swinog October 2016

swinog@lists.swinog.ch

20 participants
12 discussions

SwiNOG-BE162 - Beer Event 162 - Christmas Dinner @ Chässtube Rehalp / ZH, Monday, 2016-12-12

by Emanuel Kleindienst

****Christmas Dinner**** Dear SwiNOGers, Let's have our Christmas Dinner with Cheese fondue, Kirsch and beer (if you like) at Rehalp!!! Place limit 12 for now, may be extended to 15 max. Upcoming events for 2017 will be announced shortly. Looking forward seeing you! Emanuel, Mobile +41 79 382 73 77, Email emanuel(a)vshn.ch Details for the next event: ----------------------------------------------- Event: SwiNOG-BE162 - Beer Event 162 - Christmas Dinner When? Monday, 12th December 2016 18:30 Where? Chässtube Rehalp Forchstrasse 359, 8008 Zürich, Tel. +41 44 381 01 80 http://www.chaesstube-rehalp.ch (GoogleMaps Link: http://goo.gl/maps/ur3Lq) Places avaiable? 12 !! Please sign up if you're really coming - because the seats are limited! !! ----------------------------------------------- Registration: Start: Wednesday, 26th October 2016 - 10:00 Stop: Friday, 9th December 2016 - 18:00 Reg-URL: http://swinog.be/ ----------------------------------------------- Since we have to make reservations, I need to know who's coming and who not. If you can't attend and you're registered please inform me ASAP (+41 79 382 73 77). greetings Emanuel Kleindienst

6 years, 3 months

Re: [swinog] blackhole-1.iana.org : no servers could be reached

by Christian Fahrni

Hi Julien Yes, we are experiencing the same issues recently with ptr-requests forwarded to the iana blackhole nameservers. # dig -x 10.0.0.100 @blackhole-1.iana.org ;; global options: +cmd ;; connection timed out; no servers could be reached We now configured our nameservers to respond to those requests immediately without sending the queries to internet servers, which they shouldn't do anyway for RFC1918 IPs [1][2] Regards, Christian [1] https://deepthought.isc.org/article/AA-00800/0 [2] https://www.iana.org/help/abuse-answers -> Information about "Blackhole" Servers 2016-10-27 16:13 GMT+02:00 <maj(a)mbuf.net>: > Hi, > are there some people experiencing issues on some AS when using > iana blackhole nameservers for localnets? > > I usually meet this response for instance: > dig 172.16.1.1 @blackhole-1.iana.org > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 34667 > ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 > ;; WARNING: recursion requested but not available > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 4096 > ;; QUESTION SECTION: > ;172.16.1.1. IN A > > ;; Query time: 46 msec > ;; SERVER: 192.175.48.6#53(192.175.48.6) > ;; WHEN: Thu Oct 27 16: > > > But I don't get any reply packet on AS8220 (COLT). > dig 172.16.1.1 @blackhole-1.iana.org > ;; global options: +cmd > ;; connection timed out; no servers could be reached > > thank you. > > -- > |_|0|_| julien mabillard > |_|_|0| OpenPGP key fingerprint : F009 EFD0 8060 50FE DE07 4953 0E57 5BB0 8284 EF08 > |0|0|0| > > > _______________________________________________ > swinog mailing list > swinog(a)lists.swinog.ch > http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

6 years, 4 months

blackhole-1.iana.org : no servers could be reached

by maj＠mbuf.net

Hi, are there some people experiencing issues on some AS when using iana blackhole nameservers for localnets? I usually meet this response for instance: dig 172.16.1.1 @blackhole-1.iana.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 34667 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;172.16.1.1. IN A ;; Query time: 46 msec ;; SERVER: 192.175.48.6#53(192.175.48.6) ;; WHEN: Thu Oct 27 16: But I don't get any reply packet on AS8220 (COLT). dig 172.16.1.1 @blackhole-1.iana.org ;; global options: +cmd ;; connection timed out; no servers could be reached thank you. -- |_|0|_| julien mabillard |_|_|0| OpenPGP key fingerprint : F009 EFD0 8060 50FE DE07 4953 0E57 5BB0 8284 EF08 |0|0|0|

6 years, 4 months

RIPE Atlas Probes

by Massimiliano Stucchi

Hi all, next week I will be at SWINOG #30, and I will be bringing some RIPE Atlas Probes. If you're interested in getting one of them, please send me an email, so that I can reserve one and have an idea of how many to bring. If you don't know what RIPE Atlas is, and want to know more, you can find information at https://atlas.ripe.net. Ciao! -- Massimiliano Stucchi RIPE NCC mstucchi(a)ripe.net Follow us on Twitter for the fastest and latest RIPE NCC Training news! @TrainingRIPENCC

6 years, 4 months

infomaniak mail admin

by Thomas Lademann

Hi all Could a infomaniak mail admin contact me offlist? We have delivery problems to mta-gw.infomaniak.ch. regards Thomas

6 years, 4 months

SwiNOG-BE160 - Beer Event 160 @ Don Weber Zurich, Monday, 2016-10-24

by Emanuel Kleindienst

Dear SwiNOGers, Let's have some Beer & Food at Don Weber! Upcoming events for rest of 2016: > SwiNOG-BE161: Mo, 28.11.16 > SwiNOG-BE162: Mo, 12.12.16 (Christmas dinner) Looking forward seeing you! Emanuel, Mobile +41 79 382 73 77, Email emanuel(a)vshn.ch Details for the next event: ----------------------------------------------- Event: SwiNOG-BE160 - Beer Event 160 When? Monday, 24th October 2016 18:30 Where? Don Weber Heinrichstrasse 213, 8005 Zürich http://www.donweber.ch/ (GoogleMaps Link: http://goo.gl/maps/PqOPb) Places available? 12 !! Please sign up if you're really coming - because the seats are limited! !! ----------------------------------------------- Registration: Start: Friday, 20th October 2016 - 16:15 Stop: Monday, 24th August 2016 - 16:30 Reg-URL: http://swinog.be/ ----------------------------------------------- Since we have to make reservations, I need to know who's coming and who's not. If you can't attend and you're registered please inform me ASAP (+41 79 382 73 77). Cheers, Emanuel Kleindienst

6 years, 5 months

PeeringDB Product Committee Charter Survey / SwiNOG

by Arnold Nipper

Hello PeeringDB users / hello SwiNOG, the PeeringDB Product Committee (PC, [0]) is charged with steering the future product development and running the market outreach efforts to continuously improve the value that PeeringDB delivers to the networks registered with PeeringDB, and the broader community. We're looking for feedback and input from the community on our charter proposal. Please take this short survey [1]. Your input and comments are appreciated! [0] http://docs.peeringdb.com/gov/ [1] https://www.surveymonkey.com/r/JN36DT2 Greetings Arnold -- Arnold Nipper email: arnold(a)nipper.de phone: +49 6224 5593407 2 mobile: +49 172 2650958 fax: +49 6224 5593407 9

6 years, 5 months

## SwiNOG #30 - 04.11.2015 - Agenda ##

by Simon Ryf

Hello dear SwiNOG community We finally have the agenda released for SwiNOG #30 on the Friday 04.11.2015 on top of Gurten. Please register NOW. https://register.swinog.ch/ Agenda http://www.swinog.ch/meetings/swinog30/agenda.asp IoT Security and the Role of the Thing Manufacturer | Eliot Lear (Cisco Systems) While there are predictions of 50bn connected devices by 2020, we do not know how to count the number of types of things. Mechanisms are needed to facilitate connectivity of these devices in a safe and secure way. Both manufacturers and network managers can take steps to see that devices remain secure. This presentation will discuss those roles and two emerging concepts: a bootstrapping mechanism called ANIMA, and way to describe what communications a device is designed to have known as Manufacturer Usage Descriptions. StackStrom & ChatOps | David Gee (Brocade) Thank you to the internet, we have a button that can be used to order anything from Amazon. Facebook receives millions of pictures a day (mostly of cats doing things) and Twitter has infiltrated main stream media. Enterprise IT is falling like an empire once great, almost crumbling within from the pressure of change. Simplify the lifecycle of your cloud with Mirantis Cloud Platform (MCP) | Ivan Ostojic (Juniper) Mirantis brings their Openstack solution with MCP to a next level. To dramatically simplify the lifecycle process, MCP introduces containers orchestrated by Kubernetes. Additionally, a much more scalable SDN controller was needed whereby MCP replaced OVS Neutron by Juniper OpenContrail. This session will explain why Mirantis was looking for a new architecture and covers the details about MCP itself. Why you should take care of the network(s) around you or DDoS Suckz | Will van Gulik (IP-Max SA) Lesson learned from a DDoS at the end of 2015, and best practice to implement to make internet a better place. SwissIX Update | Ulf Kieber (SwissIX) SwissIX Update Whats new with RRDtool and other stories from Tobi Oetiker GitHub account | Tobi Oetiker (OETIKER+PARTNER AG) New tweaks and features of RRDtool and some fancy new tools released on my GitHub account Swiss NREN protection with DNS RPZ | Matthias Seitz (SWITCH) SWITCH has introduced a service based on DNS Response Policy Zone in the Swiss NREN. DNS RPZ extends the DNS with a firewall function that denies access to malicious domains. With this function, malware infection on users' devices and requests for phishing sites will be prevented. In addition, already infected systems can be detected. Furthermore, the users awareness is increased through redirecting the user to an information page. The DNS Toolbox | Jeroen Massar (Farsight Security, Inc.) Presenting a DNS Toolbox, various techniques to make your network safer for you and your users and that you likely already have installed: - RRL: Response Rate Limiting - RPZ: Response Policy Zones - dnstap: Tap the DNS - Passive DNS: View what the Internet has been doing I'll also explain how Passive DNS does involve minimal PII in the labels, but due to the location where one dnstaps does not affect privacy. RFC3021 | Silvan M. Gebhardt (Openfactory) I would like to share some of my experience with RFC3021 and I would like to hear a bit from the crowd how they stand to it and why and what they know about it. How scary is DNSSEC? | Massimiliano Stucchi (RIPE NCC) DNSSEC is a set of extensions for DNS to make it more secure. It involves cryptography, PKI, and a new set of tools to manage it. This talk tries to demistify all the myths about DNSSEC and show that it actually is simpler than it sounds by introducing some of the basics and providing a live example of two key rollovers on a real domain name done on stage. How to increase availability using ExaBGP | André Keller & Manuel Schweizer (VSHN & CloudScale.ch AG) Social Event | Everyone (SwiNOG Community) Yeah - you all know this one ;-) never gets boring Looking so forward to seeing all of you !!!! Simon SwiNOG

6 years, 5 months

Swisscom -> AWS outage 10.10.2016 (via NTT)

by Claudio Kuenzler

Hello all, I'd like to know if anyone else experienced routing problems yesterday on October 10th 2016 from Swisscom networks to Amazon AWS (Ireland). We've had our server connections cut between 1400 and 1450. I'm pretty sure the problem was with NTT, which was the next hop after Swisscom. At 1450 someone (Swisscom or AWS?) changed the routing and the next hop after Swisscom changed to DTAG. Does anyone have more insights who "fixed" it yesterday? Swisscom only responded to our incident ticket that "Amazon uses loadbalancers and therefore several destination ip addresses" and "traceroute has changed since your screenshot" which is not helpful at all. Thanks in advance for any information. ck

6 years, 5 months

E-Mail Hacks

by Mike Kellenberger

Hi all I might be slightly off-topic here, because it's not a network issue, but it might be of interest to some of you anyway and maybe you've had customers which were affected as well. I don't know if this ploy is new, but after having two customers affected within one week, I suspect it is. The customer receives an e-mail with an invoice from his supplier, which he trusts and has worked with in the past. Shortly after this e-mail he receives another e-mail from the same sender and in the exact same layout stating that the company has a new bank account and that this account should be used. The second e-mail is forged of course. We haven't beeen able to find out where the original mail gets captured (most likely on the suppliers client, because in one case, more than one customer of the supplier was affected). The fraudulent bank account was in UK in both cases, in one case the amount was around CHF 6K, where the UK authorities did not get active, in the second case it was a 6 digit amount... That case is still ongoing. The fraudulent bank account was already closed again in both cases when the customer realized that his transaction had gone to the wrong account (usually after the supplier asked if the money had not been transferred yet). Have you had similar cases? Regards, Mike -- Mike Kellenberger | Escapenet GmbH www.escapenet.ch +41 52 235 0700/04 Skype mikek70atwork

6 years, 5 months

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

swinog October 2016