11 AM Job Snijders  wrote:
>
> Hi Ryan, Alarig,
>
> > On 14/08/2019 19:06, Ryan Hamel wrote:
> > > I appreciate the effort and the intent behind this project, but why
> > > should the community contribute to an open source project on GitHub
> > > that is mainly powered by a closed source binary?
> >
> On Wed, Aug 14, 2019 at 07:13:47PM +0200, Alarig Le Lay wrote:
> > You can build it yourself, see
> > https://github.com/nttgin/BGPalerter#more-information-for-developers
> >
> > I think that the binaries are here for thoses that don’t want to install
> > all the build-chain.
>
> Indeed, the binary files in the github repository in the 'bin/'
> directory are merely provided as a convenience service so interested
> people don't need to compile the software themselves in order to run
> tests. This project is 100% open source.
>
> At some point in the future ready made binaries should move to a
> different place, for example perhaps we can distribute packages through
> the PPA mechanism for debian/ubuntu. It would be cool if we get to the
> point where one can install the software by simply issuing a command
> like "apt install bgpalerter". Help with packaging is most welcome! :-)
>
> Kind regards,
>
> Job

Re: new BGP hijack & visibility tool “BGPalerter”

[Job Snijders]

Hi Ryan, Alarig,

> On 14/08/2019 19:06, Ryan Hamel wrote:
> > I appreciate the effort and the intent behind this project, but why
> > should the community contribute to an open source project on GitHub
> > that is mainly powered by a closed source binary?
>
On Wed, Aug 14, 2019 at 07:13:47PM +0200, Alarig Le Lay wrote:
> You can build it yourself, see
> https://github.com/nttgin/BGPalerter#more-information-for-developers
> 
> I think that the binaries are here for thoses that don’t want to install
> all the build-chain.

Indeed, the binary files in the github repository in the 'bin/'
directory are merely provided as a convenience service so interested
people don't need to compile the software themselves in order to run
tests. This project is 100% open source.

At some point in the future ready made binaries should move to a
different place, for example perhaps we can distribute packages through
the PPA mechanism for debian/ubuntu. It would be cool if we get to the
point where one can install the software by simply issuing a command
like "apt install bgpalerter". Help with packaging is most welcome! :-)

Kind regards,

Job

Re: Protecting 1Gb Ethernet From Lightning Strikes

[Nick Olsen]

This. Very little will protect you from a direct strike.

Working for a WISP for a long time as a past life, I've seen radios
physically split in half. Chunks of concrete taken out of walls near the
equipment. Black ethernet ports that have functionally soldered themselves
into the jack. Six figures worth of lost gear over the years (Does sound
like much, But at ~$80 a pop for cheap wisp gear. That's a lot of
equipment.)

Outside of a direct strike, You can still melt gear left and right. The fix
is no one solution, But multiple.
1. Shielded Ethernet with proper shielded and bonded ends.
2. Proper Grounding
3. Ethernet Surge Suppressors.
4. Proper Grounding.
5. Proper Grounding.

The key is to make your sensitive electronic equipment a higher resistance
path instead of your grounding system. You're going to get inductance build
up on cables you just have to get it to ground through something that isn't
your site switch/router. And it's going to get there one way or another.
Sometimes this can be harder then one might think. Even considering sinking
your own ground rod, And replacing it every few years. As a ground rod
becomes less and less effective with every strike (Depending on what it's
sunk in). Ethernet Surge Suppressors CAN help. But only in assisting in
getting whatever was already on the cable to ground.

And don't forget ground potential differences between different grounding
systems.

Doing the above will get you through most near by strikes. But all bets are
off on direct strikes. The above can also help you with a ton of other
interference. Like a giant FM transmitter running at 100KW a stones throw
away from your equipment but that's another story for another thread.

On Wed, Aug 14, 2019 at 1:34 PM Chris Knipe  wrote:

> Think surge protectors will protect against strikes that is far away, and
> the residual surge it creates.
>
> A direct strike?  Don't think there's anything that will really protect
> against that.
>
> On Wed, Aug 14, 2019 at 7:29 PM  wrote:
>
>>
>> Are "surge protectors" really of much use against lightning? I suspect
>> not, other than minor inductions tho perhaps some are specially
>> designed for lightning. I wouldn't assume, I'd want to see the word
>> "lightning" in the specs.
>>
>> I once had a lightning strike (at Harvard Chemistry), probably just an
>> induction on a wire some idiot had strung between building roofs (I
>> didn't even know it existed) and the board it was attached to's solder
>> was melted and burned, impressive! More impressive was the board
>> mostly worked, it was just doing some weird things which led me to
>> inspect it...oops.
>>
>> My understanding was that the only real protection is an "air gap",
>> which a piece of fiber will provide in essence, and even that better
>> be designed for lightning as it can leap small gaps.
>>
>> Check your insurance, including the deductibles, keep spares on hand.
>>
>> P.S. My grandmother would tell a story about how what sounded like the
>> ever-controversial "ball lightning" came into her home when she was
>> young. Good luck with that!
>>
>>   https://en.wikipedia.org/wiki/Ball_lightning
>>
>> --
>> -Barry Shein
>>
>> Software Tool & Die| b...@theworld.com |
>> http://www.TheWorld.com
>> Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
>> The World: Since 1989  | A Public Information Utility | *oo*
>>
>
>
> --
>
> Regards,
> Chris Knipe
>

Re: Corporate Identity Theft: Azuki, LLC -- AS13389, 216.179.128.0/17

[John Curran]

On 14 Aug 2019, at 11:16 PM, Ronald F. Guilmette 
mailto:r...@tristatelogic.com>> wrote:


Report it on some webpage and call it "Internet
Resources stolen", document every incident as you do via email, send a
copy to the appropriate RIR and upstream ISP allowing the hijack in
question to show that you did the appropriate effort and we can then
move on.

I can and will stop posting here, and go off an blog about this stuff
instead, if the consensus is that I'm utterly off-topic or utterly
uninteresting and useless.  But a few folks have told me they find
this stuff interesting, and it has operational significance, I think.
So for now, at least, I'd like to continue to share here.

As regards to reporting to RIRs or upstreams, what makes you think that
either of those would care one wit?  The RIRs are not the Internet
Police, or so I am told.

Good morning Ron –

The RIRs are not the Internet Police, but we do care very much about the 
integrity of the Internet number registry system.

Please report to ARIN any instances of number resource records in the ARIN 
registry whose organization you believe to be incorrect – while such records 
are updated only based on appropriate documentation, that doesn’t preclude the 
use of fraudulent documentation that goes undetected.

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers

Re: OT: Tech bag

[Måns Nilsson]

Subject: Re: OT: Tech bag Date: Mon, Aug 05, 2019 at 01:07:23PM -0700 Quoting 
Aaron Russo (aru...@pixar.com):
> I have been really happy with my Tom Bihn Brain Bag (https://tombihn.com).
> I carry a 15in and 13in laptop along with a snake charmer accessory for all
> my cables. If you loosen the straps there’s plenty of room to also stuff a
> jacket AND a small to medium sized UPS parcel if need be.

The Brain Bag continues to serve me well, after some 10 years. Definitely
seconded. As EDC it holds all I need, and works for a short trip, too.
For serious install work, (bordering on truck roll) I end up carrying
a fiber measurement/maintenance box (a small Peli-style case) and my
leather tool case. Anything described with the phrase " distinctive
standard issue cases, produced for over half a century." immediately
creates desire.

https://www.canford.co.uk/Products/16-389_TOOLMARK-TOOL-CASE-No.6-Brown-with-handles

-- 
Måns Nilsson primary/secondary/besserwisser/machina
MN-1334-RIPE   SA0XLR+46 705 989668
Do you guys know we just passed thru a BLACK HOLE in space?


signature.asc
Description: PGP signature