Re: DoD IP Space

[Valdis Klētnieks]

On Fri, 05 Feb 2021 17:25:34 -0800, Doug Barton said:
> I am genuinely curious, how would you explain the problem, and describe
> a solution, to an almost exclusively non-technical audience who just
> wants to get the bits flowing again?

"The people who did Disney's software wrote it for the Internet protocols
of last century, so it fails with this century's Internet. Adding insult to 
injury,
the reason you even notice a problem is because it reacts badly to the failure,
because it doesn't even include *last* century's well-known methods of
error recovery".



pgphNxdmn5BHj.pgp
Description: PGP signature

Re: DoD IP Space

[Doug Barton]

Owen,

I am genuinely curious, how would you explain the problem, and describe 
a solution, to an almost exclusively non-technical audience who just 
wants to get the bits flowing again?


Doug
(still not speaking for anyone other than myself)


On 2/5/21 2:25 PM, Owen DeLong wrote:
At the bottom of that page, there is a question “Was this answer 
helpful.” I clicked NO. It gave me a free form text box to explain why I 
felt it was not helpful… Here’s what I typed:


The advice is just bad and the facts are incorrect.
IPv6 is not blocking the Disney application. Either IPv6 is broken
in the users environment (in which case, the user should work with
their network administrator to resolve this) or Disney has failed to
implement IPv6 correctly on their DRM platform.

IPv6 cannot "Block" an application.

Turning off IPv6 will degrade several other services and cause
additional problems. This is simply very bad advice and shame on
Disney for issuing it.


Hopefully if enough people follow suit, Disney will get the idea.

Owen

Re: DoD IP Space

[Mel Beckman]

ROTFL! I’m sorry, but the imagery of people paying rent for a piece of Randy’s 
mind is just too much :)

> On Jan 21, 2021, at 14:22 , Randy Bush  wrote:
> 
>>> I’m sure we all remember Y2k (well, most of us, there could be some
>>> young-uns on the list). That day was happening whether we wanted it to
>>> or not. It was an unchangeable, unmovable deadline.
>> 
>> but i thought 3gpp was gong to force ipv6 adoption
> 
> let me try it a different way
> 
> why should i care whether you deploy ipv6, move to dual stack, cgnat,
> ...?  you will do whatever makes sense to the pointy heads in your c
> suite.  why should i give them or some tech religion free rent in my
> mind when i already have too much real work to do?
> 

Re: DoD IP Space

[Owen DeLong]

WebOS implemented IPv6 in 3.8 IIRC.

Owen


> On Jan 22, 2021, at 15:30 , Doug Barton  wrote:
> 
> The KB indicates that the problem is with the "LG TV WebOS 3.8 or above."
> 
> Doug
> 
> (not speaking for any employers, current or former)
> 
> 
> On 1/22/21 12:42 PM, Mark Andrews wrote:
>> Disney should hire some proper developers and QA team.
>> RFC 1123 instructed developers to make sure your products handled 
>> multi-homed servers properly and dealing with one of the addresses being 
>> unreachable is part of that.  It’s not like the app can’t attempt to a 
>> stream from the IPv6 address and if there is no response in 200ms start a 
>> parallel attempt from the IPv4 address.  If the IPv6 stream succeeds drop 
>> the IPv4 stream  Happy Eyeballs is just a specific case of multi-homed 
>> servers.
>> QA should have test scenarios where the app has a dual stack network and the 
>> servers are silently untraceable over one then the other transport.  It 
>> isn’t hard to do.  Dealing with broken networks is something every 
>> application should do.

Re: DoD IP Space

[Owen DeLong]

His example may have included incompetence. However, it takes longer, but
it is definitely possible to run out of RFC-1918 space with scale and no 
incompetence.

No rational network will ever be able to put every single /32 endpoint on a 
host, but
I know of several networks that have come darn close and still run multiple 
partitioned
RFC-1918 “zones” because RFC-1918 just isn’t enough for them.

The good news is that IPv6 has plenty of addresses available for all of these 
applications
and there’s absolutely no need for separate private addressing unless you 
really want it.

Owen


> On Jan 22, 2021, at 14:42 , Izaac  wrote:
> 
> On Fri, Jan 22, 2021 at 01:03:15PM -0800, Sabri Berisha wrote:
>> TL;DR: a combination of scale and incompetence means you can run out of 10/8
>> really quick.
> 
> Indeed.  Thank you for providing a demonstration of my point.
> 
> I'd question the importance of having an console on target in Singapore
> be able to directly address an BMC controller in Phoenix (wait for it),
> but I'm sure that's a mission requirement.
> 
> But just in case you'd like to reconsider, can I interest you in NAT?
> Like nutmeg, a little will add some spice to your recipe -- but too much
> will cause nausea and hallucinations.  It's entirely possible to put an
> entire 192.168.0.0/16 network behind every single 172.16.0.0/12 address.
> 
> So, you've already "not at all hypothetical'd" entire racks completely
> full of 1U hosts that are supporting lots of VMs in their beefy memory
> on their two processors and also doing SAN into another universe.  Let's
> just magic a rack controller to handle the NAT.  We can just cram it
> into the extra-dimensional space where the switches live.
> 
> A standard port mapping configuration to match your "blueprint" ought to
> be straight-foward.  But let's elide the details and learn by
> demonstration by just using it!
> 
> If the Singapore AZ were assigned 172.18.0.0/16.
> And the 7th pod were 172.18.7.0/24.
> And the 12th rack were 172.18.7.12/32.
> We can SSH to the 39th host at: 172.18.7.11:2239
> Which NATs to 192.168.0.39:22 on the 192.168.0.0/24 standard net.
> 
> If the Phoenix AZ (payoff!) were assigned 172.22.0.0/16.
> And the 9th pod were 172.22.9.0/24
> And the 33rd rack were 172.22.9.33/32.
> We can VNC to the BMC of the 27th host at: 172.22.9.33:5927.
> Which NATs to 192.168.1.27:5900 on the 192.168.1.0/24 management net.
> 
> Let's see.  We've met all our requirements, left unused more than 50% of
> the 172.16/12 space by being very generous to our AZs, left unused 98%
> of the 192.168/16 space in each rack, threw every zero-network to the
> wolves for our human counting from 1, and still haven't even touched
> 10/8.  And all less than an hour's chin pulling.
> 
> Good for us.
> 
> -- 
> . ___ ___  .   .  ___
> .  \/  |\  |\ \
> .  _\_ /__ |-\ |-\ \__

Re: DoD IP Space

[Owen DeLong]

At the bottom of that page, there is a question “Was this answer helpful.” I 
clicked NO. It gave me a free form text box to explain why I felt it was not 
helpful… Here’s what I typed:

The advice is just bad and the facts are incorrect.
IPv6 is not blocking the Disney application. Either IPv6 is broken in the users 
environment (in which case, the user should work with their network 
administrator to resolve this) or Disney has failed to implement IPv6 correctly 
on their DRM platform.

IPv6 cannot "Block" an application.

Turning off IPv6 will degrade several other services and cause additional 
problems. This is simply very bad advice and shame on Disney for issuing it.

Hopefully if enough people follow suit, Disney will get the idea.

Owen

> On Jan 21, 2021, at 18:29 , Travis Garrison  wrote:
> 
> What's all your opinion when company's such as Disney actively recommend 
> disabling IPv6? They are presenting it as IPv6 is blocking their app. We all 
> know that isn’t possible. Several people have issues with their app and 
> Amazon firesticks. I use my phone and a chromecast and I see the issues when 
> IPv6 is enabled. We are in the testing phase on rolling out IPv6 on our 
> network. All the scripts are ready, just trying to work through the few 
> issues like this one.
> 
> https://help.disneyplus.com/csp?id=csp_article_content_kb_id=c91af021dbe46850b03cc58a139619ed
> 
> Thank you
> Travis 
> 
> 
> 
> -Original Message-
> From: NANOG  On Behalf Of 
> Mark Andrews
> Sent: Thursday, January 21, 2021 7:45 PM
> To: Sabri Berisha 
> Cc: nanog 
> Subject: Re: DoD IP Space
> 
> IPv6 doesn’t need a hard date.  It is coming, slowly, but it is coming.
> Every data set says the same thing.  It may not be coming as fast as a lot of 
> us would want or actually think is reasonable as ISP’s are currently being 
> forced to deploy CGNs (NAT44 and NAT64) because there are laggards that are 
> not doing their part.
> 
> If you offer a service over the Internet then it should be available over
> IPv6 otherwise you are costing your customers more to reach you.  CGNs are 
> not free.
> 
> Mark
> 
>> On 22 Jan 2021, at 06:07, Sabri Berisha  wrote:
>> 
>> - On Jan 21, 2021, at 6:40 AM, Andy Ringsmuth a...@andyring.com wrote:
>> 
>> Hi,
>> 
>>> I’m sure we all remember Y2k
>> 
>> Ah, yes. As a young IT consultant wearing a suit and tie (rofl), I 
>> upgraded many bioses in many office buildings in the months leading up to 
>> it...
>> 
>>> I’d love to see a line in the concrete of, say, January 1, 2025, 
>>> whereby IPv6 will be the default.
>> 
>> The challenge with that is the market. Y2K was a problem that was 
>> existed. It was a brick wall that we would hit no matter what. The 
>> faulty code was released years before the date.
>> 
>> We, IETF, or even the UN could come up with 1/1/25 as the date where 
>> we switch off IPv4, and you will still find networks that run IPv4 for 
>> the simple reason that the people who own those networks have a choice. With 
>> Y2K there was no choice.
>> 
>> The best way to have IPv6 implemented worldwide is by having an 
>> incentive for the executives that make the decisions. From experience, 
>> as I've said on this list a few times before, I can tell you that 
>> decision makers with a limited budget that have to choose between a 
>> new revenue generating feature, or a company-wide implementation of 
>> IPv6, will choose the one that's best for their own short-term interests.
>> 
>> On that note, I did have a perhaps silly idea: One way to create the 
>> demand could be to have browser makers add a warning to the URL bar, 
>> similar to the HTTPS warnings we see today. If a site is IPv4 only, 
>> warn that the site is using deprecated technology.
>> 
>> Financial incentives also work. Perhaps we can convince Mr. Biden to 
>> give a .5% tax cut to corporations that fully implement v6. That will 
>> create some bonus targets.
>> 
>> Thanks,
>> 
>> Sabri
> 
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742  INTERNET: ma...@isc.org
> 

Re: DoD IP Space

[Owen DeLong]

> On Jan 21, 2021, at 14:22 , Randy Bush  wrote:
> 
>>> I’m sure we all remember Y2k (well, most of us, there could be some
>>> young-uns on the list). That day was happening whether we wanted it to
>>> or not. It was an unchangeable, unmovable deadline.
>> 
>> but i thought 3gpp was gong to force ipv6 adoption
> 
> let me try it a different way
> 
> why should i care whether you deploy ipv6, move to dual stack, cgnat,
> ...?  you will do whatever makes sense to the pointy heads in your c
> suite.  why should i give them or some tech religion free rent in my
> mind when i already have too much real work to do?
> 

Presumably because you have reason to connect to the internet.

Presumably you intend that connection to the internet to be able to reach
a variety of third parties.

As such, there is some reasonable basis for the idea that how third parties
choose to manage their network impacts decisions you need to make about
your own network.

E.G. Facebook has decided to go almost entirely IPv6, yet they maintain an
IPv4 presence on their front-end in order to support users that are victims of
IPv4-only networks and devices. Facebook faces a cost in having to maintain
those services to reach those customers. That cost could be reduced by the
providers in question (and in some cases the device manufacturers) providing
robust IPv6 implementations in their products and services.

Unfortunately, NAT, CGNAT, and IPv4 in general are an unrecognized cost
inflicted on people who are not involved in the decision to implement those
processes vs. deploying IPv6, thus creating. a situation where those who
have deployed IPv6 yet wish to maintain connectivity to those who have not
are essentially subsidizing those who have not in order to maintain that
connectivity.

Now, if the true cost of that were more transparent and the organizations
not deploying IPv6 could be made more aware of the risks of what happens
when a variety of organizations choose to put an end to that subsidy,
it might get more attention at the CxO level. Unfortunately, the perverse
incentives of the market (providers that are willing to offer legacy services
are more likely to retain customers than providers that aren’t) prevent
those paying the subsidy from opting out (at least for now) because the
critical mass of customers still clinging to their legacy networks presumably
comes with a value that exceeds the cost of that subsidy.

There was actually some excellent work done to try and quantify this
in terms of Per User Per Year costs to an average ISP by
Lee Howard: https://www.rmv6tf.org/wp-content/uploads/2012/11/TCO-of-CGN1.pdf

Owen

RE: Suspicious IP reporting

[Jean St-Laurent via NANOG]

Hi Joe & Joe,

 

I’m not sure which Joe is the original Joe anymore, but I like this reply 
better than the previous one. 

It feels more informative and more useful to the community.

 

I just stumbled on this article.

https://www.zdnet.com/article/google-chrome-syncing-features-can-be-abused-for-c-c-and-data-exfiltration/

 

Could it be that what the OP observed is link to a browser vulnerability 
started to be exploited recently?

 

Cheers,
Jean

 

From: NANOG  On Behalf Of Joe
Sent: February 5, 2021 9:51 AM
To: JoeSox 
Cc: NANOG 
Subject: Re: Suspicious IP reporting

 

Much like your banning of an email address is an ability you have with your 
provider (gmail), you should have the same abilities with your cellular 
provider for an IP address. 

I would think (at a minimum) you would be able to negotiate such an action with 
them, perhaps it is time to re-negotiate that contract?

If your simply trying to report an offending IP for brute force stuff perhaps 
the tact you may find more helpful is to ask for a contact at xzy ISP on list, 
versus asking folks to do reporting for you. As well there are like 100s of 
lists to report this to outside of NANOG  

As well, if I am reading this correctly, deployment of devices that have public 
facing IPs and do not have a means to protect themselves is concerning to say 
the least. 

This is about as reckless as putting up a login page without a password and 
crying foul when something gains access that you didn't expect. Again, I do not 
know all of the details of this so I may be way off base with that respect. 

 

If your ability to prevent issues is due to lack of a firewall/control to your 
network, possibly asking for help in mitigating such threats would be better, 
as there are a lot of very well versed/clever folks that help out.

Regards,


-Joe

 

 

On Thu, Feb 4, 2021 at 7:17 PM JoeSox mailto:joe...@gmail.com> > wrote:

Ryan,

Thanks but like I said these devices are in moving vehicles ok?

I stated we have a plan but it is ways out.  

FACT: we have a known malicious C

FACT: We know what networks it is hitting and the cellular network is the most 
vulnerable, imo.

FACT: this IP is against Verizon terms of service so the way to address it is 
to report it to them as they request.

 

I honestly got what I needed from this thread, thanks. And I thank the 
nonbullies that helped me off list.

--

Thank You,

Joe 

 

 

On Thu, Feb 4, 2021 at 5:11 PM Ryan Hamel mailto:administra...@rkhtech.org> > wrote:

Joe,

 

It isn’t on Verizon to setup a firewall, especially if you have a direct public 
IP service. The device being attached directly to the Internet (no matter the 
transmission medium), must be able to protect itself. ISPs provide routers 
which function as a NAT/Firewall appliance, to provide a means of safety and 
convenience for them, but also charge you a rental fee.

 

Stick a Cradlepoint router or something in front of your device, if you want an 
external means of protection. Otherwise you’ll need to enable the Windows 
Firewall if it’s a Windows system, or setup iptables on Linux, ipfw/pf on *BSD, 
etc.

 

Ryan

 

From: JoeSox mailto:joe...@gmail.com> > 
Sent: Thursday, February 4, 2021 5:04 PM
To: r...@rkhtech.org  
Cc: TJ Trout mailto:t...@pcguys.us> >; NANOG mailto:nanog@nanog.org> >
Subject: Re: Suspicious IP reporting

 

How do I setup a firewall when I am not a Verizon engineer?

There is a firewall via the antivirus and operating system but that's it.

Do you not understand my issue? I thought that is the real problem with the 
online bullies in this thread.


--

Thank You,

Joe

 

 

On Thu, Feb 4, 2021 at 5:01 PM Ryan Hamel mailto:administra...@rkhtech.org> > wrote:

Joe,

 

The underlying premise here is, “pick your battles”. If you don’t want an IP 
address to access your device in anyway, setup a firewall and properly 
configure it to accept whitelisted traffic only, or just expose a VPN endpoint. 
The Internet is full of both good and bad actors that probe and scan anything 
and everything.

 

While some appreciate the notification here, others will find it annoying. We 
cannot report anything malicious about an IP address on the Internet, unless it 
does harm to us specifically, otherwise it is false reporting and does create 
more noise at the ISP, and waste more time getting to the underlying issue.

 

Ryan

 

From: NANOG mailto:rkhtech@nanog.org> > On Behalf Of JoeSox
Sent: Thursday, February 4, 2021 4:41 PM
To: TJ Trout mailto:t...@pcguys.us> >
Cc: NANOG mailto:nanog@nanog.org> >
Subject: Re: Suspicious IP reporting

 

Do others see this online bully started by Tom? The leader has spoken so the 
minions follow :)

This list  sometimes LOL

I think if everyone gets off their high horse, the list communication would be 
less noisy for the list veterans.


--

Thank You,

Joe

 

 

On Thu, Feb 4, 2021 at 4:36 PM TJ Trout mailto:t...@pcguys.us> 
> wrote:

This seems like 

Re: Comcast routine maintenance.

[Livingood, Jason via NANOG]

Please accept our apologies for the wording of that notice. I looked at the 
ticket and it is emergency unplanned physical network repair. I appreciate your 
patience as a customer and am happy to provide further info or assistance if 
you’d like (just ping me off-list).

Jason

From: NANOG  on 
behalf of Andrey Khomyakov 
Date: Friday, February 5, 2021 at 3:32 PM
To: Nanog 
Subject: Comcast routine maintenance.

Who thought that doing a routine maintenance that covers a whole business day 
during a pandemic stay at home order was a better option than doing it, say, I 
don’t know, at midnight on Sunday for example?

This is the message right now on Comcast status webpage
“Internet unavailable
We're currently performing routine system maintenance. This may cause an 
interruption to your service. We began work on 02/05/2021 09:42 AM (Pacific), 
and this is expected to end on 02/05/2021 03:30 PM (Pacific). We appreciate 
your patience.”

Comcast routine maintenance.

[Andrey Khomyakov]

Who thought that doing a routine maintenance that covers a whole business day 
during a pandemic stay at home order was a better option than doing it, say, I 
don’t know, at midnight on Sunday for example?

This is the message right now on Comcast status webpage
“Internet unavailable
We're currently performing routine system maintenance. This may cause an 
interruption to your service. We began work on 02/05/2021 09:42 AM (Pacific), 
and this is expected to end on 02/05/2021 03:30 PM (Pacific). We appreciate 
your patience.”

Paris Dark Fiber Providers

[Rod Beck]

Please contact off list. Looking to understand the competitive landscape. I 
used to live there, but it was over ten years ago. Particularly in commercial 
flexible and nimble players with unique physical assets like rights of way 
diverse to the usual suspects.

Best,

Roderick.


Roderick Beck

Global Network Capacity Sourcing

United Cable Company

https://unitedcablecompany.com/video/

www.unitedcablecompany.com

New York City & Budapest

rod.b...@unitedcablecompany.com

Budapest: 36-70-605-5144

NJ: 908-452-8183


[1467221477350_image005.png]

Weekly Routing Table Report

[Routing Analysis Role Account]

This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.

The posting is sent to APOPS, NANOG, AfNOG, SANOG, PacNOG, SAFNOG
TZNOG, MENOG, BJNOG, SDNOG, CMNOG, LACNOG and the RIPE Routing WG.

Daily listings are sent to bgp-st...@lists.apnic.net

For historical data, please see http://thyme.rand.apnic.net.

If you have any comments please contact Philip Smith .

Routing Table Report   04:00 +10GMT Sat 06 Feb, 2021

Report Website: http://thyme.rand.apnic.net
Detailed Analysis:  http://thyme.rand.apnic.net/current/

Analysis Summary


BGP routing table entries examined:  844686
Prefixes after maximum aggregation (per Origin AS):  322012
Deaggregation factor:  2.62
Unique aggregates announced (without unneeded subnets):  401655
Total ASes present in the Internet Routing Table: 70445
Prefixes per ASN: 11.99
Origin-only ASes present in the Internet Routing Table:   60620
Origin ASes announcing only one prefix:   25030
Transit ASes present in the Internet Routing Table:9825
Transit-only ASes present in the Internet Routing Table:301
Average AS path length visible in the Internet Routing Table:   4.4
Max AS path length visible:  62
Max AS path prepend of ASN (266299)  59
Prefixes from unregistered ASNs in the Routing Table:   881
Number of instances of unregistered ASNs:   887
Number of 32-bit ASNs allocated by the RIRs:  34957
Number of 32-bit ASNs visible in the Routing Table:   29011
Prefixes from 32-bit ASNs in the Routing Table:  135484
Number of bogon 32-bit ASNs visible in the Routing Table:27
Special use prefixes present in the Routing Table:1
Prefixes being announced from unallocated address space:619
Number of addresses announced to Internet:   2910601856
Equivalent to 173 /8s, 124 /16s and 66 /24s
Percentage of available address space announced:   78.6
Percentage of allocated address space announced:   78.6
Percentage of available address space allocated:  100.0
Percentage of address space in use by end-sites:   99.5
Total number of prefixes smaller than registry allocations:  288192

APNIC Region Analysis Summary
-

Prefixes being announced by APNIC Region ASes:   221527
Total APNIC prefixes after maximum aggregation:   65515
APNIC Deaggregation factor:3.38
Prefixes being announced from the APNIC address blocks:  217308
Unique aggregates announced from the APNIC address blocks:88038
APNIC Region origin ASes present in the Internet Routing Table:   11245
APNIC Prefixes per ASN:   19.32
APNIC Region origin ASes announcing only one prefix:   3214
APNIC Region transit ASes present in the Internet Routing Table:   1588
Average APNIC Region AS path length visible:4.6
Max APNIC Region AS path length visible: 30
Number of APNIC region 32-bit ASNs visible in the Routing Table:   6395
Number of APNIC addresses announced to Internet:  770416128
Equivalent to 45 /8s, 235 /16s and 158 /24s
APNIC AS Blocks4608-4864, 7467-7722, 9216-10239, 17408-18431
(pre-ERX allocations)  23552-24575, 37888-38911, 45056-46079, 55296-56319,
   58368-59391, 63488-64098, 64297-64395, 131072-143673
APNIC Address Blocks 1/8,  14/8,  27/8,  36/8,  39/8,  42/8,  43/8,
49/8,  58/8,  59/8,  60/8,  61/8, 101/8, 103/8,
   106/8, 110/8, 111/8, 112/8, 113/8, 114/8, 115/8,
   116/8, 117/8, 118/8, 119/8, 120/8, 121/8, 122/8,
   123/8, 124/8, 125/8, 126/8, 133/8, 150/8, 153/8,
   163/8, 171/8, 175/8, 180/8, 182/8, 183/8, 202/8,
   203/8, 210/8, 211/8, 218/8, 219/8, 220/8, 221/8,
   222/8, 223/8,

ARIN Region Analysis Summary


Prefixes being announced by ARIN Region ASes:243213
Total ARIN prefixes after maximum aggregation:   112211
ARIN Deaggregation factor: 2.17
Prefixes being announced from the ARIN address blocks:   243808
Unique aggregates announced from the ARIN address blocks:116192
ARIN Region origin ASes present in the Internet Routing Table:18713
ARIN Prefixes per ASN:13.03
ARIN 

Re: Suspicious IP reporting

[Tom Beecher]

Let's assume that I submitted an abuse report on your behalf. I'm not going
to do it on behalf of my company; I'm not seeing this issue. So I'd have to
do it in a personal capacity.

Who do I report it to? Let's say my ISP is Charter, and my cell provider is
AT Reporting to either one would not provide you any benefit, since you
are seeing the suspect traffic to you via Verizon. Let's assume I file the
reports anyways. What do I say? I haven't seen the traffic in question, so
I have no idea what it is. I can't provide any specifics in my abuse report
that would be helpful. I'm certainly not going to just copypasta some
information from abusedbip; I can't speak to the accuracy of anything
there.

Finally, I'm just another guy on the list, nobody special. I certainly
don't feel that there was any bullying involved on my part or others, but I
won't comment further; the intensity of your reaction would lead me to
believe it would be unproductive.

Best of luck in addressing your issues.

On Thu, Feb 4, 2021 at 8:17 PM JoeSox  wrote:

> Ryan,
> Thanks but like I said these devices are in moving vehicles ok?
> I stated we have a plan but it is ways out.
> FACT: we have a known malicious C
> FACT: We know what networks it is hitting and the cellular network is the
> most vulnerable, imo.
> FACT: this IP is against Verizon terms of service so the way to address it
> is to report it to them as they request.
>
> I honestly got what I needed from this thread, thanks. And I thank the
> nonbullies that helped me off list.
> --
> Thank You,
> Joe
>
>
> On Thu, Feb 4, 2021 at 5:11 PM Ryan Hamel 
> wrote:
>
>> Joe,
>>
>>
>>
>> It isn’t on Verizon to setup a firewall, especially if you have a direct
>> public IP service. The device being attached directly to the Internet (no
>> matter the transmission medium), must be able to protect itself. ISPs
>> provide routers which function as a NAT/Firewall appliance, to provide a
>> means of safety and convenience for them, but also charge you a rental fee.
>>
>>
>>
>> Stick a Cradlepoint router or something in front of your device, if you
>> want an external means of protection. Otherwise you’ll need to enable the
>> Windows Firewall if it’s a Windows system, or setup iptables on Linux,
>> ipfw/pf on *BSD, etc.
>>
>>
>>
>> Ryan
>>
>>
>>
>> *From:* JoeSox 
>> *Sent:* Thursday, February 4, 2021 5:04 PM
>> *To:* r...@rkhtech.org
>> *Cc:* TJ Trout ; NANOG 
>> *Subject:* Re: Suspicious IP reporting
>>
>>
>>
>> How do I setup a firewall when I am not a Verizon engineer?
>>
>> There is a firewall via the antivirus and operating system but that's it.
>>
>> Do you not understand my issue? I thought that is the real problem with
>> the online bullies in this thread.
>>
>> --
>>
>> Thank You,
>>
>> Joe
>>
>>
>>
>>
>>
>> On Thu, Feb 4, 2021 at 5:01 PM Ryan Hamel 
>> wrote:
>>
>> Joe,
>>
>>
>>
>> The underlying premise here is, “pick your battles”. If you don’t want an
>> IP address to access your device in anyway, setup a firewall and properly
>> configure it to accept whitelisted traffic only, or just expose a VPN
>> endpoint. The Internet is full of both good and bad actors that probe and
>> scan anything and everything.
>>
>>
>>
>> While some appreciate the notification here, others will find it
>> annoying. We cannot report anything malicious about an IP address on the
>> Internet, unless it does harm to us specifically, otherwise it is false
>> reporting and does create more noise at the ISP, and waste more time
>> getting to the underlying issue.
>>
>>
>>
>> Ryan
>>
>>
>>
>> *From:* NANOG  *On Behalf Of *
>> JoeSox
>> *Sent:* Thursday, February 4, 2021 4:41 PM
>> *To:* TJ Trout 
>> *Cc:* NANOG 
>> *Subject:* Re: Suspicious IP reporting
>>
>>
>>
>> Do others see this online bully started by Tom? The leader has spoken so
>> the minions follow :)
>>
>> This list  sometimes LOL
>>
>> I think if everyone gets off their high horse, the list communication
>> would be less noisy for the list veterans.
>>
>> --
>>
>> Thank You,
>>
>> Joe
>>
>>
>>
>>
>>
>> On Thu, Feb 4, 2021 at 4:36 PM TJ Trout  wrote:
>>
>> This seems like a highly suspect request coming from a North American
>> network operator...?
>>
>>
>>
>>
>>
>> On Thu, Feb 4, 2021 at 10:23 AM JoeSox  wrote:
>>
>>
>>
>> This IP is hitting devices on cellular networks for the past day or so.
>>
>>   https://www.abuseipdb.com/whois/79.124.62.86
>>
>> I think this is the info to report it to the ISP.  Any help or if
>> everyone can report it, I would be a happy camper.
>>
>>
>>
>> ab...@4cloud.mobi; ab...@fiberinternet.bg
>>
>>
>>
>> https://en.asytech.cn/check-ip/79.124.62.25#gsc.tab=0
>>
>>
>>
>> --
>>
>> Thank You,
>>
>> Joe
>>
>>

Re: Suspicious IP reporting

[J. Hellenthal via NANOG]

Sorry wasn’t meant directly aimed at you… unless you are the same person \?

> On Feb 5, 2021, at 09:12, J. Hellenthal  wrote:
> 
> And just like deploying IoT devices in vehicles without proper security 
> preparations will lead you to a C network … just saying the hammer swings 
> both ways here and getting a IP reported isn’t going to do you any damn good 
> at ALL.
> 
> Personally I’d rip those IoT vehicles off the market for a recall but I 
> suspect we’ll be hearing of that in the not to distant future.
> 
> So in hindsight why don’t we just close down this thread here.
> 
>> On Feb 5, 2021, at 08:50, Joe  wrote:
>> 
>> Much like your banning of an email address is an ability you have with your 
>> provider (gmail), you should have the same abilities with your cellular 
>> provider for an IP address. 
>> I would think (at a minimum) you would be able to negotiate such an action 
>> with them, perhaps it is time to re-negotiate that contract?
>> If your simply trying to report an offending IP for brute force stuff 
>> perhaps the tact you may find more helpful is to ask for a contact at xzy 
>> ISP on list, versus asking folks to do reporting for you. As well there are 
>> like 100s of lists to report this to outside of NANOG  
>> As well, if I am reading this correctly, deployment of devices that have 
>> public facing IPs and do not have a means to protect themselves is 
>> concerning to say the least. 
>> This is about as reckless as putting up a login page without a password and 
>> crying foul when something gains access that you didn't expect. Again, I do 
>> not know all of the details of this so I may be way off base with that 
>> respect. 
>> 
>> If your ability to prevent issues is due to lack of a firewall/control to 
>> your network, possibly asking for help in mitigating such threats would be 
>> better, as there are a lot of very well versed/clever folks that help out.
>> Regards,
>> -Joe
>> 
>> 
>> On Thu, Feb 4, 2021 at 7:17 PM JoeSox  wrote:
>> Ryan,
>> Thanks but like I said these devices are in moving vehicles ok?
>> I stated we have a plan but it is ways out.  
>> FACT: we have a known malicious C
>> FACT: We know what networks it is hitting and the cellular network is the 
>> most vulnerable, imo.
>> FACT: this IP is against Verizon terms of service so the way to address it 
>> is to report it to them as they request.
>> 
>> I honestly got what I needed from this thread, thanks. And I thank the 
>> nonbullies that helped me off list.
>> --
>> Thank You,
>> Joe 
>> 
>> 
>> On Thu, Feb 4, 2021 at 5:11 PM Ryan Hamel  wrote:
>> Joe,
>> 
>> 
>> 
>> It isn’t on Verizon to setup a firewall, especially if you have a direct 
>> public IP service. The device being attached directly to the Internet (no 
>> matter the transmission medium), must be able to protect itself. ISPs 
>> provide routers which function as a NAT/Firewall appliance, to provide a 
>> means of safety and convenience for them, but also charge you a rental fee.
>> 
>> 
>> 
>> Stick a Cradlepoint router or something in front of your device, if you want 
>> an external means of protection. Otherwise you’ll need to enable the Windows 
>> Firewall if it’s a Windows system, or setup iptables on Linux, ipfw/pf on 
>> *BSD, etc.
>> 
>> 
>> 
>> Ryan
>> 
>> 
>> 
>> From: JoeSox  
>> Sent: Thursday, February 4, 2021 5:04 PM
>> To: r...@rkhtech.org
>> Cc: TJ Trout ; NANOG 
>> Subject: Re: Suspicious IP reporting
>> 
>> 
>> 
>> How do I setup a firewall when I am not a Verizon engineer?
>> 
>> There is a firewall via the antivirus and operating system but that's it.
>> 
>> Do you not understand my issue? I thought that is the real problem with the 
>> online bullies in this thread.
>> 
>> --
>> 
>> Thank You,
>> 
>> Joe
>> 
>> 
>> 
>> 
>> 
>> On Thu, Feb 4, 2021 at 5:01 PM Ryan Hamel  wrote:
>> 
>> Joe,
>> 
>> 
>> 
>> The underlying premise here is, “pick your battles”. If you don’t want an IP 
>> address to access your device in anyway, setup a firewall and properly 
>> configure it to accept whitelisted traffic only, or just expose a VPN 
>> endpoint. The Internet is full of both good and bad actors that probe and 
>> scan anything and everything.
>> 
>> 
>> 
>> While some appreciate the notification here, others will find it annoying. 
>> We cannot report anything malicious about an IP address on the Internet, 
>> unless it does harm to us specifically, otherwise it is false reporting and 
>> does create more noise at the ISP, and waste more time getting to the 
>> underlying issue.
>> 
>> 
>> 
>> Ryan
>> 
>> 
>> 
>> From: NANOG  On Behalf Of JoeSox
>> Sent: Thursday, February 4, 2021 4:41 PM
>> To: TJ Trout 
>> Cc: NANOG 
>> Subject: Re: Suspicious IP reporting
>> 
>> 
>> 
>> Do others see this online bully started by Tom? The leader has spoken so the 
>> minions follow :)
>> 
>> This list  sometimes LOL
>> 
>> I think if everyone gets off their high horse, the list communication would 
>> be less noisy for the list veterans.
>> 

Re: Suspicious IP reporting

[J. Hellenthal via NANOG]

And just like deploying IoT devices in vehicles without proper security 
preparations will lead you to a C network … just saying the hammer swings 
both ways here and getting a IP reported isn’t going to do you any damn good at 
ALL.

Personally I’d rip those IoT vehicles off the market for a recall but I suspect 
we’ll be hearing of that in the not to distant future.

So in hindsight why don’t we just close down this thread here.

> On Feb 5, 2021, at 08:50, Joe  wrote:
> 
> Much like your banning of an email address is an ability you have with your 
> provider (gmail), you should have the same abilities with your cellular 
> provider for an IP address. 
> I would think (at a minimum) you would be able to negotiate such an action 
> with them, perhaps it is time to re-negotiate that contract?
> If your simply trying to report an offending IP for brute force stuff perhaps 
> the tact you may find more helpful is to ask for a contact at xzy ISP on 
> list, versus asking folks to do reporting for you. As well there are like 
> 100s of lists to report this to outside of NANOG  
> As well, if I am reading this correctly, deployment of devices that have 
> public facing IPs and do not have a means to protect themselves is concerning 
> to say the least. 
> This is about as reckless as putting up a login page without a password and 
> crying foul when something gains access that you didn't expect. Again, I do 
> not know all of the details of this so I may be way off base with that 
> respect. 
> 
> If your ability to prevent issues is due to lack of a firewall/control to 
> your network, possibly asking for help in mitigating such threats would be 
> better, as there are a lot of very well versed/clever folks that help out.
> Regards,
> -Joe
> 
> 
> On Thu, Feb 4, 2021 at 7:17 PM JoeSox  wrote:
> Ryan,
> Thanks but like I said these devices are in moving vehicles ok?
> I stated we have a plan but it is ways out.  
> FACT: we have a known malicious C
> FACT: We know what networks it is hitting and the cellular network is the 
> most vulnerable, imo.
> FACT: this IP is against Verizon terms of service so the way to address it is 
> to report it to them as they request.
> 
> I honestly got what I needed from this thread, thanks. And I thank the 
> nonbullies that helped me off list.
> --
> Thank You,
> Joe 
> 
> 
> On Thu, Feb 4, 2021 at 5:11 PM Ryan Hamel  wrote:
> Joe,
> 
>  
> 
> It isn’t on Verizon to setup a firewall, especially if you have a direct 
> public IP service. The device being attached directly to the Internet (no 
> matter the transmission medium), must be able to protect itself. ISPs provide 
> routers which function as a NAT/Firewall appliance, to provide a means of 
> safety and convenience for them, but also charge you a rental fee.
> 
>  
> 
> Stick a Cradlepoint router or something in front of your device, if you want 
> an external means of protection. Otherwise you’ll need to enable the Windows 
> Firewall if it’s a Windows system, or setup iptables on Linux, ipfw/pf on 
> *BSD, etc.
> 
>  
> 
> Ryan
> 
>  
> 
> From: JoeSox  
> Sent: Thursday, February 4, 2021 5:04 PM
> To: r...@rkhtech.org
> Cc: TJ Trout ; NANOG 
> Subject: Re: Suspicious IP reporting
> 
>  
> 
> How do I setup a firewall when I am not a Verizon engineer?
> 
> There is a firewall via the antivirus and operating system but that's it.
> 
> Do you not understand my issue? I thought that is the real problem with the 
> online bullies in this thread.
> 
> --
> 
> Thank You,
> 
> Joe
> 
>  
> 
>  
> 
> On Thu, Feb 4, 2021 at 5:01 PM Ryan Hamel  wrote:
> 
> Joe,
> 
>  
> 
> The underlying premise here is, “pick your battles”. If you don’t want an IP 
> address to access your device in anyway, setup a firewall and properly 
> configure it to accept whitelisted traffic only, or just expose a VPN 
> endpoint. The Internet is full of both good and bad actors that probe and 
> scan anything and everything.
> 
>  
> 
> While some appreciate the notification here, others will find it annoying. We 
> cannot report anything malicious about an IP address on the Internet, unless 
> it does harm to us specifically, otherwise it is false reporting and does 
> create more noise at the ISP, and waste more time getting to the underlying 
> issue.
> 
>  
> 
> Ryan
> 
>  
> 
> From: NANOG  On Behalf Of JoeSox
> Sent: Thursday, February 4, 2021 4:41 PM
> To: TJ Trout 
> Cc: NANOG 
> Subject: Re: Suspicious IP reporting
> 
>  
> 
> Do others see this online bully started by Tom? The leader has spoken so the 
> minions follow :)
> 
> This list  sometimes LOL
> 
> I think if everyone gets off their high horse, the list communication would 
> be less noisy for the list veterans.
> 
> --
> 
> Thank You,
> 
> Joe
> 
>  
> 
>  
> 
> On Thu, Feb 4, 2021 at 4:36 PM TJ Trout  wrote:
> 
> This seems like a highly suspect request coming from a North American network 
> operator...? 
> 
>  
> 
>  
> 
> On Thu, Feb 4, 2021 at 10:23 AM JoeSox  wrote:
> 
>  
> 

Re: Suspicious IP reporting

[Joe]

Much like your banning of an email address is an ability you have with your
provider (gmail), you should have the same abilities with your cellular
provider for an IP address.
I would think (at a minimum) you would be able to negotiate such an action
with them, perhaps it is time to re-negotiate that contract?
If your simply trying to report an offending IP for brute force stuff
perhaps the tact you may find more helpful is to ask for a contact at xzy
ISP on list, versus asking folks to do reporting for you. As well there are
like 100s of lists to report this to outside of NANOG
As well, if I am reading this correctly, deployment of devices that have
public facing IPs and do not have a means to protect themselves is
concerning to say the least.
This is about as reckless as putting up a login page without a password and
crying foul when something gains access that you didn't expect. Again, I do
not know all of the details of this so I may be way off base with that
respect.

If your ability to prevent issues is due to lack of a firewall/control to
your network, possibly asking for help in mitigating such threats would be
better, as there are a lot of very well versed/clever folks that help out.
Regards,
-Joe


On Thu, Feb 4, 2021 at 7:17 PM JoeSox  wrote:

> Ryan,
> Thanks but like I said these devices are in moving vehicles ok?
> I stated we have a plan but it is ways out.
> FACT: we have a known malicious C
> FACT: We know what networks it is hitting and the cellular network is the
> most vulnerable, imo.
> FACT: this IP is against Verizon terms of service so the way to address it
> is to report it to them as they request.
>
> I honestly got what I needed from this thread, thanks. And I thank the
> nonbullies that helped me off list.
> --
> Thank You,
> Joe
>
>
> On Thu, Feb 4, 2021 at 5:11 PM Ryan Hamel 
> wrote:
>
>> Joe,
>>
>>
>>
>> It isn’t on Verizon to setup a firewall, especially if you have a direct
>> public IP service. The device being attached directly to the Internet (no
>> matter the transmission medium), must be able to protect itself. ISPs
>> provide routers which function as a NAT/Firewall appliance, to provide a
>> means of safety and convenience for them, but also charge you a rental fee.
>>
>>
>>
>> Stick a Cradlepoint router or something in front of your device, if you
>> want an external means of protection. Otherwise you’ll need to enable the
>> Windows Firewall if it’s a Windows system, or setup iptables on Linux,
>> ipfw/pf on *BSD, etc.
>>
>>
>>
>> Ryan
>>
>>
>>
>> *From:* JoeSox 
>> *Sent:* Thursday, February 4, 2021 5:04 PM
>> *To:* r...@rkhtech.org
>> *Cc:* TJ Trout ; NANOG 
>> *Subject:* Re: Suspicious IP reporting
>>
>>
>>
>> How do I setup a firewall when I am not a Verizon engineer?
>>
>> There is a firewall via the antivirus and operating system but that's it.
>>
>> Do you not understand my issue? I thought that is the real problem with
>> the online bullies in this thread.
>>
>> --
>>
>> Thank You,
>>
>> Joe
>>
>>
>>
>>
>>
>> On Thu, Feb 4, 2021 at 5:01 PM Ryan Hamel 
>> wrote:
>>
>> Joe,
>>
>>
>>
>> The underlying premise here is, “pick your battles”. If you don’t want an
>> IP address to access your device in anyway, setup a firewall and properly
>> configure it to accept whitelisted traffic only, or just expose a VPN
>> endpoint. The Internet is full of both good and bad actors that probe and
>> scan anything and everything.
>>
>>
>>
>> While some appreciate the notification here, others will find it
>> annoying. We cannot report anything malicious about an IP address on the
>> Internet, unless it does harm to us specifically, otherwise it is false
>> reporting and does create more noise at the ISP, and waste more time
>> getting to the underlying issue.
>>
>>
>>
>> Ryan
>>
>>
>>
>> *From:* NANOG  *On Behalf Of *
>> JoeSox
>> *Sent:* Thursday, February 4, 2021 4:41 PM
>> *To:* TJ Trout 
>> *Cc:* NANOG 
>> *Subject:* Re: Suspicious IP reporting
>>
>>
>>
>> Do others see this online bully started by Tom? The leader has spoken so
>> the minions follow :)
>>
>> This list  sometimes LOL
>>
>> I think if everyone gets off their high horse, the list communication
>> would be less noisy for the list veterans.
>>
>> --
>>
>> Thank You,
>>
>> Joe
>>
>>
>>
>>
>>
>> On Thu, Feb 4, 2021 at 4:36 PM TJ Trout  wrote:
>>
>> This seems like a highly suspect request coming from a North American
>> network operator...?
>>
>>
>>
>>
>>
>> On Thu, Feb 4, 2021 at 10:23 AM JoeSox  wrote:
>>
>>
>>
>> This IP is hitting devices on cellular networks for the past day or so.
>>
>>   https://www.abuseipdb.com/whois/79.124.62.86
>>
>> I think this is the info to report it to the ISP.  Any help or if
>> everyone can report it, I would be a happy camper.
>>
>>
>>
>> ab...@4cloud.mobi; ab...@fiberinternet.bg
>>
>>
>>
>> https://en.asytech.cn/check-ip/79.124.62.25#gsc.tab=0
>>
>>
>>
>> --
>>
>> Thank You,
>>
>> Joe
>>
>>