Optimum/Altice network contact
Hi NANOG. I'm hoping to find an Optimum/Altice contact for one of my sites in TX where I'm seeing periodic latencies of up to 2 minutes throughout the day. This has been going for several months and escalations to the right team are apparently impossible. Please email me off-list for details. Thanks Dave
Re: Do ISP's collect and analyze traffic of users?
I think it's safe to assume they are selling such data. https://www.techdirt.com/2021/08/25/isps-give-netflow-data-to-third-parties-who-sell-it-without-user-awareness-consent/ https://www.vice.com/en/article/dy3z9a/fbi-bought-netflow-data-team-cymru-contract On Mon, May 15, 2023 at 6:01 PM Michael Thomas wrote: > > And maybe try to monetize it? I'm pretty sure that they can be compelled > to do that, but do they do it for their own reasons too? Or is this way > too much overhead to be doing en mass? (I vaguely recall that netflow, > for example, can make routers unhappy if there is too much "flow"). > > Obviously this is likely to depend on local laws but since this is NANOG > we can limit it to here. > > Mike > >
Re: Copper Termination Blocks
Hi Mike. I used Krone blocks back in the mid 90s. I really liked them. I'm afraid now your long-term options now are probably straight old 66 or 110 blocks. 66 blocks give some added flexibility. 110s are more efficient as far as space consumed compared to 66 blocks. Krone and 110s have a very similar profile. Depending on how much copper you're terminating, you may want to plan the frame layout for cross-connect field space before building the frame. You don't want to end up with too much cross-connect wire volume in too small an area. That can get troublesome. Happy to discuss specifics. Just ping me off-list. On Thu, Apr 14, 2022 at 3:13 PM Mike Hammett wrote: > I know I'm discussing what some consider ancient technology. I counter > that it meets or exceeds the needs of many, many people. > > Currently, we use 100-pr Telect-style termination blocks. They don't offer > much in terms of ease of use for testing and don't organize well on a 19" > or 23" rack. > > I was recommended to look at Krone blocks. They look just great. Easy to > break into for testing with their "look both ways" plug as well as their > preterminated blocks looked much easier to rack-mount. > > Well, Krone was bought by ADC. ADC was bought by Tyco Electronics. TE was > bought by Commscope. Commscope discontinued everything I found interesting > with no replacements. > > > Some of the stuff is on eBay (even NIB), some not. > > Any recommendations for places to get old telco blocks, testers, mounts, > etc.? > > Any recommendations for alternatives that are easier to source? > > > > > - > Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com > > Midwest-IX > http://www.midwest-ix.com >
Re: Suspicious IP reporting
While I agree that reporting something not observed just creates a lot of unnecessary work for the recipient in processing all of the unsubstantiated reports (that don't match traffic logs, etc), that isn't the point of my message. I would point out that most people would call such reports spam at the least. Another term for the same thing, brigading, rarely works out satisfactorily for anyone either. Success with asking a service provider to take action is always going to be a crapshoot, but it will almost never be fast in any case. If there is a C2 server known to be contacting a host you manage, the bigger problem to me would seem to be the compromised host, rather than the C2. It could be exfiltrating sensitive data to the attacker right now. An established attacker will have dozens or hundreds of C2s. Do you intend to pursue all of them individually? If the organization isn't prepared to start an appropriate incident response on a compromised host in a timely manner, perhaps they will learn from and correct that security posture weakness in the future. Regards Dave On Thu, Feb 4, 2021 at 7:17 PM JoeSox wrote: > Ryan, > Thanks but like I said these devices are in moving vehicles ok? > I stated we have a plan but it is ways out. > FACT: we have a known malicious C&C > FACT: We know what networks it is hitting and the cellular network is the > most vulnerable, imo. > FACT: this IP is against Verizon terms of service so the way to address it > is to report it to them as they request. > > I honestly got what I needed from this thread, thanks. And I thank the > nonbullies that helped me off list. > -- > Thank You, > Joe > > > On Thu, Feb 4, 2021 at 5:11 PM Ryan Hamel > wrote: > >> Joe, >> >> >> >> It isn’t on Verizon to setup a firewall, especially if you have a direct >> public IP service. The device being attached directly to the Internet (no >> matter the transmission medium), must be able to protect itself. ISPs >> provide routers which function as a NAT/Firewall appliance, to provide a >> means of safety and convenience for them, but also charge you a rental fee. >> >> >> >> Stick a Cradlepoint router or something in front of your device, if you >> want an external means of protection. Otherwise you’ll need to enable the >> Windows Firewall if it’s a Windows system, or setup iptables on Linux, >> ipfw/pf on *BSD, etc. >> >> >> >> Ryan >> >> >> >> *From:* JoeSox >> *Sent:* Thursday, February 4, 2021 5:04 PM >> *To:* r...@rkhtech.org >> *Cc:* TJ Trout ; NANOG >> *Subject:* Re: Suspicious IP reporting >> >> >> >> How do I setup a firewall when I am not a Verizon engineer? >> >> There is a firewall via the antivirus and operating system but that's it. >> >> Do you not understand my issue? I thought that is the real problem with >> the online bullies in this thread. >> >> -- >> >> Thank You, >> >> Joe >> >> >> >> >> >> On Thu, Feb 4, 2021 at 5:01 PM Ryan Hamel >> wrote: >> >> Joe, >> >> >> >> The underlying premise here is, “pick your battles”. If you don’t want an >> IP address to access your device in anyway, setup a firewall and properly >> configure it to accept whitelisted traffic only, or just expose a VPN >> endpoint. The Internet is full of both good and bad actors that probe and >> scan anything and everything. >> >> >> >> While some appreciate the notification here, others will find it >> annoying. We cannot report anything malicious about an IP address on the >> Internet, unless it does harm to us specifically, otherwise it is false >> reporting and does create more noise at the ISP, and waste more time >> getting to the underlying issue. >> >> >> >> Ryan >> >> >> >> *From:* NANOG *On Behalf Of * >> JoeSox >> *Sent:* Thursday, February 4, 2021 4:41 PM >> *To:* TJ Trout >> *Cc:* NANOG >> *Subject:* Re: Suspicious IP reporting >> >> >> >> Do others see this online bully started by Tom? The leader has spoken so >> the minions follow :) >> >> This list sometimes LOL >> >> I think if everyone gets off their high horse, the list communication >> would be less noisy for the list veterans. >> >> -- >> >> Thank You, >> >> Joe >> >> >> >> >> >> On Thu, Feb 4, 2021 at 4:36 PM TJ Trout wrote: >> >> This seems like a highly suspect request coming from a North American >> network operator...? >> >> >> >> >> >> On Thu, Feb 4, 2021 at 10:23 AM JoeSox wrote: >> >> >> >> This IP is hitting devices on cellular networks for the past day or so. >> >> https://www.abuseipdb.com/whois/79.124.62.86 >> >> I think this is the info to report it to the ISP. Any help or if >> everyone can report it, I would be a happy camper. >> >> >> >> ab...@4cloud.mobi; ab...@fiberinternet.bg >> >> >> >> https://en.asytech.cn/check-ip/79.124.62.25#gsc.tab=0 >> >> >> >> -- >> >> Thank You, >> >> Joe >> >>
Re: Verizon DC/NOVA Issues?
Apparently all over the east coast or northeast region. https://twitter.com/VerizonSupport/status/1354109889572982786 On Tue, Jan 26, 2021 at 11:13 AM Robert Webb wrote: > Any hearing of Verizon internet issues affecting the DC, Northern > Virginia, and surrounding areas? > > Just got a flood of complaints about work VPN connections keep dropping > and all users appear to be using Verizon internet and other users on > Comcast are not having issues. > > Started maybe around 11:30AM EST.. > > Thanks.. > > Robert Webb >
Re: WhatsApp's New Policy Has...
Keybase was purchased by Zoom ( https://www.cnbc.com/2020/05/07/zoom-buys-keybase-in-first-deal-as-part-of-plan-to-fix-security.html). >From what I've gathered, Zoom is too tight with, owned by, or run by China, so I believe there was a similar mass exodus from Keybase for lack of trust. On Fri, Jan 8, 2021 at 1:17 PM Richard Porter wrote: > Has anyone considered or used Keybase? > > On Fri, Jan 8, 2021 at 1:14 PM Mark Tinka wrote: > >> >> >> On 1/8/21 19:26, Drew Weaver wrote: >> >> > This might be anecdotal but there is a ton of debate about whether or >> not Telegram is encrypted. >> > >> > This is not anecdotal though, on Wednesday night I saw an interview >> with a security expert on CNBC and he indicated that they knew that the >> riots in DC were going to happen because they had been "monitoring the >> extremists Telegram groups". What they didn't say was whether or not they >> were simply members of those groups, or monitoring from a >> "networking/technology" sense. I'm not sure if Signal does groups the same >> way that Telegram does but that one is widely believed to be much better >> than Telegram as far as privacy and security. >> > >> > Telegram is a tremendously useful (and free service) for connecting to >> Elastalert for all manner of notifications, but we have since moved to >> Teams for that just because we can't really be sure what is going on under >> the hood with Telegram. >> > >> > Just some things that I have observed, not trying to start a holy war. >> >> My rudimentary understanding of Telegram is that group messages are >> client-server, which is why new members can read old posts when they >> join a group. >> >> Signal, on the other hand, is p2p for members within the group. No >> messages are ever sent to their cloud. >> >> Mark. >> >
Re: CloudFlare Issues?
From cloudflarestatus.com Cloudflare Network and Resolver Issues <https://www.cloudflarestatus.com/incidents/b888fyhbygb8> *Investigating* - Cloudflare is investigating issues with Cloudflare Resolver and our edge network in certain locations. Customers using Cloudflare services in certain regions are impacted as requests might fail and/or errors may be displayed. Data Centers impacted include: SJC, DFW, SEA, LAX, ORD, IAD, EWR, ATL, LHR, AMS, FRA, CDG On Fri, Jul 17, 2020 at 4:44 PM Dave Phelps wrote: > Cloudlflare's status page shows they are investigating an issue. Discord's > status page also shows Cloudflare has an issue. Most people aren't making > the Cloudflare connection yet and reporting many other services down > instead. > > On Fri, Jul 17, 2020 at 4:40 PM Chris Grundemann > wrote: > >> Looks like there may be something big up (read: down) at CloudFlare, but >> their status page is not reporting anything yet. >> >> Am I crazy? Or just time to give up on the internet for this week? >> >> -- >> @ChrisGrundemann >> http://chrisgrundemann.com >> >
Re: CloudFlare Issues?
Cloudlflare's status page shows they are investigating an issue. Discord's status page also shows Cloudflare has an issue. Most people aren't making the Cloudflare connection yet and reporting many other services down instead. On Fri, Jul 17, 2020 at 4:40 PM Chris Grundemann wrote: > Looks like there may be something big up (read: down) at CloudFlare, but > their status page is not reporting anything yet. > > Am I crazy? Or just time to give up on the internet for this week? > > -- > @ChrisGrundemann > http://chrisgrundemann.com >
Re: FCC grants WISPs temporary 5.9 GHz spectrum access
Perhaps I'm being cynical, but thank [deity of choice] that the cell carriers want it made available for this purpose. Reference: https://docs.fcc.gov/public/attachments/DOC-363451A1.pdf "...And it would help advance even further our leadership in next generation wireless technologies, including 5G.” says Ajit Pai. On Wed, Apr 1, 2020 at 7:57 PM Jared Mauch wrote: > The big announcement is the 6ghz space opening up. This will be big for > people doing p2p links. > > Sent from my iCar > > > On Apr 1, 2020, at 8:42 PM, Sean Donelan wrote: > > > > > > I missed this announcement last week. > > > > > > > https://www.fcc.gov/document/fcc-grants-wisps-temporary-59-ghz-spectrum-access-rural-broadband > > > > The FCC’s Wireless Telecommunications Bureau today granted temporary > spectrum access to 33 wireless Internet service providers serving 330 > > counties in 29 states to help them serve rural communities facing an > increase in broadband needs during the COVID-19 pandemic. The Special > Temporary Authority (STA) granted today allows these companies to use the > lower 45 megahertz of spectrum in the 5.9 GHz band for 60 days. >
Re: Learning Resource for IRR to RPKI
I don't manage big networks, but Cloudflare just published some related content today I found useful. https://blog.cloudflare.com/rpki-and-the-rtr-protocol/ On Wed, Mar 4, 2020 at 7:23 PM Eric C. Miller wrote: > Hello NANOG community, > > > > In the many years that I’ve been doing this line of work, I’ve actually > never had to deal with the public registry side of the job (I’ve always > seem to walk into an established environment). I’m struggling to get up to > speed quickly, as I must integrate additional AS’s into my own and our > upstreams are no longer utilizing filter lists to accommodate the IP blocks > being added. I’m being prompted to create route objects or establish an AS > set with ours and our peers’ ASNs. > > > > I’m sure that there’s an easy button out there for getting this week’s > work done, but I want to learn more about the system in general, but I’m > having trouble putting my thumb on the right place to look for learning. > > > > Any help you can provide, I would appreciate it! > > > > Regards, > > > > Eric > > >
Re: SNMP via proxy
Some devices only accept IP addresses as destinations, or resolve a FQDN to an IP and that goes in the config. I add secondary IPs to servers for these functions. Then I can simply move the IP to a new host whenever the role moves. On Wed, Apr 10, 2019 at 9:13 AM Dovid Bender wrote: > Hi, > > A bit off topic. One of my early mistakes in my 9-5 was hard coding the > IP's of our SNMP box in all of our gear (networking equipment, Servers > etc,). The box is at its limit and increasing its capacity will be > nearly impossible. We mainly use Nagios and Cacti to monitor our network. > Going forward I was thinking of setting up a few hosts whose job would be > to simply relay SNMP traffic. This way moving forward we could hard code > several IP's and bounce all traffic through one of these IP's. > > TIA for your advice. > > Regards, > > Dovid > >
