Re: Cisco/Level3 takedown

2015-04-11 Thread Mike Hammett
Oh well. Don't do business with dirtbags. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com - Original Message - From: "Mike Jones" To: "Randy Bush" Cc: nanog@nanog.org Sent: Saturday, April 11, 2015 2:37:07 AM Subject:

Re: Cisco/Level3 takedown

2015-04-11 Thread Mike Jones
On 9 April 2015 at 19:16, Randy Bush wrote: >> It does make one wonder why Cisco or Level 3 is involved, why they >> feel they have the authority to hijack someone else's IP space, and >> why they didn't go through law enforcement. This is especially true >> for the second netblock (43.255.190.0/2

Re: Cisco/Level3 takedown

2015-04-09 Thread Scott Weeks
--- skho...@neutraldata.com wrote: From: Sameer Khosla Was just reading http://blogs.cisco.com/security/talos/sshpsychos then checking my routing tables. Looks like the two /23's they mention are now being advertised as /24's, and I'm also not sure why cisco published the ssh attack dictio

Re: Cisco/Level3 takedown

2015-04-09 Thread Chris Boyd
> On Apr 9, 2015, at 3:01 PM, Matt Olney (molney) wrote: > > In response to Sameer Khosla's comment that we should work with the entire > service provider community: > > Talos is the threat intelligence group within Cisco. We absolutely > welcome discussions with any network operator on how we

Re: Cisco/Level3 takedown

2015-04-09 Thread Matt Olney (molney)
In response to Sameer Khosla's comment that we should work with the entire service provider community: Talos is the threat intelligence group within Cisco. We absolutely welcome discussions with any network operator on how we can improve the state of security on the Internet. Please contact me d

RE: Cisco/Level3 takedown

2015-04-09 Thread Steve Mikulasik
Seems like it this is pretty ineffective. The group already moved subnets once, they will likely do this again, all Cisco/L3 have done is slow them down a bit. Stephen Mikulasik -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Sameer Khosla Sent: Thursday, Ap

Re: Cisco/Level3 takedown

2015-04-09 Thread Barry Shein
Warrior Nun Areala wears a black hat. http://en.wikipedia.org/wiki/Warrior_Nun_Areala -b On April 9, 2015 at 18:29 m...@beckman.org (Mel Beckman) wrote: > Wrong. Batman, for example, wears a black hat. > > -mel via cell > > On Apr 9, 2015, at 11:17 AM, "Randy Bush" wrote: > > >

Re: Cisco/Level3 takedown

2015-04-09 Thread Christopher Morrow
folk are getting kinda bent out of shape about this, and about L3 doing 'something' but look at: what's 4134 doing there? This one as well:

Re: Cisco/Level3 takedown

2015-04-09 Thread Christopher Morrow
On Thu, Apr 9, 2015 at 2:52 PM, Jeff Shultz wrote: > I think that, properly, Batman wears a cowl, not a hat. > "... the details of his costume from time to time, it is most often depicted as consisting of: matching black (or blue) scalloped cape, bat-like co

Re: Cisco/Level3 takedown

2015-04-09 Thread Bill Woodcock
> On Apr 9, 2015, at 11:29 AM, Mel Beckman wrote: > > Wrong. Batman, for example, wears a black hat. Thank you, Mask Man. -Bill signature.asc Description: Message signed with OpenPGP using GPGMail

Re: Cisco/Level3 takedown

2015-04-09 Thread Jeff Shultz
I think that, properly, Batman wears a cowl, not a hat. On 4/9/2015 11:29 AM, Mel Beckman wrote: Wrong. Batman, for example, wears a black hat. -mel via cell

Re: Cisco/Level3 takedown

2015-04-09 Thread jim deleskie
Just to add to the noise I think batman wears a black mask/helmet, but I've never considered it a mask. I didn't look at the details on this, but did L3 sink the routes at their border or did they expressly announce the route to sink it? -jim On Thu, Apr 9, 2015 at 3:35 PM, Randy Bush wrot

Re: Cisco/Level3 takedown

2015-04-09 Thread Randy Bush
> Wrong. Batman, for example, wears a black hat. >> vigilantes always wear white hats. i stand corrected

Re: Cisco/Level3 takedown

2015-04-09 Thread Mel Beckman
Wrong. Batman, for example, wears a black hat. -mel via cell On Apr 9, 2015, at 11:17 AM, "Randy Bush" wrote: >> It does make one wonder why Cisco or Level 3 is involved, why they >> feel they have the authority to hijack someone else's IP space, and >> why they didn't go through law enforceme

Re: Cisco/Level3 takedown

2015-04-09 Thread Randy Bush
> It does make one wonder why Cisco or Level 3 is involved, why they > feel they have the authority to hijack someone else's IP space, and > why they didn't go through law enforcement. This is especially true > for the second netblock (43.255.190.0/23), announced by a US company > (AS26484). vigil

Re: Cisco/Level3 takedown

2015-04-09 Thread Steve Noble
I was wondering why a non-allocated AS was being allowed to announce the blocks but it appears that APNIC has revoked the 63854 ASN? http://wq.apnic.net/apnic-bin/whois.pl?searchtext=AS63854&object_type=aut-num Based on google's cache, it was still there late March. BGP routing table entry for 1

Re: Cisco/Level3 takedown

2015-04-09 Thread Blake Hudson
Reading the article, I assumed that perhaps Level 3 was an upstream carrier, but RIPE stats shows that the covering prefix (103.41.120.0/22) is announced by AS63509, an Indonesian organization. It looks like they're fighting back by announcing their own /24 now. I love the AS's address: descr:

Re: Cisco/Level3 takedown

2015-04-09 Thread Christopher Morrow
On Thu, Apr 9, 2015 at 11:31 AM, Sameer Khosla wrote: > Was just reading http://blogs.cisco.com/security/talos/sshpsychos then > checking my routing tables. > > Looks like the two /23's they mention are now being advertised as /24's, and > I'm also not sure why cisco published the ssh attack dic