You may have heard of it (or maybe you joined it); a few weeks ago SwiNOG Org made a special SwiNOG event about lawful intercept. During that event I made an anonymous survey and I was really amazed by some of the results. I'll make it quick; 95% of the audience would like to see the creation of an ISP association (umbrella organisation) representing them towards different authorities and/or towards justice (like the DNS blocking case). During that event I promised the audience that I will personally initiate that process.
I have created a wiki that will allow the following points, needed for the foundation assembly, to be organised:
- Organisation of the location / infrastructure
- Writing of the Statutes
- Name proposals
- Committee candidates
All points need to be fully completed in order to organise a consistent foundation assembly.
How do you proceed to help?
1) Go to the wiki and create an account. http://www.ispnet.ch
2) Drop me an email with your company name and I will give your account access to the restricted area.
3) Fetch a coffee, red bull or whatever activates your brain and start to help.
1) Go to your management, talk to them about our issues (new laws, lawful intercept, representation at BAKOM/OFCOM/ÜPF) and how an association could help (need more information? ask me!)
2) Let me know, per email, if you think your company will participate; so we can make a possible list of SMEs willing to be founding members.
Lets get to the work! I really expect to be able to have the founding assembly before mid of december. All this preparation work can be done within 2 weeks!
Really, again, lets get to the work!
President @ SwiNOG Organisation
The 21st meeting of the Swiss Network Operators Group (SwiNOG) will be held in Berne on top of the Gurten on November 11th 2010.
Important Dates for SwiNOG#21
- registration from 01.09.2010 until 31.10.2010
- final publication of agenda, 14.10.2010
- call for papers from 23.08.2010 until 24.09.2010
- deadline for receipt of final slides, 05.11.2010
Meeting day: 11.11.2010
Topics for Presentations/Talks
The number and length of presentations per session is not fixed, although due to time constraints we would prefer the length of the presentations to be between 10 to 45 minutes.
However proposals for longer/shorter presentations or presentations whose subject falls outside of the topics below are also welcome; please do not hesitate to submit them.
Here is a non-exhaustive list of typical SwiNOG meeting topics:
- Security - DDOS Mitigation - AntiSpam
- Open Source tools
- International view of the internet (incidents, outages, measurements)
- Server applications (DNS, Web, etc.)
- Legal issues (BÜPF, etc.)
- Telecommunication polictics (Net Neutrality, Incumbent monopoly, etc.)
Language of Slides and Talks
The whole day will be held in English, therefore we kindly ask you to produce your presentation in English.
All submissions must have a strong technical bias and must not be solely promotional for your employer.
Please remember that your presentations should be suitable for a target audience of technicians from varied backgrounds, working for companies whose sizes may vary considerably.
To submit a proposal for a presentation, we request that you provide the following information to <swinog-core(a)swinog.ch>:
* the name of the presenter (and if applicable your affiliation)
* a working email address
* the name and number of the topic which will contain the presentation
* the title of the presentation
* its expected length (in minutes)
* a short abstract of the presentation (so we know what it is about)
We also welcome suggestions for specific presentations which you feel would be valuable to the SwiNOG community.
Please be aware that your presentation will be published on the SwiNOG website after the event. We can publish modified slides if requested - it might be that some confidential data will be presented by you which are not intended for publication on the internet.
SwiNOG Core Team
General Information (SwiNOG Community)
The Swiss Network Operators Group (SwiNOG) is an informal group of people who are concerned with engineering and operation of the Swiss Internet.
SwiNOG exists to enhance the quality of Internet services available in Switzerland. It does this by fostering the free exchange of technical ideas and information between different companies and organisations.
SwiNOG is a community for professionals who are operating, designing or researching the Internet. It provides a technical forum where those working on, with and for the Internet can come together to solve problems with every aspect of their (net)work.
The meeting is designed to provide an opportunity for the exchange of information among network operators, engineers, researchers and other professionals close to the network community.
More information about SwiNOG can be found at
Information about the meeting will be published at
General Information (SwiNOG Organisation)
The SwiNOG Organisation Association is a non-profit association under article 60 and further of the swiss civil law. It manages the SwiNOG community ressources (domain, web, mailing-lists, etc..) and organises SwiNOG meetings.
KSK CEREMONY 3
The third KSK ceremony for the root zone will take place in Culpeper,
VA, USA on Monday 2010-11-01. The ceremony is scheduled to begin
at 1300 local time (1700 UTC) and is expected to end by 1900 local
time (2300 UTC).
Video from Ceremony 3 will be recorded for audit purposes. Video
and associated audit materials will be published 1 to 2 weeks after
the ceremony, and will be available as usual by following the "KSK
Ceremony Materials" link at <https://www.iana.org/dnssec/>.
ICANN will operate a separate camera whose video will not be retained
for audit purposes, but which will instead be streamed live in order
to provide remote observers an opportunity to watch the ceremony.
The live stream will be provided on a best-effort basis. The live
video stream will be available at <http://dns.icann.org/ksk/stream/>.
Ceremony 3 will include processing of a Key Signing Request (KSR)
generated by VeriSign, and the resulting Signed Key Response (SKR)
will contain signatures for Q1 2011, for use in the root zone between
2011-01-01 and 2011-02-28.
We'd like to hear from you. If you have feedback for us, please
send it to rootsign(a)icann.org.
Hello to SwiNOG....
Some time ago, I asked some questions on the usage of *recursive* DNS
servers in CH. Thanks to all who participated in the survey. I got
answers from most major ISPs, too.
As promised, here are the results: (n=79)
Bind 9.x: 59.5%
yes, we use it: 15.2%
no, we don't use it: 84.8%
(Deadline was: August, 1 2010)
hopefully I do not break here a subscription-Law, so simply:
We have some Cisco parts / devices on Stock, which where nearly never
2x Firewall Cisco ASA5520-AIP20-K9
(ASA 5520 Appl w/ AIP-SSM-20, SW,300 VPN, Prs,4GE+1FE,3DES/AES)
1x Switch Cisco WS-C4507R + some modules
(2x 24 port 10/100/1000 GBE / 2x V Console / 2x power supply etc
They where bought for a project, which was frozen, and there was no
fit in other needs / projects.
If you see need, please contact me directly in english or german.
Detailed product list & photos available on request.
Condition of devices: nearly new
ASA's where tested only some hours
4507er was in use for about 2-3 months
Bougt end 2006. Used in Summer 2007
Will be sold on highest bid.
Test before possible, sold without warranty.
Device location: near to Zurich
do you know company near Zurich, which makes business with
buying/selling used hardware in this class ?
We simply want to cleanup our stock ASAP.
Mit freundlichen Grüßen
does none of you use to block port 25 outbound on mailservers ? The question is because it seems that some operators
around us (at the moment Vodafone in Italy) does. We all know that this is possible if you allows outbound connections
on port 587, but it requires a client reconfiguration. If you actually read RFC 2476 you will see the distinction made
between "message transfer" (over port 25) and "message submission". (over port 587).
The actual problem is that a mobile customer cannot send out his e-mail from his ISP mailserver, but only from the
mobile company one. If this will result true, it will be a strong limitation on the market.
May I have your opinion about ?
Warinet Global Services SA
Si precisa che le informazioni contenute in questo messaggio sono riservate e ad uso esclusivo del destinatario. Qualora il presente messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo ed a non inoltrarlo a terzi, dandocene gentilmente comunicazione. Grazie.
You are hereby informed that this message contains confidential informations intended for the addressee's use only. If yu're not the addressee and have received this message by mistake, please delete it and immediately notify us. You may not copy or disseminate this message to anyone. Thank you.
As announced earlier, dnswl.org will change it's operating model.
"Heavy users" (defined as those doing > 100'000 queries/24 hours on
the public nameservers) and vendors of anti-spam products and services
will need a paid subscription.
We are now ready to implement the model and will gradually start to
enforce it. Since we do not know the current users (all we have are
IPs and sometimes hostnames), we will also need to "cut off" users if
our attempts at identifying and notifying them fail.
The "cut off" may have two of effects: 1) rsync suddenly stops working
2) queries on the public nameservers are refused. We may be able to
reinstate access on a case by case basis.
As usual, we can be reached at admins/at/dnswl.org (or
office/at/dnswl.org for direct access to the people handling the
subscriptions). All details are available from http://www.dnswl.org/
at the recent SWINOG-specialevent, I talked with a few of you about
running tor-exit-nodes. For those not having talked to me or been there,
I was asking on behalf of the Swiss Privacy Foundation , of which I'm
part. We are an approved non-profit organisation in various cantons of
Switzerland and operate services that help improve privacy and support
the right of freedom to speech, besides providing workshops on related
topics. (that was not intended to be some marketing-bubble ;-)
At the event, I promised to post on the list a bit more in detail what
we plan to do, so that those interested can contact me again - and maybe
others can jump up if they like to.
We are currently operating two tor-exit-nodes (refer to  for
informations about tor), together with our german friends from the
german privacy foundation , these exit nodes are running in germany.
For various reasons, we want to start running tor exit nodes in
Switzerland by next year and thus are looking for interested parties
here, who would be willing to support us.
That's basically the story.
In technical terms, this means, that we're looking for - either
rackspace and connectivity - or possibly some virtually hosted variant
(however running an exit-node is quite cpu-intensive and thus probably
not really what one wants to do on a shared server). We think that 2-5
rackunits would suffice for our needs in the comming 2-5 years.
Of course, this is also quite bandwidth-consuming, however we're capable
of limiting that down to almost any number (where too small numbers of
course don't make too much sense) - one just needs to be aware, that
it's a "full-on" service, generating traffic around the clock. We have
some limited budget available as well, which basically consists of the
fees and donations to our association.
Particularly, as far as possible, we're looking for ISPs with own
interests in such technologies, as - like with lots of other things -
running tor-services also has a darker side. Of course, the anonymity
won't only be used by fine people for doing good things. We are fully
aware of that, we believe that supporting the higher goals like
anonymity and freedom of speech by far outweighs the abuse of such
technologies. It is almost certain, however, that such a server will
cause some troubles during it's existence. These troubles can probably
range from abuse complaints up to seizure of the server by authorities.
For countering that, we do everything we do as transparent as possible.
We are willing and want to take over the full abuse-handling for the IPs
in question, the machines are specially prepared to show according
informations on different ports, appropriate DNS- and WHOIS-entries
should be made.
I think that's all that needs to be said for now, please apologise if it
got a bit lengthy. If you are interested and willing to participate on
the subject, please drop me a mail, so we can fix further details and
Thanks a lot and keep up the good work all of you do daily!
I'm currently working on a new open-source project. Many of you
know the imperfections of RANCID software, and this project is made to
dramatically change this.
In README section at http://github.com/ssinyagin/gerty
you will find the short concept overview and more in-depth documentation.
At the moment the proof of concept is ready: it can store Cisco configuration
into files, as well as output of other commands, such as "show isis neighbors".
It will be polished and finalized during next months, and I'll be able to
present it at a SwiNOG meeting in Spring or Summer.
your feedback will be appreciated.