Re: Attacks from poneytelecom.eu

Dovid, Back in September, I documented my poor experience with AS12876 here: https://badpackets.net/ongoing-large-scale-sip-attack- campaign-coming-from-online-sas-as12876/ Since then, their handling of abuse notifications (or lack thereof) has largely remained the same. The volume of malicious tr

Re: AS Numbers unused/sitting for long periods of time

On Tue, Jan 2, 2018 at 4:46 PM, James Breeden wrote: > I.e. some form of ARIN or global policy that basically says "If AS number > not routed or whois updated or used in 24 months, said AS number can be > public noticed via mailing list and website and then revoked and reissued > to a pending, a

Re: Xbox Live and Teredo

While you are at it, you might want to configure a STUN and ICE server, to address streaming UDP. Joe Klein "inveniet viam, aut faciet" --- Seneca's Hercules Furens (Act II, Scene 1) PGP Fingerprint: 295E 2691 F377 C87D 2841 00C1 4174 FEDF 8ECF 0CC8 On Tue, Jan 2, 2018 at 10:19 PM, Martin List-P

Re: AS Numbers unused/sitting for long periods of time

Internet Exchange route servers would be another case that would appear unused to the broader internet, but shouldn't use a private ASN. On 03/01/18 14:40, Christopher Morrow wrote: > On Tue, Jan 2, 2018 at 5:46 PM, James Breeden wrote: > >> >> I'm amazed at the number of AS numbers that are ass

Re: AS Numbers unused/sitting for long periods of time

On 03/01/18 03:40, Christopher Morrow wrote: On Tue, Jan 2, 2018 at 5:46 PM, James Breeden wrote: I'm amazed at the number of AS numbers that are assigned, but not actively being used. 'not actuvely being used' ... how would you (or anyone) know? what if they were used only on some interna

Re: AS Numbers unused/sitting for long periods of time

On Tue, Jan 2, 2018 at 5:46 PM, James Breeden wrote: > > I'm amazed at the number of AS numbers that are assigned, but not actively > being used. 'not actuvely being used' ... how would you (or anyone) know? what if they were used only on some internal part of a large public network which never

Re: Spectrum prefix hijacks

On Tue, Jan 2, 2018 at 9:51 PM, James Milko wrote: > The output I dumped was from route-views.routeviews.org. On affected > prefes you get 7843->6453->nothing unaffected prefixes get > 7843->6453->15169. Unaffected prefixes don't have more specifics from > 10512. My sample size is only 8 thoug

Re: Xbox Live and Teredo

On 02/01/18 23:15, Justin Wilson wrote: These are all Xbox one clients. We don’t hand out IPv6 on this network yet, so I made sure to disable any sort of IPV6 on the interfaces just to be sure because I figured Teredo is tied to v6. The only thing we have not done yet is disable any IPV6 stu

Re: Attacks from poneytelecom.eu

Have you emailed their abuse or NOC teams with the attack logs from their IPs? Sometimes ISP servers or their customer CPEs are compromised without their knowledge. On Wed, 3 Jan 2018 at 1:56 pm, Dovid Bender wrote: > Hi All, > > Lately we have seen a lot of attacks from IPs where the PTR recor

Re: AS Numbers unused/sitting for long periods of time

if AS numbers are unused, what operational difference does it make? but if you have the gloves and long forceps needed to deal with the rir policy , then there is a real need for inter-region AS transfer. randy

Attacks from poneytelecom.eu

Hi All, Lately we have seen a lot of attacks from IPs where the PTR record ends in poneytelecom.eu to PBX systems. A quick search on twitter ( https://twitter.com/hashtag/poneytelecom) shows multiple people complaining that they reported the IP's yet nothing happens. Has anyone had the pleasure of

Re: Spectrum prefix hijacks

The output I dumped was from route-views.routeviews.org. On affected prefes you get 7843->6453->nothing unaffected prefixes get 7843->6453->15169. Unaffected prefixes don't have more specifics from 10512. My sample size is only 8 though with a mix of affected and unaffected users. JM On Tue, J

Re: Spectrum prefix hijacks

it looks like 203040 is a pure transit as (no originated prefixes) and 1103 - surfnet could squish what is your view anyway. On Tue, Jan 2, 2018 at 9:29 PM, Christopher Morrow wrote: > > > On Tue, Jan 2, 2018 at 8:50 PM, James Milko wrote: > >> Not sure if anyone from Spectrum is looking here a

Re: Spectrum prefix hijacks

On Tue, Jan 2, 2018 at 8:50 PM, James Milko wrote: > Not sure if anyone from Spectrum is looking here at this hour, but someone > is hijacking a few of your prefixes. It's causing problems in my area (NC) > with reaching Google services. I'm sure there are other impacts, but > that's what peopl

Spectrum prefix hijacks

Not sure if anyone from Spectrum is looking here at this hour, but someone is hijacking a few of your prefixes. It's causing problems in my area (NC) with reaching Google services. I'm sure there are other impacts, but that's what people are noticing. Sorry if this hits the list twice, I sent it

Re: AS Numbers unused/sitting for long periods of time

On 1/2/18 2:46 PM, James Breeden wrote: And before you come back with "Well they may be using it internally where it doesn't need to be in the GRT" - that's why we have Private AS numbers. I.e. some form of ARIN or global policy that basically says "If AS number not routed or whois updated or

Re: Xbox Live and Teredo

Are you aware: - Microsofts justification for Teredo is to support P2P during the transition to IPv6 dominant networks. - Xbox 360: Console - IPv4 preferred and requires the Microsoft 'custom STUN and security implementation." - Xbox One: Console - IPv6 preferred - Native IPv6+IPSec - R

Re: Threads that never end (was: Waste will kill ipv6 too)

On Tue, Jan 2, 2018 at 4:59 PM, Owen DeLong wrote: > I agree we all have a responsibility to hold the line on addresses being > network identifiers Hi Owen, The delicious irony here is that EUI-64 supporting SLAAC is exactly that: an identifier. If we hold the line there, there is no line. Re

Re: AS Numbers unused/sitting for long periods of time

On Tue, Jan 2, 2018 at 5:46 PM, James Breeden wrote: > I'm amazed at the number of AS numbers that are assigned, but not actively > being used. I'm not talking just like they are offline for a week or month, > this is complete non-use of the AS in the global routing table within > *years*. They a

RE: Xbox Live and Teredo

Hey, Justin. I'll ping you offline to take a closer look. For others on the list, Xbox One uses Teredo for IPv4 P2P NAT traversal for multiplayer and chat. If the consoles are unable to communicate with Teredo servers to generate a Teredo IPv6 address and detect the NAT type that is present, tha

RE: AS Numbers unused/sitting for long periods of time

I think the real issue here will be this : 1. If you are paying an RIR to maintain the registration it is yours to use unless the terms change to require you to justify usage on a recurring basis. 2. If it is pre-RIR I am not sure how you could change the rules at this point to reclaim an AS n

Re: AS Numbers unused/sitting for long periods of time

Dear James, On Tue, Jan 02, 2018 at 10:46:35PM +, James Breeden wrote: > Before I take this to the ARIN PPML, wanted to get NANOG's thoughts. > > I'm amazed at the number of AS numbers that are assigned, but not > actively being used. I'm not talking just like they are offline for a > week or

Re: Xbox Live and Teredo

Time to buy a Xbox for the NOC so you can trouble shoot. All puns intended. Mark > On 3 Jan 2018, at 10:15 am, Justin Wilson wrote: > > These are all Xbox one clients. We don’t hand out IPv6 on this network yet, > so I made sure to disable any sort of IPV6 on the interfaces just to be sure

Re: Xbox Live and Teredo

These are all Xbox one clients. We don’t hand out IPv6 on this network yet, so I made sure to disable any sort of IPV6 on the interfaces just to be sure because I figured Teredo is tied to v6. The only thing we have not done yet is disable any IPV6 stuff on the customer routers. Everyone has

Re: AS Numbers unused/sitting for long periods of time

Inaccurate whois data from ARIN is not a good way to tell anything as ARIN is terrible to deal with when you need to update an address or phone number or anything. I know personally as I had to fight for years to update the data on an ASN that ARIN was billing me to manage the data for. Chr

Re: Xbox Live and Teredo

Once upon a time, Mark Andrews said: > Given that you have IPv6 I would be looking at why the XBOXs are attempting > Teredo at all. I would expect them to use the IPv6 addresses that you are > assigning your customers. The OP didn't say what type of Xbox. IIRC the Xbox 360 does not support IP

Re: Xbox Live and Teredo

Given that you have IPv6 I would be looking at why the XBOXs are attempting Teredo at all. I would expect them to use the IPv6 addresses that you are assigning your customers. Mark > On 3 Jan 2018, at 9:25 am, Justin Wilson wrote: > > Figured the collective here might have an answer. All of

Re: AS Numbers unused/sitting for long periods of time

Just because a number is NOT VISIBLE on the global Internet, it does NOT mean that it is not IN USE. This applies to IPv4 addresses, IPv6 addresses and AS numbers. Apart from legacy IPv4 addresses and legacy AS, these resources require annual payments to maintain the assignment from the RIR. M

Re: AS Numbers unused/sitting for long periods of time

Once upon a time, James Breeden said: > I'm amazed at the number of AS numbers that are assigned, but not actively > being used. I'm not talking just like they are offline for a week or month, > this is complete non-use of the AS in the global routing table within > *years*. They are completely

AS Numbers unused/sitting for long periods of time

Before I take this to the ARIN PPML, wanted to get NANOG's thoughts. I'm amazed at the number of AS numbers that are assigned, but not actively being used. I'm not talking just like they are offline for a week or month, this is complete non-use of the AS in the global routing table within *year

Xbox Live and Teredo

Figured the collective here might have an answer. All of a sudden a network I manage started getting complaints from XBOX live users are getting error messages about “Can’t get Teredo IP address” on their consoles. Is anyone else seeing this wide spread? The Microsoft support default answer i

Re: Anyone else blacklisted this morning by rbl.iprange.net?

But what other people have rightfully pointed out is that his behavior is stupid and against the RFC that covers DNSBLs. And it's not simply MX admins here. You have firewalls that are also affected. If you're going to run a DNSBL to advertise your mail software, perhaps do so in a way that does

Re: Anyone else blacklisted this morning by rbl.iprange.net?

I did finally reach someone at realtimeblacklist.com. They've just today shut down the bogus DNS RBL and said they realize now it was a terrible idea. They read and now understand the RBL RFC and promised not to do it again. I appreciate them taking the time to respond, and hopefully they'll als

Re: Foundry FastIron

On 01/02/2018 04:09 AM, Jeroen Wunnink wrote: In my experience, Brocades in general aren’t very picky when it comes to working with any optic branding. It’s just the DOM that might or might not work. I’ve only ever had 1 vendor show issues with Brocade after an ironware upgrade. This applies t

Re: Anyone else blacklisted this morning by rbl.iprange.net?

As the message said, they use this to force mx admins to remove their entry to stop hammering. I remember other lists did the same. Contact the remote mx admin in order to get this fixed. > Op 2 jan. 2018 om 17:57 heeft Dann Schuler het > volgende geschreven: > > We had a Charter IP address w

Re: Threads that never end (was: Waste will kill ipv6 too)

I agree we all have a responsibility to hold the line on addresses being network identifiers and to some extent network locators (unfortunately). I agree we have a responsibility to sparsely and liberally allocate within reason (where /8 to ITU isn’t within reason, but a /12 might be, and even i

Re: Threads that never end (was: Waste will kill ipv6 too)

On January 1, 2018 at 22:09 trel...@trelane.net (Andrew Kirch) wrote: > Lets say the worst case scenario is that we exhaust IPv6 at a rate > MASSIVELY higher than planned. Can't we all just do this again in like 80 > years? I don't get why anyone cares so much that this thread won't die. >

Re: Anyone else blacklisted this morning by rbl.iprange.net?

LOL! Apparently Level3 (my upstream) at least has blacklisted their IP, way before it gets anywhere near the Netherlands! traceroute rbl.iprange.net traceroute to rbl.iprange.net (80.127.112.180), 64 hops max, 40 byte packets 1 router1.sb.becknet.com (206.83.0.1) 0.862 ms 0.415 ms 0.365 ms

Re: Anyone else blacklisted this morning by rbl.iprange.net?

Apparently they're widely used by firewall-based anti spam, as we seem to be getting blocked a lot by Juniper, Sonicwall, and Palo Alto firewalls. The outfit is listed in https://en.m.wikipedia.org/wiki/Comparison_of_DNS_blacklists, but seem to have very poor communication options (e.g., WhoIs

Re: Anyone else blacklisted this morning by rbl.iprange.net?

On Tue, 2 Jan 2018, Mel Beckman wrote: I woke up this morning to a barrage of complaints from users that our mail servers' outbound emails are bouncing due to a blacklisting. Sure enough, mxtoolbox.com reports that rbl.iprange.net has blacklisted u

Re: Anyone else blacklisted this morning by rbl.iprange.net?

On Tue, Jan 02, 2018 at 04:46:02PM +, Mel Beckman quoted: > "rbl.iprange.net will mark every ip address as listed to force removal of > this server." Apparently they didn't read section 3.4 of RFC 6471: https://tools.ietf.org/html/rfc6471#page-15 Given this behavior on their part, i

RE: Anyone else blacklisted this morning by rbl.iprange.net?

We had a Charter IP address we don’t actually send email from (it is a backup line that would only send mail if our primary line was down) Blacklisted by these guys at 10:50am EST on 1/1/18, then removed at 3:34pm EST on 1/1/18. MXToolBox alerted us to it, I ran a manual check on their portal, w

Anyone else blacklisted this morning by rbl.iprange.net?

I woke up this morning to a barrage of complaints from users that our mail servers' outbound emails are bouncing due to a blacklisting. Sure enough, mxtoolbox.com reports that rbl.iprange.net has blacklisted us for more than a day. However, looking

Re: Carrier IRR Update Frequency

On 1/1/18 10:17 AM, Mike Hammett wrote: Any idea how often Cogent, XO, and Level 3 update their prefix filters from the IRRDBs? Back when I had Level3 circuits, they updated at midnight Mountain time. I don't know if that's still the case, especially now that CenturyLink has gobbled them up

googhle voice hel

any one here work for google voice or know any one who does i need to talk to some help pages aren't helping jimmy

Re: Foundry FastIron

In my experience, Brocades in general aren’t very picky when it comes to working with any optic branding. It’s just the DOM that might or might not work. I’ve only ever had 1 vendor show issues with Brocade after an ironware upgrade. Can always grab a few brocade branded optics from Flexoptix