Re: backbones filtering unsanctioned sites

2017-02-10 Thread Robert McKay
On 2017-02-10 04:18, Ken Chase wrote: https://torrentfreak.com/internet-backbone-provider-cogent-blocks-pirate-bay-and-other-pirate-sites-170209/ /kc Strange indeed.. but they forgot to ban it on IPv6 - maybe they're trying to push IPv6 adoption! Banning any Cloudflare hosted sites by IP is

Re: Telia network quality

2017-02-10 Thread Jérôme Fleury
Cloudflare issues with Telia are a thing of the past. They remain one of the top Tier1 provider in term of reach and quality. On Thu, Feb 2, 2017 at 11:12 AM, Don wrote: > I heard Telia's quality had been on the decline lately as they were > signing on lots of high-capacity new customers, and Cl

Re: IoT security

2017-02-10 Thread Marco Slater
> As an ISP, scan your customers netrange, and notify customers with known > vulnerable devices. With regards to the current Mirai threat, theres only a > handful of devices that are the most critical importance. IE, biggest > fraction of the infected host pie. Virgin Media in the UK do this for

Same day PDU and power cable suppliers for NYC / Newark

2017-02-10 Thread Timothy Creswick
Hi All, We're after a couple of L5-30 to n * IEC C13 PDUs in the NYC / Newark area on short notice (i.e. same day). Can anyone recommend a local supplier who can help with this? Many thanks in advance, Tim - Timothy Creswick

Re: Updating Geolocation of /24 within corporate /16

2017-02-10 Thread Tyler Conrad
Have you tried submitting a correction to some geolocation services directly yet? Maxmind is pretty heavily used. https://support.maxmind.com/correction-faq/submit-a-correction/how-do-i-submit-a-correction-to-geoip-data/ On Thursday, February 9, 2017, David Sotnick wrote: > Hi NANOG, > > You ha

Re: backbones filtering unsanctioned sites

2017-02-10 Thread Christopher Morrow
On Fri, Feb 10, 2017 at 6:47 AM, Robert McKay wrote: > On 2017-02-10 04:18, Ken Chase wrote: > >> https://torrentfreak.com/internet-backbone-provider-cogent- >> blocks-pirate-bay-and-other-pirate-sites-170209/ >> >> /kc >> > > Strange indeed.. but they forgot to ban it on IPv6 - maybe they're try

Someone's scraping NANOG for phishing purposes again

2017-02-10 Thread Alexander Harrowell
I'm getting suspicious e-mail pretending to come from leading NANOGers. Not the first time this has happened, but you may want to be warned. Yours, Alex Harrowell

Re: Someone's scraping NANOG for phishing purposes again

2017-02-10 Thread Josh Luthman
Thank you for the notice. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Feb 10, 2017 12:42 PM, "Alexander Harrowell" wrote: > I'm getting suspicious e-mail pretending to come from leading NANOGers. Not > the first time this has happened, but y

Re: Someone's scraping NANOG for phishing purposes again

2017-02-10 Thread Alexander Harrowell
Interestingly, the phishes are both using NANOG members' names as forged From: fields, they're also being sent to NANOG people specifically - each one comes with half a dozen addresses of which usually one or two are familiar to me as frequent contributors. On Fri, Feb 10, 2017 at 5:42 PM, Josh Lu

Re: Someone's scraping NANOG for phishing purposes again

2017-02-10 Thread Suresh Ramasubramanian
Or a nanog member might be infected and the malware is scraping his mailbox for bogus froms. Got headers? On 10/02/17, 9:40 AM, "NANOG on behalf of Alexander Harrowell" wrote: I'm getting suspicious e-mail pretending to come from leading NANOGers. Not the first time this has happened,

Re: Someone's scraping NANOG for phishing purposes again

2017-02-10 Thread Andrew Latham
On a great many mailing lists, Suresh is spot on as this looks more like infected user but headers would be good. On Fri, Feb 10, 2017 at 11:46 AM, Suresh Ramasubramanian < ops.li...@gmail.com> wrote: > > Or a nanog member might be infected and the malware is scraping his mailbox for bogus froms.

Weekly Routing Table Report

2017-02-10 Thread Routing Analysis Role Account
This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. The posting is sent to APOPS, NANOG, AfNOG, AusNOG, SANOG, PacNOG, MENOG, SAFNOG, SdNOG, BJNOG, CaribNOG and the RIPE Routing WG. Daily listings are sent to bgp-st...@lists

Re: Someone's scraping NANOG for phishing purposes again

2017-02-10 Thread Rich Kulawiec
On Fri, Feb 10, 2017 at 11:56:02AM -0600, Andrew Latham wrote: > On a great many mailing lists, Suresh is spot on as this looks more like > infected user but headers would be good. Here are a couple recent specimens that appear to fit this pattern:

Re: backbones filtering unsanctioned sites

2017-02-10 Thread Brielle Bruns
On 2/9/17 9:18 PM, Ken Chase wrote: https://torrentfreak.com/internet-backbone-provider-cogent-blocks-pirate-bay-and-other-pirate-sites-170209/ /kc Funny. Someone else got back: "Abuse cannot not provide you a list of websites that may be encountering reduced visibility via Cogent" I alm

Re: backbones filtering unsanctioned sites

2017-02-10 Thread Mike Hammett
Have we determined that this is intentional vs. some screw up? - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com - Original Message - From: "Brielle Bruns" To: nanog@nanog.org Sent: Friday, February 10, 2017 12:28:

Re: backbones filtering unsanctioned sites

2017-02-10 Thread Jason Rokeach
This looks pretty intentional to me. From http://www.cogentco.com/en/network/looking-glass: BGP routing table entry for 104.31.18.30/32, version 611495773 Paths: (1 available, best #1, table Default-IP-Routing-Table) Local 10.255.255.255 (metric 10177050) from 154.54.66.21 (154.54.66.21)

Re: backbones filtering unsanctioned sites

2017-02-10 Thread Mike Hammett
Never attribute to malice that which is adequately explained by stupidity? - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com - Original Message - From: "Jason Rokeach" To: "Mike Hammett" Cc: nanog@nanog.org Sent:

Re: backbones filtering unsanctioned sites

2017-02-10 Thread Ken Chase
>"Abuse cannot not provide you a list of websites that may be encountering >reduced visibility via Cogent" They could, if they kept a list of forward lookups they had done to get IPs that ended up in their blacklists. But just having the IPs it's impossible to get the whole list of possible ho

Re: Someone's scraping NANOG for phishing purposes again

2017-02-10 Thread valdis . kletnieks
On Fri, 10 Feb 2017 13:22:31 -0500, Rich Kulawiec said: > On Fri, Feb 10, 2017 at 11:56:02AM -0600, Andrew Latham wrote: > > On a great many mailing lists, Suresh is spot on as this looks more like > > infected user but headers would be good. The one I found in my mailbox yesterday tends to suppor

Re: backbones filtering unsanctioned sites

2017-02-10 Thread Alistair Mackenzie
Cogent also have a blackhole route-server that they will provide to you to announce /32's for blackholing. The address for this is 66.28.1.228 which is the originator for the 104.31.19.30/3 2 and 104.31.18.30/32 routes. On 10 February 2017 at 18:46, Jason Rokeach wrote:

Re: backbones filtering unsanctioned sites

2017-02-10 Thread Christopher Morrow
On Fri, Feb 10, 2017 at 1:39 PM, Mike Hammett wrote: > Have we determined that this is intentional vs. some screw up? > > if you look at the cogent LG it's pretty clear that the announce reachability for the /20 that includes the tpb /32.. and that the /32 is particularly routed elsewhere, and th

Re: backbones filtering unsanctioned sites

2017-02-10 Thread Ken Chase
And because they're continuing to announce the /20, we run into their blackhole unless we manually filter that /20. This is going to become unworkable in short order once a bigger chunk of the internet starts doing this. /kc On Fri, Feb 10, 2017 at 03:03:11PM -0500, Christopher Morrow said: >O

Re: backbones filtering unsanctioned sites

2017-02-10 Thread Christopher Morrow
On Fri, Feb 10, 2017 at 3:15 PM, Ken Chase wrote: > And because they're continuing to announce the /20, we run into their > blackhole unless we manually filter that /20. This is going to become > unworkable in short order once a bigger chunk of the internet starts doing > this. > > I bet an answe

Re: IoT security

2017-02-10 Thread clinton mielke
It's hilarious they reported on his honeypots :) Kinda surprised I haven't gotten similar letters. I've gotten infected so many times. Amazon certainly noticed my cloud honeypot instances. On Feb 10, 2017 5:48 AM, "Marco Slater" wrote: > > > As an ISP, scan your customers netrange, and notify c

Re: IoT security

2017-02-10 Thread clinton mielke
That being said, I think if other ISPs took virgins lead then we can start getting this population of devices reduced. The hard part is getting overseas ISPs to help with the problem. Most inbound infectious scanning traffic appears to come from China and Vietnam. I need to create some better aggr

Re: backbones filtering unsanctioned sites

2017-02-10 Thread Christopher Morrow
On Fri, Feb 10, 2017 at 2:08 PM, Ken Chase wrote: > >"Abuse cannot not provide you a list of websites that may be > encountering > >reduced visibility via Cogent" > > They could, if they kept a list of forward lookups they had done to get IPs > i think you mean passive-dns .. which is a thin

Re: backbones filtering unsanctioned sites

2017-02-10 Thread Ken Chase
If its not just cogent then we have an even larger issue -- that theres asymetric application of rulings. So we should just assume that if we can't get to something via cogent then all backbones within the same jurisdiction(*) should or will also have the same sites/ips blocked soon? And that it wa

Re: backbones filtering unsanctioned sites

2017-02-10 Thread Christopher Morrow
On Fri, Feb 10, 2017 at 5:30 PM, Ken Chase wrote: > If its not just cogent then we have an even larger issue -- that > theres asymetric application of rulings. So we should just assume > that if we can't get to something via cogent then all backbones > within the same jurisdiction(*) should or wi

Re: IoT security

2017-02-10 Thread Rich Kulawiec
On Tue, Feb 07, 2017 at 08:58:46AM -0500, Ray Soucy wrote: > Ideally a cloud-managed device so that the config wouldn't need > to be rebuilt in the event of a hardware swap. That opens them to a class breach: instead of one getting compromised they *all* get compromised. Better to save the config

Re: backbones filtering unsanctioned sites

2017-02-10 Thread Jean-Francois Mezei
Since 104.31.19.30 is an anycast IP, is it possible that this isn't related to PirateBay but more related to Cogent having a dispute with Cloudfare ? It is counter intuitive for a transit provider to refuse business/traffic, but then again, Cogent has been involved in counter intuituve disputes i

Dev. Mfg & ISP Filtering Requirements as set forth in Florida HB337/SB0870, and under similar bills in about 30 other states...

2017-02-10 Thread Kraig Beahn
There's a bill being widely circulated and passing thru various chambers of at least 30 states right now, commonly being referred to as the HUMAN TRAFFICKING AND CHILD EXPLOITATION PREVENTION ACT, or in Florida's case, we're apparently calling this the "HB 337:Internet Access" bill. Jokes, moral c

Re: Dev. Mfg & ISP Filtering Requirements as set forth in Florida HB337/SB0870, and under similar bills in about 30 other states...

2017-02-10 Thread valdis . kletnieks
On Sat, 11 Feb 2017 03:28:11 +, Kraig Beahn said: > NANOG note: Our objective in starting this tread is not to question the > intent, moral purpose or potential political agendas surrounding Florida > House Bill 337 or bills of similar nature, only it's technical impact on > device manufacture