Re: Spitballing IoT Security

In message <20161030044342.ga18...@thyrsus.com>, "Eric S. Raymond" wrote: >Ronald F. Guilmette : >> Two kids with a modest amount of knowledge >> and a lot of time on their hands can do it from their mom's basement. > >I in turn

Re: Spitballing IoT Security

Ronald F. Guilmette : > Two kids with a modest amount of knowledge > and a lot of time on their hands can do it from their mom's basement. I in turn have to call BS on this. If it were really that easy, we'd be inundated by Mirais -- we'd have

Death of WHOIS, Film at 11

In message <58150673.5090...@foobar.org>, Nick Hilliard wrote: >David Conrad already pointed out that this problem has been solved using >RDAP which supports referrals. Try installing the nicinfo command from: > >https://github.com/arineng/nicinfo > >At a guess, I'd say

Re: Another day, another illicit SQUAT - WebNX (AS18450) 103.11.67.0/24

In message <5815013f.2080...@foobar.org>, Nick Hilliard wrote: >> But my overall point remains. If there were ever to be an election where >> we were all asked who we wanted to see become the once and future Routing >> Police, the RIRs would not be my own personal first

Re: Spitballing IoT Security

In message <20161029180730.ga10...@thyrsus.com>, "Eric S. Raymond" wrote: >You don't build or hire a botnet on Mirai's scale with pocket change. Proof please? Sorry, but I am compelled to call B.S. on the above statement. This is a really important point that I, Krebs, and

Re: Spitballing IoT Security

Hi, Hi, >Put it another way: you bring home a NEST and the first thing you the >expert might do is read the net to figure out which ports to open. Are >you really going to not open those ports? Put onto its own isolated vlan with only internet access. Unfortunately no basic routers that are

Re: Another day, another illicit SQUAT - WebNX (AS18450) 103.11.67.0/24

Ronald F. Guilmette wrote: > Oh, gz! ... > > Showing 1 to 10 of 1,823 entries Yeah, get over it. Number resource transfers are a thing, and this number is only going to increase. > You are correct. In this case, it would have been helpful if APNIC's WHOIS > server returned

Re: Another day, another illicit SQUAT - WebNX (AS18450) 103.11.67.0/24

Ronald F. Guilmette wrote: > I wasn't talking about irrdb. I was just talking about the WHOIS records > for IPv4 allocations within the AFRINIC region. afrinic, ripe ncc and apnic run a combined (+ partially authenticated) irrdb and whois server. > But my overall point remains. If there were

Re: Spitballing IoT Security

On October 29, 2016 at 15:35 beec...@beecher.cc (Tom Beecher) wrote: > "That means the motive was prep for terrorism or cyberwar by a > state-level actor. " > > Or, quite possibly ( I would argue probably) it was marketing. Show off the > capabilities of the botnet to garner more interest

Re: Spitballing IoT Security

"That means the motive was prep for terrorism or cyberwar by a state-level actor. " Or, quite possibly ( I would argue probably) it was marketing. Show off the capabilities of the botnet to garner more interest amongst those who pay for use of such things. On Sat, Oct 29, 2016 at 2:07 PM, Eric

Re: Another day, another illicit SQUAT - WebNX (AS18450) 103.11.67.0/24

In message <58146e84.3030...@foobar.org>, Nick Hilliard wrote: >> P.S. I may be wrong about this, but it has come to my attention that >> many, most, or all of the WHOIS records reflecting allocations made by >> the AFRINIC RIR are utterly devoid of either (a) information

Re: Spitballing IoT Security

On 2016-10-29 14:07, Eric S. Raymond wrote: > You don't build or hire a botnet on Mirai's scale with pocket change. > And the M.O. doesn't fit a criminal organization - no ransom demand, > no attempt to steal data. it is wrong to underestimate script kiddies and open source code. It is wrong to

Re: Another day, another illicit SQUAT - WebNX (AS18450) 103.11.67.0/24

In message <5814696f.3060...@foobar.org>, Nick Hilliard wrote: >Ronald F. Guilmette wrote: >> I always start with whatver whois.iana.org has to >> say. And it says that that 103.0.0.0/8 belongs to APNIC, so of course, >> I only looked at what whois.apnic.net had to say about

Re: Spitballing IoT Security

On October 29, 2016 at 14:07 e...@thyrsus.com (Eric S. Raymond) wrote: > b...@theworld.com : > > > > On October 28, 2016 at 22:27 l...@satchell.net (Stephen Satchell) wrote: > > > On 10/28/2016 10:14 PM, b...@theworld.com wrote: > > > > Thus far the goal just seems to

Re: Spitballing IoT Security

b...@theworld.com : > > On October 28, 2016 at 22:27 l...@satchell.net (Stephen Satchell) wrote: > > On 10/28/2016 10:14 PM, b...@theworld.com wrote: > > > Thus far the goal just seems to be mayhem. > > > > Thus far, the goal on the part of the botnet opearators is to make

Re: Spitballing IoT Security

On October 28, 2016 at 22:27 l...@satchell.net (Stephen Satchell) wrote: > On 10/28/2016 10:14 PM, b...@theworld.com wrote: > > Thus far the goal just seems to be mayhem. > > Thus far, the goal on the part of the botnet opearators is to make > money. The goal of the CUSTOMERS of the botnet

RE: IPv6 automatic reverse DNS

On Friday, 28 October, 2016 19:37, Steve Atkins wrote: > > On Oct 28, 2016, at 6:04 PM, Karl Auer wrote: > >> 1b) anti spam filters believe in the magic of checking > >> forward/reverse match. > > Someone in this thread said that only

RE: IPv6 automatic reverse DNS

Thanks for the clarification, Wes. Has anyone proposed the method of publishing v6 PTRs on-the-fly as addresses are observed passing through an ISP's router? Andrew Ληdrеw Whiте Charter Network Operations - DAS DNS Desk: 314-394-9594 ? Cell: 314-452-4386 andrew.whi...@charter.com

Re: IPv6 automatic reverse DNS

> On Oct 28, 2016, at 11:03 PM, White, Andrew wrote: > > There are two competing drafts for synthetic rule-based PTR responses for > IPv6 rDNS: > > Howard Lee, Time Warner Cable (now Charter) > https://tools.ietf.org/html/draft-howard-isp-ip6rdns-08 > > J.

Re: Another day, another illicit SQUAT - WebNX (AS18450) 103.11.67.0/24

On Oct 29, 2016, at 5:18 PM, Nick Hilliard wrote: > There > are 5 RIRs, so 20 different ways for data to flow, and IANA is no longer > authoritative for the address space once its been RIR-allocated. While true, hopefully referrals in RDAP will address the need to identify

Re: Another day, another illicit SQUAT - WebNX (AS18450) 103.11.67.0/24

Ronald F. Guilmette wrote: > In my actual comment I merely noted that RIRs are in fact -not- the > Internet Police, and that none of them have ever displayed even the > slightest desire to become that (and indeed, when asked, they have, > without exception, exhibited a clear desire -not- to be

Re: Another day, another illicit SQUAT - WebNX (AS18450) 103.11.67.0/24

Ronald F. Guilmette wrote: > I always start with whatver whois.iana.org has to > say. And it says that that 103.0.0.0/8 belongs to APNIC, so of course, > I only looked at what whois.apnic.net had to say about 103.11.67.105. yeah, this prefix was transferred from APNIC to ARIN. You can search

Re: Spitballing IoT Security

Hi Chris, On 10/25/16 1:51 PM, Chris Boyd wrote: >> On Oct 25, 2016, at 3:10 AM, Ronald F. Guilmette >> wrote: >> >> An IoT is -not- a general purpose computer. In the latter case, it is >> assumed that the owner will "pop the hood" when it comes to the software >>

Re: Spitballing IoT Security

Hi Mike, On 10/27/16 11:04 AM, Mike Meredith wrote: > On Thu, 27 Oct 2016 07:59:00 +0200, Eliot Lear > may have written: >> Well yes. uPnP is a problem precisely because it is some random device >> asserting on its own that it can be trusted to do what it wants. Had