Re: Suspicious IP reporting

2021-02-04 Thread Dave Phelps 
While I agree that reporting something not observed just creates a lot of
unnecessary work for the recipient in processing all of the unsubstantiated
reports (that don't match traffic logs, etc), that isn't the point of my
message. I would point out that most people would call such reports spam at
the least. Another term for the same thing, brigading, rarely works out
satisfactorily for anyone either.

Success with asking a service provider to take action is always going to be
a crapshoot, but it will almost never be fast in any case.

If there is a C2 server known to be contacting a host you manage, the
bigger problem to me would seem to be the compromised host, rather than the
C2. It could be exfiltrating sensitive data to the attacker right now. An
established attacker will have dozens or hundreds of C2s. Do you intend to
pursue all of them individually?

If the organization isn't prepared to start an appropriate incident
response on a compromised host in a timely manner, perhaps they will learn
from and correct that security posture weakness in the future.

Regards
Dave

On Thu, Feb 4, 2021 at 7:17 PM JoeSox  wrote:

> Ryan,
> Thanks but like I said these devices are in moving vehicles ok?
> I stated we have a plan but it is ways out.
> FACT: we have a known malicious C
> FACT: We know what networks it is hitting and the cellular network is the
> most vulnerable, imo.
> FACT: this IP is against Verizon terms of service so the way to address it
> is to report it to them as they request.
>
> I honestly got what I needed from this thread, thanks. And I thank the
> nonbullies that helped me off list.
> --
> Thank You,
> Joe
>
>
> On Thu, Feb 4, 2021 at 5:11 PM Ryan Hamel 
> wrote:
>
>> Joe,
>>
>>
>>
>> It isn’t on Verizon to setup a firewall, especially if you have a direct
>> public IP service. The device being attached directly to the Internet (no
>> matter the transmission medium), must be able to protect itself. ISPs
>> provide routers which function as a NAT/Firewall appliance, to provide a
>> means of safety and convenience for them, but also charge you a rental fee.
>>
>>
>>
>> Stick a Cradlepoint router or something in front of your device, if you
>> want an external means of protection. Otherwise you’ll need to enable the
>> Windows Firewall if it’s a Windows system, or setup iptables on Linux,
>> ipfw/pf on *BSD, etc.
>>
>>
>>
>> Ryan
>>
>>
>>
>> *From:* JoeSox 
>> *Sent:* Thursday, February 4, 2021 5:04 PM
>> *To:* r...@rkhtech.org
>> *Cc:* TJ Trout ; NANOG 
>> *Subject:* Re: Suspicious IP reporting
>>
>>
>>
>> How do I setup a firewall when I am not a Verizon engineer?
>>
>> There is a firewall via the antivirus and operating system but that's it.
>>
>> Do you not understand my issue? I thought that is the real problem with
>> the online bullies in this thread.
>>
>> --
>>
>> Thank You,
>>
>> Joe
>>
>>
>>
>>
>>
>> On Thu, Feb 4, 2021 at 5:01 PM Ryan Hamel 
>> wrote:
>>
>> Joe,
>>
>>
>>
>> The underlying premise here is, “pick your battles”. If you don’t want an
>> IP address to access your device in anyway, setup a firewall and properly
>> configure it to accept whitelisted traffic only, or just expose a VPN
>> endpoint. The Internet is full of both good and bad actors that probe and
>> scan anything and everything.
>>
>>
>>
>> While some appreciate the notification here, others will find it
>> annoying. We cannot report anything malicious about an IP address on the
>> Internet, unless it does harm to us specifically, otherwise it is false
>> reporting and does create more noise at the ISP, and waste more time
>> getting to the underlying issue.
>>
>>
>>
>> Ryan
>>
>>
>>
>> *From:* NANOG  *On Behalf Of *
>> JoeSox
>> *Sent:* Thursday, February 4, 2021 4:41 PM
>> *To:* TJ Trout 
>> *Cc:* NANOG 
>> *Subject:* Re: Suspicious IP reporting
>>
>>
>>
>> Do others see this online bully started by Tom? The leader has spoken so
>> the minions follow :)
>>
>> This list  sometimes LOL
>>
>> I think if everyone gets off their high horse, the list communication
>> would be less noisy for the list veterans.
>>
>> --
>>
>> Thank You,
>>
>> Joe
>>
>>
>>
>>
>>
>> On Thu, Feb 4, 2021 at 4:36 PM TJ Trout  wrote:
>>
>> This seems like a highly suspect request coming from a North American
>> network operator...?
>>
>>
>>
>>
>>
>> On Thu, Feb 4, 2021 at 10:23 AM JoeSox  wrote:
>>
>>
>>
>> This IP is hitting devices on cellular networks for the past day or so.
>>
>>   https://www.abuseipdb.com/whois/79.124.62.86
>>
>> I think this is the info to report it to the ISP.  Any help or if
>> everyone can report it, I would be a happy camper.
>>
>>
>>
>> ab...@4cloud.mobi; ab...@fiberinternet.bg
>>
>>
>>
>> https://en.asytech.cn/check-ip/79.124.62.25#gsc.tab=0
>>
>>
>>
>> --
>>
>> Thank You,
>>
>> Joe
>>
>>

Re: Amsterdam Dark Fiber

2021-02-04 Thread Sabri Berisha 
Hi, 

Back in the day when I still lived there, Level 3 was also known to have fiber 
in the area. Depending on your needs, Equinix offers dark fiber between (some 
of) their locations, and Relined(.eu) has a nationwide fiber network. 

You can also check out irc, irc.nlnog.net, #nlnog, or subscribe to the nlnog 
mailing list, [ http://mailman.nlnog.net/ | http://mailman.nlnog.net/ ] 

Thanks, 

Sabri 

- On Feb 4, 2021, at 5:04 PM, Rod Beck  
wrote: 

> Please contact offlist.

> Looking for dark fiber in Amsterdam. Eurofiber has traditionally dominated 
> this
> market. Who else competes in this market?

> Roderick Beck VP of Business Development

> United Cable Company

> [ http://www.unitedcablecompany.com/ | www.unitedcablecompany.com ]

> New York City & Budapest

> rod.b...@unitedcablecompany.com

> Budapest: 36-70-605-5144

> NJ: 908-452-8183

Re: Suspicious IP reporting

2021-02-04 Thread JoeSox 
Ryan,
Thanks but like I said these devices are in moving vehicles ok?
I stated we have a plan but it is ways out.
FACT: we have a known malicious C
FACT: We know what networks it is hitting and the cellular network is the
most vulnerable, imo.
FACT: this IP is against Verizon terms of service so the way to address it
is to report it to them as they request.

I honestly got what I needed from this thread, thanks. And I thank the
nonbullies that helped me off list.
--
Thank You,
Joe


On Thu, Feb 4, 2021 at 5:11 PM Ryan Hamel  wrote:

> Joe,
>
>
>
> It isn’t on Verizon to setup a firewall, especially if you have a direct
> public IP service. The device being attached directly to the Internet (no
> matter the transmission medium), must be able to protect itself. ISPs
> provide routers which function as a NAT/Firewall appliance, to provide a
> means of safety and convenience for them, but also charge you a rental fee.
>
>
>
> Stick a Cradlepoint router or something in front of your device, if you
> want an external means of protection. Otherwise you’ll need to enable the
> Windows Firewall if it’s a Windows system, or setup iptables on Linux,
> ipfw/pf on *BSD, etc.
>
>
>
> Ryan
>
>
>
> *From:* JoeSox 
> *Sent:* Thursday, February 4, 2021 5:04 PM
> *To:* r...@rkhtech.org
> *Cc:* TJ Trout ; NANOG 
> *Subject:* Re: Suspicious IP reporting
>
>
>
> How do I setup a firewall when I am not a Verizon engineer?
>
> There is a firewall via the antivirus and operating system but that's it.
>
> Do you not understand my issue? I thought that is the real problem with
> the online bullies in this thread.
>
> --
>
> Thank You,
>
> Joe
>
>
>
>
>
> On Thu, Feb 4, 2021 at 5:01 PM Ryan Hamel 
> wrote:
>
> Joe,
>
>
>
> The underlying premise here is, “pick your battles”. If you don’t want an
> IP address to access your device in anyway, setup a firewall and properly
> configure it to accept whitelisted traffic only, or just expose a VPN
> endpoint. The Internet is full of both good and bad actors that probe and
> scan anything and everything.
>
>
>
> While some appreciate the notification here, others will find it annoying.
> We cannot report anything malicious about an IP address on the Internet,
> unless it does harm to us specifically, otherwise it is false reporting and
> does create more noise at the ISP, and waste more time getting to the
> underlying issue.
>
>
>
> Ryan
>
>
>
> *From:* NANOG  *On Behalf Of *
> JoeSox
> *Sent:* Thursday, February 4, 2021 4:41 PM
> *To:* TJ Trout 
> *Cc:* NANOG 
> *Subject:* Re: Suspicious IP reporting
>
>
>
> Do others see this online bully started by Tom? The leader has spoken so
> the minions follow :)
>
> This list  sometimes LOL
>
> I think if everyone gets off their high horse, the list communication
> would be less noisy for the list veterans.
>
> --
>
> Thank You,
>
> Joe
>
>
>
>
>
> On Thu, Feb 4, 2021 at 4:36 PM TJ Trout  wrote:
>
> This seems like a highly suspect request coming from a North American
> network operator...?
>
>
>
>
>
> On Thu, Feb 4, 2021 at 10:23 AM JoeSox  wrote:
>
>
>
> This IP is hitting devices on cellular networks for the past day or so.
>
>   https://www.abuseipdb.com/whois/79.124.62.86
>
> I think this is the info to report it to the ISP.  Any help or if everyone
> can report it, I would be a happy camper.
>
>
>
> ab...@4cloud.mobi; ab...@fiberinternet.bg
>
>
>
> https://en.asytech.cn/check-ip/79.124.62.25#gsc.tab=0
>
>
>
> --
>
> Thank You,
>
> Joe
>
>

RE: Suspicious IP reporting

2021-02-04 Thread Ryan Hamel 
Joe,

 

It isn’t on Verizon to setup a firewall, especially if you have a direct public 
IP service. The device being attached directly to the Internet (no matter the 
transmission medium), must be able to protect itself. ISPs provide routers 
which function as a NAT/Firewall appliance, to provide a means of safety and 
convenience for them, but also charge you a rental fee.

 

Stick a Cradlepoint router or something in front of your device, if you want an 
external means of protection. Otherwise you’ll need to enable the Windows 
Firewall if it’s a Windows system, or setup iptables on Linux, ipfw/pf on *BSD, 
etc.

 

Ryan

 

From: JoeSox  
Sent: Thursday, February 4, 2021 5:04 PM
To: r...@rkhtech.org
Cc: TJ Trout ; NANOG 
Subject: Re: Suspicious IP reporting

 

How do I setup a firewall when I am not a Verizon engineer?

There is a firewall via the antivirus and operating system but that's it.

Do you not understand my issue? I thought that is the real problem with the 
online bullies in this thread.


--

Thank You,

Joe

 

 

On Thu, Feb 4, 2021 at 5:01 PM Ryan Hamel mailto:administra...@rkhtech.org> > wrote:

Joe,

 

The underlying premise here is, “pick your battles”. If you don’t want an IP 
address to access your device in anyway, setup a firewall and properly 
configure it to accept whitelisted traffic only, or just expose a VPN endpoint. 
The Internet is full of both good and bad actors that probe and scan anything 
and everything.

 

While some appreciate the notification here, others will find it annoying. We 
cannot report anything malicious about an IP address on the Internet, unless it 
does harm to us specifically, otherwise it is false reporting and does create 
more noise at the ISP, and waste more time getting to the underlying issue.

 

Ryan

 

From: NANOG mailto:rkhtech@nanog.org> > On Behalf Of JoeSox
Sent: Thursday, February 4, 2021 4:41 PM
To: TJ Trout mailto:t...@pcguys.us> >
Cc: NANOG mailto:nanog@nanog.org> >
Subject: Re: Suspicious IP reporting

 

Do others see this online bully started by Tom? The leader has spoken so the 
minions follow :)

This list  sometimes LOL

I think if everyone gets off their high horse, the list communication would be 
less noisy for the list veterans.


--

Thank You,

Joe

 

 

On Thu, Feb 4, 2021 at 4:36 PM TJ Trout mailto:t...@pcguys.us> 
> wrote:

This seems like a highly suspect request coming from a North American network 
operator...? 

 

 

On Thu, Feb 4, 2021 at 10:23 AM JoeSox mailto:joe...@gmail.com> > wrote:

 

This IP is hitting devices on cellular networks for the past day or so.

  https://www.abuseipdb.com/whois/79.124.62.86  

I think this is the info to report it to the ISP.  Any help or if everyone can 
report it, I would be a happy camper.

 

ab...@4cloud.mobi  ; ab...@fiberinternet.bg 
 

 

https://en.asytech.cn/check-ip/79.124.62.25#gsc.tab=0

 

--

Thank You,

Joe

Amsterdam Dark Fiber

2021-02-04 Thread Rod Beck 
Please contact offlist.

Looking for dark fiber in Amsterdam. Eurofiber has traditionally dominated this 
market. Who else competes in this market?


Roderick Beck

VP of Business Development

United Cable Company

www.unitedcablecompany.com

New York City & Budapest

rod.b...@unitedcablecompany.com

Budapest: 36-70-605-5144

NJ: 908-452-8183


[1467221477350_image005.png]

Re: Suspicious IP reporting

2021-02-04 Thread JoeSox 
How do I setup a firewall when I am not a Verizon engineer?
There is a firewall via the antivirus and operating system but that's it.
Do you not understand my issue? I thought that is the real problem with the
online bullies in this thread.
--
Thank You,
Joe


On Thu, Feb 4, 2021 at 5:01 PM Ryan Hamel  wrote:

> Joe,
>
>
>
> The underlying premise here is, “pick your battles”. If you don’t want an
> IP address to access your device in anyway, setup a firewall and properly
> configure it to accept whitelisted traffic only, or just expose a VPN
> endpoint. The Internet is full of both good and bad actors that probe and
> scan anything and everything.
>
>
>
> While some appreciate the notification here, others will find it annoying.
> We cannot report anything malicious about an IP address on the Internet,
> unless it does harm to us specifically, otherwise it is false reporting and
> does create more noise at the ISP, and waste more time getting to the
> underlying issue.
>
>
>
> Ryan
>
>
>
> *From:* NANOG  *On Behalf Of *
> JoeSox
> *Sent:* Thursday, February 4, 2021 4:41 PM
> *To:* TJ Trout 
> *Cc:* NANOG 
> *Subject:* Re: Suspicious IP reporting
>
>
>
> Do others see this online bully started by Tom? The leader has spoken so
> the minions follow :)
>
> This list  sometimes LOL
>
> I think if everyone gets off their high horse, the list communication
> would be less noisy for the list veterans.
>
> --
>
> Thank You,
>
> Joe
>
>
>
>
>
> On Thu, Feb 4, 2021 at 4:36 PM TJ Trout  wrote:
>
> This seems like a highly suspect request coming from a North American
> network operator...?
>
>
>
>
>
> On Thu, Feb 4, 2021 at 10:23 AM JoeSox  wrote:
>
>
>
> This IP is hitting devices on cellular networks for the past day or so.
>
>   https://www.abuseipdb.com/whois/79.124.62.86
>
> I think this is the info to report it to the ISP.  Any help or if everyone
> can report it, I would be a happy camper.
>
>
>
> ab...@4cloud.mobi; ab...@fiberinternet.bg
>
>
>
> https://en.asytech.cn/check-ip/79.124.62.25#gsc.tab=0
>
>
>
> --
>
> Thank You,
>
> Joe
>
>

RE: Suspicious IP reporting

2021-02-04 Thread Ryan Hamel 
Joe,

 

The underlying premise here is, “pick your battles”. If you don’t want an IP 
address to access your device in anyway, setup a firewall and properly 
configure it to accept whitelisted traffic only, or just expose a VPN endpoint. 
The Internet is full of both good and bad actors that probe and scan anything 
and everything.

 

While some appreciate the notification here, others will find it annoying. We 
cannot report anything malicious about an IP address on the Internet, unless it 
does harm to us specifically, otherwise it is false reporting and does create 
more noise at the ISP, and waste more time getting to the underlying issue.

 

Ryan

 

From: NANOG  On Behalf Of JoeSox
Sent: Thursday, February 4, 2021 4:41 PM
To: TJ Trout 
Cc: NANOG 
Subject: Re: Suspicious IP reporting

 

Do others see this online bully started by Tom? The leader has spoken so the 
minions follow :)

This list  sometimes LOL

I think if everyone gets off their high horse, the list communication would be 
less noisy for the list veterans.


--

Thank You,

Joe

 

 

On Thu, Feb 4, 2021 at 4:36 PM TJ Trout mailto:t...@pcguys.us> 
> wrote:

This seems like a highly suspect request coming from a North American network 
operator...? 

 

 

On Thu, Feb 4, 2021 at 10:23 AM JoeSox mailto:joe...@gmail.com> > wrote:

 

This IP is hitting devices on cellular networks for the past day or so.

  https://www.abuseipdb.com/whois/79.124.62.86  

I think this is the info to report it to the ISP.  Any help or if everyone can 
report it, I would be a happy camper.

 

ab...@4cloud.mobi  ; ab...@fiberinternet.bg 
 

 

https://en.asytech.cn/check-ip/79.124.62.25#gsc.tab=0

 

--

Thank You,

Joe

Re: Suspicious IP reporting

2021-02-04 Thread JoeSox 
Do others see this online bully started by Tom? The leader has spoken so
the minions follow :)
This list  sometimes LOL
I think if everyone gets off their high horse, the list communication would
be less noisy for the list veterans.
--
Thank You,
Joe


On Thu, Feb 4, 2021 at 4:36 PM TJ Trout  wrote:

> This seems like a highly suspect request coming from a North American
> network operator...?
>
>
> On Thu, Feb 4, 2021 at 10:23 AM JoeSox  wrote:
>
>>
>> This IP is hitting devices on cellular networks for the past day or so.
>>   https://www.abuseipdb.com/whois/79.124.62.86
>> I think this is the info to report it to the ISP.  Any help or if
>> everyone can report it, I would be a happy camper.
>>
>> ab...@4cloud.mobi; ab...@fiberinternet.bg
>>
>> https://en.asytech.cn/check-ip/79.124.62.25#gsc.tab=0
>>
>> --
>> Thank You,
>> Joe
>>
>

Re: Suspicious IP reporting

2021-02-04 Thread TJ Trout 
This seems like a highly suspect request coming from a North American
network operator...?


On Thu, Feb 4, 2021 at 10:23 AM JoeSox  wrote:

>
> This IP is hitting devices on cellular networks for the past day or so.
>   https://www.abuseipdb.com/whois/79.124.62.86
> I think this is the info to report it to the ISP.  Any help or if everyone
> can report it, I would be a happy camper.
>
> ab...@4cloud.mobi; ab...@fiberinternet.bg
>
> https://en.asytech.cn/check-ip/79.124.62.25#gsc.tab=0
>
> --
> Thank You,
> Joe
>

Re: Suspicious IP reporting

2021-02-04 Thread JoeSox 
Jean,
That is fine. I don't understand why the ignorance. Its one flipping email
and people can reply to me without adding the list. Is this really a
necessary conversation? It has only blown up BECAUSE of Tom's comments.
That is great he is a big shot and contributes, that is great to hear.
I am not expereicncing the same type of onlist behavior.

Listen, I have devices on a cell network with only a few layers of security
(of course there is a plan to increase the security on those devices but
this is a complicated and highly regulated environment).
Someone contacted me off list telling me they beleive the IP is a command
and control server.
Cell networks like Verizon has a process to report these IPs, now I am not
educated in how the cellular network deal with that, that is where my
"ignorance" if you would like to call it that, comes in.
I see no issue asking other network admins to report it and fail to
understand why this particular issue is bad.
If there is a FEAR that everyone and their grandmother starts asking the
onlist community to report IP addresses, I think that is an an unnecessary
fear.

What has turned into "noise" that Tom feared so much has been his doing not
mine.




On Thu, Feb 4, 2021 at 4:22 PM Jean St-Laurent  wrote:

> I do not know Tom personally, but I’ve been following his comments,
> hindsight and shared experience. Tom seems to be a bigger player than you
> on this mailing list.
>
>
>
> Joe, you are only penalizing yourself by banning him. I would personally
> not ban him.
>
>
>
> J
>
>
>
> *From:* Jean St-Laurent 
> *Sent:* February 4, 2021 6:28 PM
> *To:* 'JoeSox' ; 'Tom Beecher' 
> *Cc:* 'NANOG' 
> *Subject:* RE: Suspicious IP reporting
>
>
>
> So what? I’ve scanned the internet more than 100’ times on all
> ports/protocols than you can imagine with zmap and many other shabby tools.
>
>
>
> I agree with Tom that these absue reports are totally useless and create
> so much noise that it feels like crying wolf.
>
> Network operator are trained to absorb and protect against that.
>
>
>
> Are you aware of the 4D rules?
>
> Dether
>
> Denied
>
> Detect
>
> Delay
>
>
>
> Unless that you are a real threat to a nation… good luck.
>
>
>
> There is a new submarine link that connect America with Europe. It is said
> to be 250 Tbps.
>
>
> https://cloud.google.com/blog/products/infrastructure/googles-dunant-subsea-cable-is-now-ready-for-service
>
>
>
> Kill this link and I guess the industry will listen to you.
>
>
>
> Good luck with your ip in China.
>
>
>
> Jean St-Laurent
>
>
>
>
>
> *From:* NANOG  *On Behalf Of *
> JoeSox
> *Sent:* February 4, 2021 6:06 PM
> *To:* Tom Beecher 
> *Cc:* NANOG 
> *Subject:* Re: Suspicious IP reporting
>
>
>
> Tom,
>
> Others are seeing it as I provided the website that shows others are
> seeing it.
>
> https://www.abuseipdb.com/check/79.124.62.86
>
> I think it is pretty poor form to be ignorant.
>
>
>
> Congrats you have been banned from my gmail account straight to the
> deleted.
>
>
>
>
>
> On Thu, Feb 4, 2021 at 1:12 PM Tom Beecher  wrote:
>
> I think it's pretty poor form to ask people to report an IP for doing
> something they are not seeing themselves, and may not even be abuse. What
> does "hitting devices" mean? Pings? SNMP?
>
>
>
> This sort of thing contributes to abuse reponses being poor; lots of
> noise, not much signal.
>
>
>
> On Thu, Feb 4, 2021 at 1:22 PM JoeSox  wrote:
>
>
>
> This IP is hitting devices on cellular networks for the past day or so.
>
>   https://www.abuseipdb.com/whois/79.124.62.86
>
> I think this is the info to report it to the ISP.  Any help or if everyone
> can report it, I would be a happy camper.
>
>
>
> ab...@4cloud.mobi; ab...@fiberinternet.bg
>
>
>
> https://en.asytech.cn/check-ip/79.124.62.25#gsc.tab=0
>
>
>
> --
>
> Thank You,
>
> Joe
>
>

RE: Suspicious IP reporting

2021-02-04 Thread Jean St-Laurent via NANOG 
I do not know Tom personally, but I’ve been following his comments, hindsight 
and shared experience. Tom seems to be a bigger player than you on this mailing 
list.

 

Joe, you are only penalizing yourself by banning him. I would personally not 
ban him.

 

J

 

From: Jean St-Laurent  
Sent: February 4, 2021 6:28 PM
To: 'JoeSox' ; 'Tom Beecher' 
Cc: 'NANOG' 
Subject: RE: Suspicious IP reporting

 

So what? I’ve scanned the internet more than 100’ times on all ports/protocols 
than you can imagine with zmap and many other shabby tools.

 

I agree with Tom that these absue reports are totally useless and create so 
much noise that it feels like crying wolf.

Network operator are trained to absorb and protect against that.

 

Are you aware of the 4D rules?

Dether

Denied

Detect

Delay

 

Unless that you are a real threat to a nation… good luck.

 

There is a new submarine link that connect America with Europe. It is said to 
be 250 Tbps. 

https://cloud.google.com/blog/products/infrastructure/googles-dunant-subsea-cable-is-now-ready-for-service

 

Kill this link and I guess the industry will listen to you.

 

Good luck with your ip in China.

 

Jean St-Laurent

 

 

From: NANOG mailto:nanog-bounces+jean=ddostest...@nanog.org> > On Behalf Of JoeSox
Sent: February 4, 2021 6:06 PM
To: Tom Beecher mailto:beec...@beecher.cc> >
Cc: NANOG mailto:nanog@nanog.org> >
Subject: Re: Suspicious IP reporting

 

Tom,

Others are seeing it as I provided the website that shows others are seeing it.

https://www.abuseipdb.com/check/79.124.62.86

I think it is pretty poor form to be ignorant.

 

Congrats you have been banned from my gmail account straight to the deleted.

 

 

On Thu, Feb 4, 2021 at 1:12 PM Tom Beecher mailto:beec...@beecher.cc> > wrote:

I think it's pretty poor form to ask people to report an IP for doing something 
they are not seeing themselves, and may not even be abuse. What does "hitting 
devices" mean? Pings? SNMP? 

 

This sort of thing contributes to abuse reponses being poor; lots of noise, not 
much signal. 

 

On Thu, Feb 4, 2021 at 1:22 PM JoeSox mailto:joe...@gmail.com> > wrote:

 

This IP is hitting devices on cellular networks for the past day or so.

  https://www.abuseipdb.com/whois/79.124.62.86  

I think this is the info to report it to the ISP.  Any help or if everyone can 
report it, I would be a happy camper.

 

ab...@4cloud.mobi  ; ab...@fiberinternet.bg 
 

 

https://en.asytech.cn/check-ip/79.124.62.25#gsc.tab=0

 

--

Thank You,

Joe

RE: Suspicious IP reporting

2021-02-04 Thread Jean St-Laurent via NANOG 
So what? I’ve scanned the internet more than 100’ times on all ports/protocols 
than you can imagine with zmap and many other shabby tools.

 

I agree with Tom that these absue reports are totally useless and create so 
much noise that it feels like crying wolf.

Network operator are trained to absorb and protect against that.

 

Are you aware of the 4D rules?

Dether

Denied

Detect

Delay

 

Unless that you are a real threat to a nation… good luck.

 

There is a new submarine link that connect America with Europe. It is said to 
be 250 Tbps. 

https://cloud.google.com/blog/products/infrastructure/googles-dunant-subsea-cable-is-now-ready-for-service

 

Kill this link and I guess the industry will listen to you.

 

Good luck with your ip in China.

 

Jean St-Laurent

 

 

From: NANOG  On Behalf Of JoeSox
Sent: February 4, 2021 6:06 PM
To: Tom Beecher 
Cc: NANOG 
Subject: Re: Suspicious IP reporting

 

Tom,

Others are seeing it as I provided the website that shows others are seeing it.

https://www.abuseipdb.com/check/79.124.62.86

I think it is pretty poor form to be ignorant.

 

Congrats you have been banned from my gmail account straight to the deleted.

 

 

On Thu, Feb 4, 2021 at 1:12 PM Tom Beecher mailto:beec...@beecher.cc> > wrote:

I think it's pretty poor form to ask people to report an IP for doing something 
they are not seeing themselves, and may not even be abuse. What does "hitting 
devices" mean? Pings? SNMP? 

 

This sort of thing contributes to abuse reponses being poor; lots of noise, not 
much signal. 

 

On Thu, Feb 4, 2021 at 1:22 PM JoeSox mailto:joe...@gmail.com> > wrote:

 

This IP is hitting devices on cellular networks for the past day or so.

  https://www.abuseipdb.com/whois/79.124.62.86  

I think this is the info to report it to the ISP.  Any help or if everyone can 
report it, I would be a happy camper.

 

ab...@4cloud.mobi  ; ab...@fiberinternet.bg 
 

 

https://en.asytech.cn/check-ip/79.124.62.25#gsc.tab=0

 

--

Thank You,

Joe

Re: Suspicious IP reporting

2021-02-04 Thread JoeSox 
Tom,
Others are seeing it as I provided the website that shows others are seeing
it.
https://www.abuseipdb.com/check/79.124.62.86

I think it is pretty poor form to be ignorant.

Congrats you have been banned from my gmail account straight to the deleted.


On Thu, Feb 4, 2021 at 1:12 PM Tom Beecher  wrote:

> I think it's pretty poor form to ask people to report an IP for doing
> something they are not seeing themselves, and may not even be abuse. What
> does "hitting devices" mean? Pings? SNMP?
>
> This sort of thing contributes to abuse reponses being poor; lots of
> noise, not much signal.
>
> On Thu, Feb 4, 2021 at 1:22 PM JoeSox  wrote:
>
>>
>> This IP is hitting devices on cellular networks for the past day or so.
>>   https://www.abuseipdb.com/whois/79.124.62.86
>> I think this is the info to report it to the ISP.  Any help or if
>> everyone can report it, I would be a happy camper.
>>
>> ab...@4cloud.mobi; ab...@fiberinternet.bg
>>
>> https://en.asytech.cn/check-ip/79.124.62.25#gsc.tab=0
>>
>> --
>> Thank You,
>> Joe
>>
>

Re: Suspicious IP reporting

2021-02-04 Thread Tom Beecher 
I think it's pretty poor form to ask people to report an IP for doing
something they are not seeing themselves, and may not even be abuse. What
does "hitting devices" mean? Pings? SNMP?

This sort of thing contributes to abuse reponses being poor; lots of noise,
not much signal.

On Thu, Feb 4, 2021 at 1:22 PM JoeSox  wrote:

>
> This IP is hitting devices on cellular networks for the past day or so.
>   https://www.abuseipdb.com/whois/79.124.62.86
> I think this is the info to report it to the ISP.  Any help or if everyone
> can report it, I would be a happy camper.
>
> ab...@4cloud.mobi; ab...@fiberinternet.bg
>
> https://en.asytech.cn/check-ip/79.124.62.25#gsc.tab=0
>
> --
> Thank You,
> Joe
>

Suspicious IP reporting

2021-02-04 Thread JoeSox 
This IP is hitting devices on cellular networks for the past day or so.
  https://www.abuseipdb.com/whois/79.124.62.86
I think this is the info to report it to the ISP.  Any help or if everyone
can report it, I would be a happy camper.

ab...@4cloud.mobi; ab...@fiberinternet.bg

https://en.asytech.cn/check-ip/79.124.62.25#gsc.tab=0

--
Thank You,
Joe

Re: NANOG Digest, Vol 157, Issue 3

2021-02-04 Thread Rod Beck 
It sounds interesting.

-R.


From: NANOG  on behalf 
of Jakob Heitz (jheitz) via NANOG 
Sent: Thursday, February 4, 2021 6:00 AM
To: nanog@nanog.org 
Subject: RE: NANOG Digest, Vol 157, Issue 3

I couldn't put down Bill Norton's book.
https://drpeering.net/core/bookOutline.html
When a cheapskate like me pays the $10, it means something.

Regards,
Jakob.

-Original Message-
Date: Tue, 2 Feb 2021 11:35:34 +0100
From: Casey Callendrello 
To: nanog@nanog.org
Subject: BGP / routing paper recommendations?
Message-ID: <5f47b46e-d43b-a60e-42ef-84149a5a6...@caseyc.net>
Content-Type: text/plain; charset=utf-8; format=flowed

Hi all,

I'm part of a paper reading club, and the group's interest has turned to
BGP and Internet routing in general. As the only person in the group who
even knows what an AS is, I've been tasked with finding interesting
papers on the subject. Any papers or presentations that you found
valuable or interesting?

My list, so far:

- ARTEMIS: Neutralizing BGP Hijacking Within a Minute
(https://www.inspire.edu.gr/wp-content/pdfs/artemis_TON2018.pdf)
- Securing BGP - A Literature Survey
(https://ieeexplore.ieee.org/document/5473881)
- Stable Internet routing without global coordination
(https://ieeexplore.ieee.org/document/974523)
- A Survey on Approaches to Reduce BGP Interdomain Routing Convergence
Delay on the Internet (https://ieeexplore.ieee.org/document/7964680)

I would particularly appreciate papers that focus on the
distributed-systems aspect of routing, such as convergence times,
stability, and security. Happy to take responses off-list, will
summarize in due time.

TIA,
-- Casey Callendrello