swinog March 2016

swinog@lists.swinog.ch

27 participants
12 discussions

ISOC-CH invites to Internet Policy Topics, Fri 08.04.2016, 13:00, Bern

by Jan Boogman

HI, We, the Internet Society Switzerland Chapter (ISOC-CH), cordially invite you to our presentation and discussion session taking place on Friday, 8th of April, 13:00-17:30, at the University of Bern (next to central railway station). http://www.isoc.ch/events/annual-general-assembly-2016 We offer you an interesting program, around the currently hot topics in the Swiss Internet landscape: Surveillance (BÜPF/NDG), Network Neutrality and Network Blocking, with speakers from Digitale Gesellschaft, the telecommunications regulator (BAKOM/OFCOM), Pirate Party and others. We encourage the audience to ask questions and contribute to a successful discussion on the topics. The event is open to everybody interested in matters around the Internet and free of change. Right after these sessions, we invite the participants to an apéro riche. (After the apéro riche ISOC-CH will held it annual General Assembly.) Please find more information, updates and registration on: http://www.isoc.ch/events/annual-general-assembly-2016 The room capacity is limited. Therefore we kindly ask you to register latest by April 6th. This event is open to everyone interested in Internet related topics in Switzerland. In case of a shortage of places, ISOC-CH members are given priority. We are looking forward to meet you on April 8th! All the best, ISOC-CH Board

7 years

TR-069 & Security / Swisscom Router

by Nico Schottelius

Hello Swinog, we've recently audited a small network and found that the customer configured devices were relatively secure configured. However the Swisscom Router/WiFi device (Zylex P-870HN-53b) seems to have the old uPNP exploit with a firmware that is not being updated anymore (upnp was disabled though - so this is hopefully not a big issue). However, when scanning the router from outside, the port 7547 is openly reachable from the internet, which turns out to be TR 069 [0]. My question to the list is, if anyone can comment on the security of TR-069? And if it is a potential or real security problem to have the port open world wide? We have never used TR-069 it so far, but my assumption would be that this port should only be reachable from a Swisscom admin network, however it is open world wide. As far as I can see the communication on port 7547 is plain http with http auth, which doesn't look very safe to me. Does anyone here use TR-069 and if so, what is your the default policy for accessing the port? Thanks a lot for your help and greetings from the last snow! Nico [0] https://en.wikipedia.org/wiki/TR-069 -- Werde Teil des modernen Arbeitens im Glarnerland auf www.digitalglarus.ch! Lese Neuigkeiten auf Twitter: www.twitter.com/DigitalGlarus Diskutiere mit auf Facebook: www.facebook.com/digitalglarus

7 years

Swisscom now peering with Netflix

by Fredy Kuenzler

In case you missed it: Swisscom now peering with Netflix after big shitstorm in social media and general media yesterday and today. http://pastebin.com/sgwD3qfh I suppose the peering policy of Swisscom is now obsolete, as well as their monetizing OTT strategy. It's a good day for real netneutrality, not the crippled version of some larger Swiss operators. -- Fredy Kuenzler --------------------- Fiber7. No Limits. https://www.fiber7.ch --------------------- Init7 (Switzerland) Ltd. AS13030 St.-Georgen-Strasse 70 CH-8400 Winterthur Skype: flyingpotato Phone: +41 44 315 4400 Fax: +41 44 315 4401 Twitter: @init7 / @kuenzler http://www.init7.net/

7 years

Big Caarrier break the net

by Roger

Just after tracing an shacking connection i discovered some icmp discrepancy and look what the trace says 6 embratel-G2-0-0-gacc12.rjo.embratel.net.br (201.39.103.69) [AS8151/AS4230/AS28513] 80.158 ms 73.268 ms 73.223 ms 7 200.244.165.238 (200.244.165.238) [AS4230/AS28513] 79.789 ms 79.776 ms 79.764 ms 8 200.244.216.75 (200.244.216.75) [AS4230/AS28513] 76.048 ms 200.244.216.43 (200.244.216.43) [AS4230/AS28513] 73.003 ms 72.954 ms 9 ebt-BP1224-intl04.mianap.embratel.net.br (200.230.251.130) [AS4230/AS8151/AS28513] 191.910 ms 195.430 ms ebt-BP1214-intl04.mianap.embratel.net.br (200.230.220.22) [AS4230/AS8151/AS28513] 195.714 ms 10 ae52.edge1.Miami2.Level3.net (4.59.240.117) [AS3356] 199.631 ms 199.988 ms 199.939 ms 11 ae-13-3505.car3.Washington1.Level3.net (4.69.158.145) [AS3356] 229.746 ms 229.744 ms 229.693 ms 12 4.68.72.14 (4.68.72.14) [AS3356] 200.297 ms 199.644 ms 199.665 ms 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 62.179.16.54 (62.179.16.54) [AS9141] 320.477 ms 303.223 ms 305.160 ms 19 * * * 20 * * * yeah .. who wonders, the last seen hop seems to be there where maybe your missed car allready is ;) the target is an unnamed swiss hoster in Kanton ZH ;)

7 years

SwiNOG-BE153 - Beer Event 153 @ Don Weber / ZH, Tuesday, 2016-03-29

by Emanuel Kleindienst

Dear SwiNOGers, Let's have some Beer & Food at DON WEBER! Upcoming events for rest of 2016: > SwiNOG-BE154: Mo, 25.4.16 > SwiNOG-BE155: Mo, 23.5.16 > SwiNOG-BE156: Mo, 27.6.16 > SwiNOG-BE157: Mo, 25.7.16 (summer vacations...) > SwiNOG-BE158: Mo, 29.8.16 > SwiNOG-BE159: Mo, 26.9.16 > SwiNOG-BE160: Mo, 24.10.16 > SwiNOG-BE161: Mo, 28.11.16 > SwiNOG-BE162: Mo, 12.12.16 (Christmas dinner) Looking forward seeing you! Emanuel, Mobile +41 79 382 73 77, Email emanuel(a)vshn.ch Details for the next event: ----------------------------------------------- Event: SwiNOG-BE153 - Beer Event 153 When? Tuesday, 29th March 2016 18:30 Where? Don Weber Heinrichstrasse 213, 8005 Zürich http://www.donweber.ch/ (GoogleMaps Link: http://goo.gl/maps/PqOPb) Places avaiable? 16 !! Please sign up if you're really coming - because the seats are limited! !! ----------------------------------------------- Registration: Start: Friday, 4th March 2016 - 18:35 Stop: Tuesday, 29th March 2016 - 16:00 Reg-URL: http://swinog.be/ ----------------------------------------------- Since we have to make reservations, I need to know who's coming and who's not. If you can't attend and you're registered please inform me ASAP (+41 79 382 73 77). Cheers, Emanuel Kleindienst

7 years

Re: [swinog] Reject von hotmail.com -- also Swiss providers do this nonsense

by Charles Buckley

I have also been having trouble with my Swiss provider (hosttech) making such insane spam rejections. 1. Recently I travelled to Germany, and stayed at a hotel using Deutsche Telekom as broadband provider. Apparently the entire DT DSL pool appears on two blacklists, so Hosttech just ignore them. No error message is returned, just a timeout -- a behavior so typical of Swiss bureaucracy. I got around this by using Google or GMX to send my mails. Hosttech first tried to tell me my settings were wrong (not likely), but finally had to confess that they were the problem. 2. Some time ago, I sent an email message containing the name of a Rumanian colleague in the body. That time I got an error message saying 'This server doesn't like spam.' I took the Rumanian name out, left everything else the same (except the recipient address, as the mail no longer made sense to the original recipient) and the mail went through fine. Concerning the first problem, Hosttech claim they fear getting on blacklists themselves, or that evil scripts might get uploaded to the SMTP server. I've never heard of such a thing, but even if it were true, since they use SMTP-Auth, isn't it enough to insist that the SMTP-Auth credentials are restricted to users who don't send spam, and to block the credentials of those who do? Why make something simple so bureaucratically difficult and obnoxious? To expect a user travelling on business to drop everything in their busy schedule to get IP addresses out of a DSL pool removed from blacklists by contacting a local broadband administration with whom they are not customers strikes me as completely unreasonable. Charles Buckley -----Original Message----- From: swinog-bounces(a)lists.swinog.ch [mailto:swinog-bounces@lists.swinog.ch] On Behalf Of Jeroen Massar Sent: 18 March, 2016 10:03 To: swinog(a)lists.swinog.ch Subject: Re: [swinog] Reject von hotmail.com On 2016-03-18 09:47, Franco Hug wrote: > Hoi zaema, > > Ich beobachte das gleiche Verhalten mit contabo.de, aus dem Netz 178.238.224.0/22, evtl. gar 178.238.224.0/20 ... > >> DE-GIGA-HOSTING-20100728 178.238.224.0 - 178.238.239.255 >> CONTABO 178.238.224.0 - 178.238.227.255 > > Da scheint das ganze Netz auf einer Migro$oft Blacklist gelandet zu sein. > >> 550 SC-001 (BAY004-MC3F37) Unfortunately, messages from >> 178.238.227.40 weren't sent. Please contact your Internet service >> provider since part of their network is on our block list. You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. > > Bei den einschlaegig bekannten blacklists ist das Netz auf jeden Fall nicht gelistet. > > In der Tat hatte ich selbst innerhalb der letzten 3 Monate 1x ein Spam-Mail aus diesem Netz erhalten. > Eigentlich nichts Aussergewoehnliches, hin und wieder flutscht halt > mal was durch bei diesen grossen Providern. Dass deswegen ein ganzes > Netz gelistet wird, und somit auch Unschuldige betroffen sind, ist aergerlich. Umso mehr, weil nicht wirklich klar ist, was man genau tun muss, um das Problem zu beheben. Registriere bei postmaster.live.com ... (yep, und auch bei google etc, die grossen haben kein lust um spam zu empfangen, so schieben sie das auf der ISPs die gerne mail wollen schicken) Richtige WHOIS, reverse DNS, SPF + DKIM und naturlich funktionierende abuse@ und abuse mail auch richtig behandeln. abuse-c oben ist abuse(a)contabo.de und wann dort sage 50 /24s hin gehen und aus der 50, 1 /24 viel spam geschickt werde und abuse@ das nicht losst, dan werd gleich die andere 50 auch als 'reagiert nicht' markiert, also.. rufe deine ISP an und frage mal nach ob die abuse behandeln... Greets, Jeroen _______________________________________________ swinog mailing list swinog(a)lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

7 years

Reject von hotmail.com

by Klaus Ethgen

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hallo folks, zur Zeit bekomme ich meine Mails an hotmail.com-Adressen mit der Meldung "550 SC-001 (COL004-MC2F18) Unfortunately, messages from 5.9.7.51 weren't +sent. Please contact your Internet service provider since part of their network is on our block list. You can +also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors." abgelehnt. Auch mails an postmaster werden, entgegen jeglichen gültigen Standards mit der selben Meldung quitiert. Die IP 5.9.7.51 ist meine Outgoing-Adresse und ist seit Jahren der valide Mailserver meiner Domains. Ich kann auch ausschließen, daß über die Domain auch nur die geringste Spam oder andere Malware versendet wird. Haben noch andere diese Probleme mit hotmail.com bzw. hat wer eine Kontaktmöglichkeit zu denen? Irgendwie habe ich das Gefühl, das die ihre Server nicht im Griff haben. Gruß Klaus Ethgen - -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <Klaus(a)Ethgen.ch> Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQGcBAEBCgAGBQJW65PzAAoJEKZ8CrGAGfasZ94MALl72j1zpt646JdZ4nplkYir DtRD3CMXB90AjVxgITSGbR4ec8gmcltHsaVAZmgMdEdHQPX3T6uiZYsM40MY5jEj YBhS7GYQglTZWYvYtrGvhsL0ZDR0EWDiTYxqEgsV/5I5qdjzW6Cvk5rZN7eS+HS9 1X17H9AtUW5hi5cuVI5EmHMENtys0T0tyOdjt6rBcQ/IvPFVPeK5HSGSMStd6Wx5 jBGkyBmvvZpP0IsNdjwoUpeQMAhDmsulM3MJtfZ3lQBEy/OTDXB55UzJh2Wpp6ey k/JycZrE7Z6m6xnkjP/fr48VWDLV3gm8TMNMVepGw0pel4xOBSR43HnCagFjOU6c gBmPiuXhnBdmuwpIv5q2zTlMfCqJkgntPUyG3xHFb9D9prt7EQo4YLvsLr7CkUTh oSw81dTOXivW080T3P9IsPBokSQZWbJhBF93zt4RSoG9SQOXYZzJKTJs3EuzaAEL l0ZH9h906DQjast4x16cKDw0pSFvCvzAsGZEmawxBg== =U4IV -----END PGP SIGNATURE-----

7 years

Re: [swinog] Reject von hotmail.com

by Franco Hug

Hoi zaema, Ich beobachte das gleiche Verhalten mit contabo.de, aus dem Netz 178.238.224.0/22, evtl. gar 178.238.224.0/20 ... > DE-GIGA-HOSTING-20100728 178.238.224.0 - 178.238.239.255 > CONTABO 178.238.224.0 - 178.238.227.255 Da scheint das ganze Netz auf einer Migro$oft Blacklist gelandet zu sein. > 550 SC-001 (BAY004-MC3F37) Unfortunately, messages from 178.238.227.40 weren't sent. Please contact your > Internet service provider since part of their network is on our block list. You can also refer your > provider to http://mail.live.com/mail/troubleshooting.aspx#errors. Bei den einschlaegig bekannten blacklists ist das Netz auf jeden Fall nicht gelistet. In der Tat hatte ich selbst innerhalb der letzten 3 Monate 1x ein Spam-Mail aus diesem Netz erhalten. Eigentlich nichts Aussergewoehnliches, hin und wieder flutscht halt mal was durch bei diesen grossen Providern. Dass deswegen ein ganzes Netz gelistet wird, und somit auch Unschuldige betroffen sind, ist aergerlich. Umso mehr, weil nicht wirklich klar ist, was man genau tun muss, um das Problem zu beheben. Deshalb habe ich als quick-fix die IP-Adresse des outgoing MX angepasst. D.h. ich habe das Problem nicht geloest, sondern umschifft... Gruass, Franco ----- Original Message ----- From: "David Schweikert" <david(a)schweikert.ch> To: "Klaus Ethgen" <Klaus+swinog(a)Ethgen.de> Cc: swinog(a)lists.swinog.ch Sent: Friday, March 18, 2016 7:51:42 AM Subject: Re: [swinog] Reject von hotmail.com Hoi Klaus, On Fri, Mar 18, 2016 at 06:36:52 +0100, Klaus Ethgen wrote: > zur Zeit bekomme ich meine Mails an hotmail.com-Adressen mit der Meldung > "550 SC-001 (COL004-MC2F18) Unfortunately, messages from 5.9.7.51 > weren't +sent. Please contact your Internet service provider since part > of their network is on our block list. You can +also refer your provider > to http://mail.live.com/mail/troubleshooting.aspx#errors." abgelehnt. Mein privater Server bei Hetzner wird auch schon seit einigen Monaten von hotmail.com, live.com, etc. blockiert. Ich glaube, dass ganze Netblocks von Hetzner auf automatische Blacklisten gelandet sind. Meine Vermutung ist, dass Hetzner ein spammer-hosting Problem hat. Google hat uebrigens auf "mailop" (eine Mailing-Liste fuer Mail Hoster) gesagt, dass es bei ihnen auch passieren kann, dass ganze netblocks blockiert werden: https://www.mail-archive.com/mailop@mailop.org/msg01042.html Vielleicht koenntest du mit IPv6 versuchen. Oder auch ein Versuchswert ist DMARC. Oder die Mails ueber eine andere IP routen... Gruss David _______________________________________________ swinog mailing list swinog(a)lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

7 years

Router installation in Morge

by Stanislav Sinyagin

hi, I need someone who could install a Cisco router in Morge on 17th of March. This is a quick task, and the customer has already prepared the configuration. Please contact me directly for details. -- Stanislav Sinyagin Senior Consultant, CCIE #5478 ssinyagin(a)k-open.com +41 79 407 0224

7 years

BCP38 deployment in Switzerland Poll

by Grosser Stefan

Hi Everyone, I am currently writing a little thesis about DDoS mitigations and would like to pickup an old topic: BCP38 While searching in the caves of the Swinog archive I didn't found much information in the past about this subject. Only a unanswered Mail-Post from 2014 from Jeroen Massar [1] I would like to know how spoofable Switzerland's ISP/Netowrks are. It would be very nice if some of you Swinogers would participate in my survey. The anonymous poll form "BCP38 deployment in Switzerland" can be found under: http://goo.gl/forms/BO3Fqt9S1U You can also reply to this thread with your personal opinion. On request I can deliver a summary of my my survey. Thanks for participating! Stef [1] http://lists.swinog.ch/public/swinog/2014-February/006040.html

7 years

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

swinog March 2016