swinog May 2013

swinog@lists.swinog.ch

31 participants
19 discussions

DDOS DNS Attack by Netgear Products caused by CNAME instead of A record?

by Benoit Panizzon

Heyo! Any others who are being affected? It looks like our customers Netgear routers (known ones: WNR3500Lv2, WNDR4500) are asking our DNS Server for the A record of: time-g.netgear.com or time- a.netgear.com Instead of an A record reply, they get a CNAME as answer with additional information the A record of that CNAME. That is what netgear has published on their DNS Servers. Those routers are not happy with that reply and just start sending several hundred requests per second for A time-g.netgear.com resulting in considerable load and traffic on our DNS caches. Some customers have already transfered 35GB of DNS traffic, only since today midnight. I have contacted netgear technical support. The issue is yet unknown to them. They got my pcap files to analyze :-) Any others observing that behaviour of netgear products? Any know remedies? Mit freundlichen Grüssen Benoit Panizzon -- I m p r o W a r e A G - ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 07 CH-4133 Pratteln Fax +41 61 826 93 02 Schweiz Web http://www.imp.ch ______________________________________________________

9 years, 9 months

IANA AS Numbers registry update

by Selina Harrington

The IANA AS Numbers registry has been updated to reflect the allocation of 1 block to ARIN in 2013-05-30: 62464-63487 You can find the IANA AS Numbers registry at: http://www.iana.org/assignments/as-numbers/as-numbers.xml Regards, Selina Harrington ******************************************* Internet Assigned Numbers Authority (IANA) Internet Corporation for Assigned Names & Numbers 12025 Waterfront Drive, Suite 300 Los Angeles, CA 90094 Phone: +1 310 301 5800 Fax: +1-310-823-8649 *******************************************

9 years, 10 months

IRC Network / Swinog / Link down

by bm＠imp.ch

Hi there There's an issue around that the IRC Channel #swinog is in a splitted state (Link between irc.humppa.ch and irc.swissix.ch). The reason: It seems that irc.swissix.ch NTP/date is out of sync. As soon as some1 there has fixed the Issue, the #swinog Channel will have both part of the brain again (so plz: Administrator of the server, let Marty jump back/forward to the actual time/date). Thank you + Best Regards, Boris

9 years, 10 months

WG: DDOS DNS Attack by Netgear Products caused by CNAME instead of A record?

by Michael Richter

Hmm I thought it is better you'll do the rate limiting on a lower layer. It's the same fix. you give the customer x queries in y time. But with RRL I think every query is counted. With iptables you can say, just count the ANY queries. So it's more specific Freundliche Grüsse sasag Kabelkommunikation AG Michael Richter Professional Bachelor ODEC in Engineering mrichter(a)sasag.ch 052 633 01 71 ________________________________________ Von: Jeroen Massar [jeroen(a)massar.ch] Gesendet: Freitag, 24. Mai 2013 13:43 An: Michael Richter Cc: Benoit Panizzon; swinog(a)swinog.ch Betreff: Re: [swinog] DDOS DNS Attack by Netgear Products caused by CNAME instead of A record? On 2013-05-24 12:52 , Michael Richter wrote: [..] > What can you do to limit this stupid traffic: - rate limit the > queries per customer (not really a good idea) - rate limit this > special kind of queries. (that's the best way at the moment) > > I haven't had the time to look into the packets to limit this > queries. If they are all similiar you can set up a drop filter in the > iptables like you should already have with the isc.org ANY requests. > -> Problem not really solved but you should be happy with this :-) [..] > but what's the hex string for this kind of query. anybody got it? You want to deploy RRL. iptables is not the right location for doing this kind of stuff as you will have false positives. Please see http://www.redbarn.org/dns/ratelimits Greets, Jeroen

9 years, 10 months

Unix-/Linux Spezialist sucht neue Arbeits Herausforderung

by LinuXperia

Hallo Ein sehr guter Freund und sozial engagierter Unix-/Linux Engineer Spezialist mit gutem Fachwissen in Apache Server, Security und Netzwerk Bereich such derzeit eine neue Arbeits Herausforderung. Bis vor kurzem war er für die Post/Postfinance tätig wo er unter anderem den Angriff von Anon auf die Post Infrastruktur nach dem auflösen des Bank Konto von Julian Assange managen müsste. Privat hat er unter anderem kürzlich eine Menge Dell Blade Server zum Teil sogar auf eigene Kosten für diverse Mitglieder der Linux User Group Bern und für den Linux User Group Schweiz Verein organisiert. Es wäre super wenn sich jemand der eine Offene Stelle oder besser ein Mandat für einen Unix-/Linux Engineer kennt sich bei Ihm melden könnte. Seine Email Adresse für allfällige Fragen und Angebote wäre gigabyte1(a)gmx.net Danke im Voraus für eure Kenntnisnahme und Hilfe Freundliche Grüsse Romeo

9 years, 10 months

Zensur / Kobik / Sperrungen ?

by Marcel Stutz

Sorry it's in german Hallo zusammen, Hat jemand dass von euch schon gelesen ? http://www.golem.de/news/filesharing-schweiz-will-internetsperren-auf-das-u… Gruss Marcel

9 years, 10 months

SwiNOG #26 is tomorrow!

by Roman Hochuli

Dear Participants Please find general information about the SwiNOG #26 meeting below. Date: 23.05.2013 - Registration 08h15-09h15 Location: Gurtenpark, Bern Map (in the red circle): http://map.search.ch/d/jjizdm5nt.en.html Suggested trains from Geneva: 06h14 Zurich: 07h02 >From Bern main station you may take: - S-Bahn S3 Belp and exit at Wabern station - Tram 9 (Wabern) and exit at Gurtenbahn stop (http://www.bernmobil.ch/file/pdf_fahrplaene/111211/9/9_1_r.pdf) Then take the Gurtenbahn to the Gurtenpark. You DO NOT have to pay a fee, just tell you attend to the SwiNOG event. Dont throw away the ticket - you'll need it to get down. WIRELESS ACCESS During the meeting you have access to free WLAN! - SSID: MOBILE - Credentials will be printed on your badge - YOU are responsible for the security of your data, this WLAN is not encrypted! Many thanks to our sponsors! Huawei, Equinix, Level3 See you at SwiNOG #26! Roman Hochuli SwiNOG Organisation

9 years, 10 months

EuroBSDcon 2013 on Sept. 28-29. 2013 on Malta

by Andre Oppermann

For all BSD users and fans: this years EuroBSDcon is on Malta on the weekend of September 28-29. 2013 with almost 30 high profile talks. Interesting tutorials by well known tutors are on the preceding Thursday and Friday. The social event on Saturday evening is a beach BBQ. Malta is a great destination and the weather at end of September is still about 26C during day and 19-20C at night with little chance of rain. Adding a few days for an extended weekend is a good idea as well. Malta has many places to explore and has one of the best scuba diving scenes in the med. You can still submit your talk proposal until coming Monday. We have travel expense grants for speakers on an as-needed basis. The full conference speaker list will be announced mid-June which is also when the attendee registration opens. More information here: Main website: http://2013.eurobsdcon.org/ Exploring Malta: http://2013.eurobsdcon.org/eurobsdcon-2013/side-program/ PS: We're also looking for companies sponsoring the conference in the range of EUR 1'000 to 5'000. If you're interested or know someone who may be please contact me directly. -- Andre EuroBSDcon 2013 OC Chair

9 years, 10 months

swisscom abuse

by René Caspar

Hi all Can someone from swisscom abuse please contact me off list thanks René -- web-studio caspar Aarbergstrasse 16 3272 Walperswil Tel: +41 32 396 50 60 Fax: +41 32 396 50 61 Mobile: +41 79 471 21 86 E-Mail: rene.caspar(a)web-studio.ch Internet: www.web-studio.ch

9 years, 10 months

Re: [swinog] [swinog-core] bezahlt

by Adrian Schurr

Sensationell, habe das mit den Ferien zwar gelesen aber glatt vergessen. THX -----Ursprüngliche Nachricht----- Von: swinog(a)swinog.ch [mailto:swinog@swinog.ch] Gesendet: Mittwoch, 15. Mai 2013 20:13 An: Adrian Schurr Cc: swinog-core(a)swinog.ch Betreff: Re: [swinog-core] bezahlt Hallo Adrian > Habt Ihr die Bezahlung von meiner Firma erhalten? --snip Just a short notice: Since I'm in holidays the next 2 weeks there is no payment processing. So dont worry if you don't receive a seat confirmation after you paid - I will work this down once I'm back. --snap Unser Buchhalter ist noch ein paar Tage in den Ferien. Wenn du am Dienstag noch nichts gehört hast melde dich nochmal schnell bei uns. -- Best regards, Roman Hochuli SwiNOG Organisation

9 years, 10 months

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

swinog May 2013