Re: [swinog] Swisscom IPv6 Routing weirdness
On 26.02.21 12:29, Silvan M. Gebhardt wrote: > Isn't that the case with tcp_offload enabled in the NIC that tcpdump will see > incorrect checksums? > > > I'm by no means a tcpdump expert: > > Those incorrect checksums: are my systems generating incorrect checksums > or is it the swisscom side? It seems weird that different systems with > different OS at different customers would all start making wrong tcp > checksums. Checksum errors are rather common to originate in virtualization platforms. It is one of the things to check for when deploying new infrastructure. Even some bigger resellers hand out VMs with these problems: I occasionally have to add a "ethtool -K $IFACE rx off tx off" command to the boot process. Cheers Claudio pEpkey.asc Description: application/pgp-keys ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Inbound DNS query filtering on "broadband" IPs?
On 09.11.18 15:58, Claudio Luck wrote: > Hi all > > I'm currently experimenting to host DNS zones on dynamic IP addresses > and dynamic DNS. > > But I'm encountering more difficulties than expected on "broadband > connections" in receiving UDP port 53 DNS query packets. In one case > they're filtered completely (TCP port 53 works, UDP port 53 is blacked > out), while on some there seems to be some adaptive filtering requiring > like 10 minutes to "open up". > > Does this ring a bell? I would be thankful about any hint what could be > interfering, PM or here. Sooo... just FYI Dear all if you have customers pluggin' plastic-routers the wrong way around, exposing their resolvers for DNS amplification attacks, I feel with you. If you decide to counter this by filtering inbound queries altogether, please state it, and then more importantly, tell your support staff :D Looks legit, but from my point of view it is too simplistic a solution to do it undercover and to persist in the era of dynamic/privacy IPv6 addresses. Don't let yourself catch unprepared of the current wave of DNS de- and centralization. DoT and DoH are stirring up the market, and a counter-move toward decentralization has started to move (GNUnet GNS). Concepts like rigid filters for dynamic IP ranges are putting up dust, so I'm eager to discover about adaptive filters I think I've also observed (Deutsch/English). If you wonder what this is all about, a more or less random article giving a start: «DNS Amplification – Protecting Unrestricted (Open) DNS Resolvers» https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/dns-amplification-protecting-unrestricted-open-dns-resolvers/ Best Claudio Luck Veteran full-stack ISP operator Six years in Devil's AI kitchen (they boil with water too) Board of Chaos Computer Club Works for pretty Easy privacy 0x937550D4D032C306.asc Description: application/pgp-keys ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] Inbound DNS query filtering on "broadband" IPs?
Hi all I'm currently experimenting to host DNS zones on dynamic IP addresses and dynamic DNS. But I'm encountering more difficulties than expected on "broadband connections" in receiving UDP port 53 DNS query packets. In one case they're filtered completely (TCP port 53 works, UDP port 53 is blacked out), while on some there seems to be some adaptive filtering requiring like 10 minutes to "open up". Does this ring a bell? I would be thankful about any hint what could be interfering, PM or here. Thanks! Best Claudio Luck 0x937550D4D032C306.asc Description: application/pgp-keys ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] mirror.switch.ch to be closed down
Hi On 23.08.18 10:37, Manuel Wenger wrote: > Thank you Fredy for pointing this out. It's really a pity SWITCHmirror is > shutting down. > > We are also interested in understanding what would be involved in keeping > such a mirror alive, especially from a storage and bandwidth perspective. > > Could someone from Switch please comment? It'd be highly appreciated. > >From a bandwith/topology perspective please note http://debian.ethz.ch/, which is hosted on the SWITCH network too. Cheers Claudio 0x937550D4D032C306.asc Description: application/pgp-keys ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] Unabhängiges Komitee gegen Geldspielgesetz
Salut Mitenand Kurz als Erinnerung an alle Mitglieder dieser Mailingliste. Das Crowdfunding für das unabhängige GSGnein-Komitee benötigt in den nächsten 24 Stunden noch 4'000 Franken: Das unabhängige Komitee wird sich gegen das Gesetz einsetzen, ohne von ausländischen Spielbanken finanziert zu werden. https://wemakeit.com/projects/save-the-free-internet Helft bitte mit und macht die Kampagne möglich! Vielen Dank Claudio Luck Chaos Computer Club Zürich 0x937550D4D032C306.asc Description: application/pgp-keys ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] Surplus gear for hacker camps?
Hi Swinog I'm hoping to find free give-away networking gear to run 100-300 People "hacker camps", like ZeTeCo in two weeks in Schaffhausen. Maybe your companies have equipment which has fallen short of vendor support to give away to the poor hacker community? Switches with 24 Ports Gigabit, and 2 to 4 GBIC/X2/SFP/SFP+ uplinks would be ideal. We have some Cisco 3560G/3560E series already, which are great feature-wise, and some PoE cabaple switches, but we need like 10-15 more of each to cover the large camp area. Surplus 802af power injectors, and fibers (SM and MM), especially long ones (25m, 50m, 100m), couplers and lasers/modules are also welcome. Whatever we would receive will be used and pooled in the Chaos Computer Club community and "affiliates". Please contact me PM for questions and offers. Thank you very much! Claudio Luck ZeTeCo Camp (wiki.zeteco.ch) / Chaos Computer Club Zürich ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] ProLiant Debian
This site has come in handy for some RAID controllers and Debian Lenny: http://hwraid.le-vert.net/ On Fri, 2010-02-19 at 15:47 +0100, Stanislav Sinyagin wrote: From: Tonnerre Lombard tonne...@bsdprojects.net I'm a rather frequent and loyal Sun customer, I think over time I must have bought just about every Fire model, and they all came with empty drive bays where no hard disks have been ordered. I never saw any «dummy» or unusable bay between the years 2000 and 2010. Yes, empty drive bays where you can't insert a standard bare disk. You need Sun disk mount kits, which are not sold separately. You both sure have made very contradicting experiences with Sun HW! Is your reseller making a business out of it for it's own, removing the unused disk frames and selling them apart with third-party disks? /Speculation Because I too always have got a usable disk frame in every disk bay. -- Gruss Claudio Luck ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
