Hey all
A friend just told me that Cybernet told him there is a Switzerlandwide Internet Problem.
Does anybody know something?
Cheers
Michele
--------
Online Consulting AG, Michele Capobianco, System Administrator, Weststrasse 38, CH-9500 Wil
Phone +41 (0)71 913 31 31, Fax +41 (0)71 913 31 32
http://www.online.ch, michele.capobianco(a)online.ch<mailto:michele.capobianco@online.ch>
--------
Heyo!
Any others who are being affected?
It looks like our customers Netgear routers (known ones: WNR3500Lv2, WNDR4500)
are asking our DNS Server for the A record of: time-g.netgear.com or time-
a.netgear.com
Instead of an A record reply, they get a CNAME as answer with additional
information the A record of that CNAME. That is what netgear has published on
their DNS Servers.
Those routers are not happy with that reply and just start sending several
hundred requests per second for A time-g.netgear.com resulting in considerable
load and traffic on our DNS caches. Some customers have already transfered
35GB of DNS traffic, only since today midnight.
I have contacted netgear technical support. The issue is yet unknown to them.
They got my pcap files to analyze :-)
Any others observing that behaviour of netgear products? Any know remedies?
Mit freundlichen Grüssen
Benoit Panizzon
--
I m p r o W a r e A G -
______________________________________________________
Zurlindenstrasse 29 Tel +41 61 826 93 07
CH-4133 Pratteln Fax +41 61 826 93 02
Schweiz Web http://www.imp.ch
______________________________________________________
The IANA AS Numbers registry has been updated to reflect the allocation of 1 block to ARIN in 2013-05-30:
62464-63487
You can find the IANA AS Numbers registry at:
http://www.iana.org/assignments/as-numbers/as-numbers.xml
Regards,
Selina Harrington
*******************************************
Internet Assigned Numbers Authority (IANA)
Internet Corporation for Assigned Names & Numbers
12025 Waterfront Drive, Suite 300
Los Angeles, CA 90094
Phone: +1 310 301 5800
Fax: +1-310-823-8649
*******************************************
Hi there
There's an issue around that the IRC Channel #swinog is in a splitted
state (Link between irc.humppa.ch and irc.swissix.ch).
The reason: It seems that irc.swissix.ch NTP/date is out of sync.
As soon as some1 there has fixed the Issue, the #swinog Channel will have
both part of the brain again (so plz: Administrator of the server, let
Marty jump back/forward to the actual time/date).
Thank you + Best Regards,
Boris
Hmm I thought it is better you'll do the rate limiting on a lower layer.
It's the same fix. you give the customer x queries in y time.
But with RRL I think every query is counted. With iptables you can say, just count the ANY queries.
So it's more specific
Freundliche Grüsse
sasag Kabelkommunikation AG
Michael Richter
Professional Bachelor ODEC in Engineering
mrichter(a)sasag.ch
052 633 01 71
________________________________________
Von: Jeroen Massar [jeroen(a)massar.ch]
Gesendet: Freitag, 24. Mai 2013 13:43
An: Michael Richter
Cc: Benoit Panizzon; swinog(a)swinog.ch
Betreff: Re: [swinog] DDOS DNS Attack by Netgear Products caused by CNAME instead of A record?
On 2013-05-24 12:52 , Michael Richter wrote:
[..]
> What can you do to limit this stupid traffic: - rate limit the
> queries per customer (not really a good idea) - rate limit this
> special kind of queries. (that's the best way at the moment)
>
> I haven't had the time to look into the packets to limit this
> queries. If they are all similiar you can set up a drop filter in the
> iptables like you should already have with the isc.org ANY requests.
> -> Problem not really solved but you should be happy with this :-)
[..]
> but what's the hex string for this kind of query. anybody got it?
You want to deploy RRL.
iptables is not the right location for doing this kind of stuff as you
will have false positives.
Please see http://www.redbarn.org/dns/ratelimits
Greets,
Jeroen
Hallo
Ein sehr guter Freund und sozial engagierter
Unix-/Linux Engineer Spezialist mit gutem
Fachwissen in Apache Server, Security und Netzwerk Bereich
such derzeit eine neue Arbeits Herausforderung.
Bis vor kurzem war er für die Post/Postfinance tätig
wo er unter anderem den Angriff von Anon auf die Post
Infrastruktur nach dem auflösen des Bank Konto von Julian Assange
managen müsste.
Privat hat er unter anderem kürzlich eine Menge Dell Blade Server zum
Teil sogar auf eigene Kosten für diverse Mitglieder der Linux User Group
Bern und für den Linux User Group Schweiz Verein organisiert.
Es wäre super wenn sich jemand der eine Offene Stelle oder besser ein
Mandat für einen Unix-/Linux Engineer kennt sich bei Ihm melden könnte.
Seine Email Adresse für allfällige Fragen und Angebote wäre
gigabyte1(a)gmx.net
Danke im Voraus für eure Kenntnisnahme und Hilfe
Freundliche Grüsse
Romeo
Dear Participants
Please find general information about the SwiNOG #26 meeting below.
Date: 23.05.2013 - Registration 08h15-09h15
Location: Gurtenpark, Bern
Map (in the red circle): http://map.search.ch/d/jjizdm5nt.en.html
Suggested trains from
Geneva: 06h14
Zurich: 07h02
>From Bern main station you may take:
- S-Bahn S3 Belp and exit at Wabern station
- Tram 9 (Wabern) and exit at Gurtenbahn stop
(http://www.bernmobil.ch/file/pdf_fahrplaene/111211/9/9_1_r.pdf)
Then take the Gurtenbahn to the Gurtenpark. You DO NOT have to pay a
fee, just tell you attend to the SwiNOG event.
Dont throw away the ticket - you'll need it to get down.
WIRELESS ACCESS
During the meeting you have access to free WLAN!
- SSID: MOBILE
- Credentials will be printed on your badge
- YOU are responsible for the security of your data, this WLAN is not
encrypted!
Many thanks to our sponsors!
Huawei, Equinix, Level3
See you at SwiNOG #26!
Roman Hochuli
SwiNOG Organisation
For all BSD users and fans: this years EuroBSDcon is on Malta on
the weekend of September 28-29. 2013 with almost 30 high profile
talks. Interesting tutorials by well known tutors are on the
preceding Thursday and Friday. The social event on Saturday evening
is a beach BBQ.
Malta is a great destination and the weather at end of September
is still about 26C during day and 19-20C at night with little chance
of rain. Adding a few days for an extended weekend is a good idea as
well. Malta has many places to explore and has one of the best scuba
diving scenes in the med.
You can still submit your talk proposal until coming Monday. We have
travel expense grants for speakers on an as-needed basis.
The full conference speaker list will be announced mid-June which
is also when the attendee registration opens.
More information here:
Main website: http://2013.eurobsdcon.org/
Exploring Malta: http://2013.eurobsdcon.org/eurobsdcon-2013/side-program/
PS: We're also looking for companies sponsoring the conference in
the range of EUR 1'000 to 5'000. If you're interested or know
someone who may be please contact me directly.
--
Andre
EuroBSDcon 2013 OC Chair