swinog October 2010

swinog@lists.swinog.ch

42 participants
22 discussions

Switzerlandwide Internet problem
by Michele Capobianco 16 Jul '23

16 Jul '23

Hey all A friend just told me that Cybernet told him there is a Switzerlandwide Internet Problem. Does anybody know something? Cheers Michele -------- Online Consulting AG, Michele Capobianco, System Administrator, Weststrasse 38, CH-9500 Wil Phone +41 (0)71 913 31 31, Fax +41 (0)71 913 31 32 http://www.online.ch, michele.capobianco(a)online.ch<mailto:michele.capobianco@online.ch> --------

8 7

The ISP Association: one for all, all for one
by Pascal Gloor 01 Nov '10

01 Nov '10

Dear SwiNOGers, You may have heard of it (or maybe you joined it); a few weeks ago SwiNOG Org made a special SwiNOG event about lawful intercept. During that event I made an anonymous survey and I was really amazed by some of the results. I'll make it quick; 95% of the audience would like to see the creation of an ISP association (umbrella organisation) representing them towards different authorities and/or towards justice (like the DNS blocking case). During that event I promised the audience that I will personally initiate that process. --- I have created a wiki that will allow the following points, needed for the foundation assembly, to be organised: - Organisation of the location / infrastructure - Writing of the Statutes - Name proposals - Committee candidates All points need to be fully completed in order to organise a consistent foundation assembly. --- How do you proceed to help? Worker: 1) Go to the wiki and create an account. http://www.ispnet.ch 2) Drop me an email with your company name and I will give your account access to the restricted area. 3) Fetch a coffee, red bull or whatever activates your brain and start to help. Internal Lobbyist: 1) Go to your management, talk to them about our issues (new laws, lawful intercept, representation at BAKOM/OFCOM/ÜPF) and how an association could help (need more information? ask me!) 2) Let me know, per email, if you think your company will participate; so we can make a possible list of SMEs willing to be founding members. --- Lets get to the work! I really expect to be able to have the founding assembly before mid of december. All this preparation work can be done within 2 weeks! Really, again, lets get to the work! Sincerely, Pascal Gloor President @ SwiNOG Organisation

10 18

SwiNOG #21 - Call for Presentations and Papers
by Pascal Gloor 30 Oct '10

30 Oct '10

The 21st meeting of the Swiss Network Operators Group (SwiNOG) will be held in Berne on top of the Gurten on November 11th 2010. Important Dates for SwiNOG#21 --------------------------------------------------- For participants: - registration from 01.09.2010 until 31.10.2010 - final publication of agenda, 14.10.2010 For presentations: - call for papers from 23.08.2010 until 24.09.2010 - deadline for receipt of final slides, 05.11.2010 Meeting day: 11.11.2010 Topics for Presentations/Talks --------------------------------------------------- The number and length of presentations per session is not fixed, although due to time constraints we would prefer the length of the presentations to be between 10 to 45 minutes. However proposals for longer/shorter presentations or presentations whose subject falls outside of the topics below are also welcome; please do not hesitate to submit them. Here is a non-exhaustive list of typical SwiNOG meeting topics: - Security - DDOS Mitigation - AntiSpam - IPv6 - Open Source tools - International view of the internet (incidents, outages, measurements) - Routing - Server applications (DNS, Web, etc.) - Legal issues (BÜPF, etc.) - Telecommunication polictics (Net Neutrality, Incumbent monopoly, etc.) Language of Slides and Talks --------------------------------------------------- The whole day will be held in English, therefore we kindly ask you to produce your presentation in English. Submission Guidelines --------------------------------------------------- All submissions must have a strong technical bias and must not be solely promotional for your employer. Please remember that your presentations should be suitable for a target audience of technicians from varied backgrounds, working for companies whose sizes may vary considerably. To submit a proposal for a presentation, we request that you provide the following information to <swinog-core(a)swinog.ch>: * the name of the presenter (and if applicable your affiliation) * a working email address * the name and number of the topic which will contain the presentation * the title of the presentation * its expected length (in minutes) * a short abstract of the presentation (so we know what it is about) We also welcome suggestions for specific presentations which you feel would be valuable to the SwiNOG community. Please be aware that your presentation will be published on the SwiNOG website after the event. We can publish modified slides if requested - it might be that some confidential data will be presented by you which are not intended for publication on the internet. Greetings, Pascal Gloor SwiNOG Core Team General Information (SwiNOG Community) --------------------------------------------------- The Swiss Network Operators Group (SwiNOG) is an informal group of people who are concerned with engineering and operation of the Swiss Internet. SwiNOG exists to enhance the quality of Internet services available in Switzerland. It does this by fostering the free exchange of technical ideas and information between different companies and organisations. SwiNOG is a community for professionals who are operating, designing or researching the Internet. It provides a technical forum where those working on, with and for the Internet can come together to solve problems with every aspect of their (net)work. The meeting is designed to provide an opportunity for the exchange of information among network operators, engineers, researchers and other professionals close to the network community. More information about SwiNOG can be found at http://www.swinog.ch/ Information about the meeting will be published at http://www.swinog.ch/meetings/swinog21/ General Information (SwiNOG Organisation) --------------------------------------------------- The SwiNOG Organisation Association is a non-profit association under article 60 and further of the swiss civil law. It manages the SwiNOG community ressources (domain, web, mailing-lists, etc..) and organises SwiNOG meetings. Contact: SwiNOG Organisation 8000 Zurich Switzerland

2 2

Root Zone DNSSEC KSK Ceremony 3
by Joe Abley 29 Oct '10

29 Oct '10

KSK CEREMONY 3 The third KSK ceremony for the root zone will take place in Culpeper, VA, USA on Monday 2010-11-01. The ceremony is scheduled to begin at 1300 local time (1700 UTC) and is expected to end by 1900 local time (2300 UTC). Video from Ceremony 3 will be recorded for audit purposes. Video and associated audit materials will be published 1 to 2 weeks after the ceremony, and will be available as usual by following the "KSK Ceremony Materials" link at <https://www.iana.org/dnssec/>. ICANN will operate a separate camera whose video will not be retained for audit purposes, but which will instead be streamed live in order to provide remote observers an opportunity to watch the ceremony. The live stream will be provided on a best-effort basis. The live video stream will be available at <http://dns.icann.org/ksk/stream/>. Ceremony 3 will include processing of a Key Signing Request (KSR) generated by VeriSign, and the resulting Signed Key Response (SKR) will contain signatures for Q1 2011, for use in the root zone between 2011-01-01 and 2011-02-28. CONTACT INFORMATION We'd like to hear from you. If you have feedback for us, please send it to rootsign(a)icann.org.

1 0

Used recursive DNS servers in CH...
by Christian 'wiwi' Wittenhorst 27 Oct '10

27 Oct '10

Hello to SwiNOG.... Some time ago, I asked some questions on the usage of *recursive* DNS servers in CH. Thanks to all who participated in the survey. I got answers from most major ISPs, too. As promised, here are the results: (n=79) Server Software: Bind 9.x: 59.5% PowerDNS: 16.5% Microsoft DNS:13.9% djbdns: 11.4% unbound: 8.9% DNSSEC: yes, we use it: 15.2% no, we don't use it: 84.8% (Deadline was: August, 1 2010) Best regards, wiwi

1 0

Cisco Devices for Sale / 2x Cisco ASA5520 / Cisco WS-C4507R + some modules
by Stephan Wolf 27 Oct '10

27 Oct '10

hello all, hopefully I do not break here a subscription-Law, so simply: We have some Cisco parts / devices on Stock, which where nearly never used: 2x Firewall Cisco ASA5520-AIP20-K9 (ASA 5520 Appl w/ AIP-SSM-20, SW,300 VPN, Prs,4GE+1FE,3DES/AES) 1x Switch Cisco WS-C4507R + some modules (2x 24 port 10/100/1000 GBE / 2x V Console / 2x power supply etc They where bought for a project, which was frozen, and there was no fit in other needs / projects. If you see need, please contact me directly in english or german. mailto:swinog-ch@hightowernet.de Detailed product list & photos available on request. Condition of devices: nearly new ASA's where tested only some hours 4507er was in use for about 2-3 months Bougt end 2006. Used in Summer 2007 Will be sold on highest bid. Test before possible, sold without warranty. Device location: near to Zurich Alternatively: do you know company near Zurich, which makes business with buying/selling used hardware in this class ? We simply want to cleanup our stock ASAP. -- Mit freundlichen Grüßen Stephan Wolf mailto:swinog-ch@hightowernet.de

8 7

port 25 outbound
by Manfredo Miserocchi 26 Oct '10

26 Oct '10

Hi all, does none of you use to block port 25 outbound on mailservers ? The question is because it seems that some operators around us (at the moment Vodafone in Italy) does. We all know that this is possible if you allows outbound connections on port 587, but it requires a client reconfiguration. If you actually read RFC 2476 you will see the distinction made between "message transfer" (over port 25) and "message submission". (over port 587). The actual problem is that a mobile customer cannot send out his e-mail from his ISP mailserver, but only from the mobile company one. If this will result true, it will be a strong limitation on the market. May I have your opinion about ? Cheers/Manfredo Warinet Global Services SA Si precisa che le informazioni contenute in questo messaggio sono riservate e ad uso esclusivo del destinatario. Qualora il presente messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo ed a non inoltrarlo a terzi, dandocene gentilmente comunicazione. Grazie. You are hereby informed that this message contains confidential informations intended for the addressee's use only. If yu're not the addressee and have received this message by mistake, please delete it and immediately notify us. You may not copy or disseminate this message to anyone. Thank you.

5 6

Change of dnswl.org operating model
by Matthias Leisi 25 Oct '10

25 Oct '10

Hi, As announced earlier, dnswl.org will change it's operating model. "Heavy users" (defined as those doing > 100'000 queries/24 hours on the public nameservers) and vendors of anti-spam products and services will need a paid subscription. We are now ready to implement the model and will gradually start to enforce it. Since we do not know the current users (all we have are IPs and sometimes hostnames), we will also need to "cut off" users if our attempts at identifying and notifying them fail. The "cut off" may have two of effects: 1) rsync suddenly stops working 2) queries on the public nameservers are refused. We may be able to reinstate access on a case by case basis. As usual, we can be reached at admins/at/dnswl.org (or office/at/dnswl.org for direct access to the people handling the subscriptions). All details are available from http://www.dnswl.org/ -- Matthias

1 0

Tor-nodes...
by Pascal Mainini 23 Oct '10

23 Oct '10

Dear SWINOGers! at the recent SWINOG-specialevent, I talked with a few of you about running tor-exit-nodes. For those not having talked to me or been there, I was asking on behalf of the Swiss Privacy Foundation [1], of which I'm part. We are an approved non-profit organisation in various cantons of Switzerland and operate services that help improve privacy and support the right of freedom to speech, besides providing workshops on related topics. (that was not intended to be some marketing-bubble ;-) At the event, I promised to post on the list a bit more in detail what we plan to do, so that those interested can contact me again - and maybe others can jump up if they like to. We are currently operating two tor-exit-nodes (refer to [2] for informations about tor), together with our german friends from the german privacy foundation [3], these exit nodes are running in germany. For various reasons, we want to start running tor exit nodes in Switzerland by next year and thus are looking for interested parties here, who would be willing to support us. That's basically the story. In technical terms, this means, that we're looking for - either rackspace and connectivity - or possibly some virtually hosted variant (however running an exit-node is quite cpu-intensive and thus probably not really what one wants to do on a shared server). We think that 2-5 rackunits would suffice for our needs in the comming 2-5 years. Of course, this is also quite bandwidth-consuming, however we're capable of limiting that down to almost any number (where too small numbers of course don't make too much sense) - one just needs to be aware, that it's a "full-on" service, generating traffic around the clock. We have some limited budget available as well, which basically consists of the fees and donations to our association. Particularly, as far as possible, we're looking for ISPs with own interests in such technologies, as - like with lots of other things - running tor-services also has a darker side. Of course, the anonymity won't only be used by fine people for doing good things. We are fully aware of that, we believe that supporting the higher goals like anonymity and freedom of speech by far outweighs the abuse of such technologies. It is almost certain, however, that such a server will cause some troubles during it's existence. These troubles can probably range from abuse complaints up to seizure of the server by authorities. For countering that, we do everything we do as transparent as possible. We are willing and want to take over the full abuse-handling for the IPs in question, the machines are specially prepared to show according informations on different ports, appropriate DNS- and WHOIS-entries should be made. I think that's all that needs to be said for now, please apologise if it got a bit lengthy. If you are interested and willing to participate on the subject, please drop me a mail, so we can fix further details and talk about. Thanks a lot and keep up the good work all of you do daily! Pascal [1] http://www.privacyfoundation.ch [2] http://www.torproject.org [3] http://www.privacyfoundation.de

1 0

RANCID alternative
by Stanislav Sinyagin 19 Oct '10

19 Oct '10

hi all, I'm currently working on a new open-source project. Many of you know the imperfections of RANCID software, and this project is made to dramatically change this. In README section at http://github.com/ssinyagin/gerty you will find the short concept overview and more in-depth documentation. At the moment the proof of concept is ready: it can store Cisco configuration into files, as well as output of other commands, such as "show isis neighbors". It will be polished and finalized during next months, and I'll be able to present it at a SwiNOG meeting in Spring or Summer. your feedback will be appreciated. cheers, stan

4 7

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

swinog October 2010