Hey all
A friend just told me that Cybernet told him there is a Switzerlandwide Internet Problem.
Does anybody know something?
Cheers
Michele
--------
Online Consulting AG, Michele Capobianco, System Administrator, Weststrasse 38, CH-9500 Wil
Phone +41 (0)71 913 31 31, Fax +41 (0)71 913 31 32
http://www.online.ch, michele.capobianco(a)online.ch<mailto:michele.capobianco@online.ch>
--------
HI,
We, the Internet Society Switzerland Chapter (ISOC-CH), cordially invite you to our presentation and discussion session taking place on Friday, 8th of April, 13:00-17:30, at the University of Bern (next to central railway station).
http://www.isoc.ch/events/annual-general-assembly-2016
We offer you an interesting program, around the currently hot topics in the Swiss Internet landscape: Surveillance (BÜPF/NDG), Network Neutrality and Network Blocking, with speakers from Digitale Gesellschaft, the telecommunications regulator (BAKOM/OFCOM), Pirate Party and others. We encourage the audience to ask questions and contribute to a successful discussion on the topics.
The event is open to everybody interested in matters around the Internet and free of change. Right after these sessions, we invite the participants to an apéro riche.
(After the apéro riche ISOC-CH will held it annual General Assembly.)
Please find more information, updates and registration on:
http://www.isoc.ch/events/annual-general-assembly-2016
The room capacity is limited. Therefore we kindly ask you to register latest by April 6th.
This event is open to everyone interested in Internet related topics in Switzerland. In case of a shortage of places, ISOC-CH members are given priority.
We are looking forward to meet you on April 8th!
All the best,
ISOC-CH Board
Hello Swinog,
we've recently audited a small network and found that the customer
configured devices were relatively secure configured. However the
Swisscom Router/WiFi device (Zylex P-870HN-53b) seems to have the old
uPNP exploit with a firmware that is not being updated anymore (upnp was
disabled though - so this is hopefully not a big issue).
However, when scanning the router from outside, the port 7547 is openly
reachable from the internet, which turns out to be TR 069 [0].
My question to the list is, if anyone can comment on the security of
TR-069? And if it is a potential or real security problem to have the
port open world wide?
We have never used TR-069 it so far, but my assumption would be that
this port should only be reachable from a Swisscom admin network,
however it is open world wide. As far as I can see the communication on
port 7547 is plain http with http auth, which doesn't look very safe to
me.
Does anyone here use TR-069 and if so, what is your the default policy
for accessing the port?
Thanks a lot for your help and greetings from the last snow!
Nico
[0] https://en.wikipedia.org/wiki/TR-069
--
Werde Teil des modernen Arbeitens im Glarnerland auf www.digitalglarus.ch!
Lese Neuigkeiten auf Twitter: www.twitter.com/DigitalGlarus
Diskutiere mit auf Facebook: www.facebook.com/digitalglarus
In case you missed it: Swisscom now peering with Netflix after big
shitstorm in social media and general media yesterday and today.
http://pastebin.com/sgwD3qfh
I suppose the peering policy of Swisscom is now obsolete, as well as
their monetizing OTT strategy.
It's a good day for real netneutrality, not the crippled version of some
larger Swiss operators.
--
Fredy Kuenzler
---------------------
Fiber7. No Limits.
https://www.fiber7.ch
---------------------
Init7 (Switzerland) Ltd.
AS13030
St.-Georgen-Strasse 70
CH-8400 Winterthur
Skype: flyingpotato
Phone: +41 44 315 4400
Fax: +41 44 315 4401
Twitter: @init7 / @kuenzler
http://www.init7.net/
Just after tracing an shacking connection i discovered some icmp
discrepancy
and look what the trace says
6 embratel-G2-0-0-gacc12.rjo.embratel.net.br (201.39.103.69)
[AS8151/AS4230/AS28513] 80.158 ms 73.268 ms 73.223 ms
7 200.244.165.238 (200.244.165.238) [AS4230/AS28513] 79.789 ms
79.776 ms 79.764 ms
8 200.244.216.75 (200.244.216.75) [AS4230/AS28513] 76.048 ms
200.244.216.43 (200.244.216.43) [AS4230/AS28513] 73.003 ms 72.954 ms
9 ebt-BP1224-intl04.mianap.embratel.net.br (200.230.251.130)
[AS4230/AS8151/AS28513] 191.910 ms 195.430 ms
ebt-BP1214-intl04.mianap.embratel.net.br (200.230.220.22)
[AS4230/AS8151/AS28513] 195.714 ms
10 ae52.edge1.Miami2.Level3.net (4.59.240.117) [AS3356] 199.631 ms
199.988 ms 199.939 ms
11 ae-13-3505.car3.Washington1.Level3.net (4.69.158.145) [AS3356]
229.746 ms 229.744 ms 229.693 ms
12 4.68.72.14 (4.68.72.14) [AS3356] 200.297 ms 199.644 ms 199.665 ms
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 62.179.16.54 (62.179.16.54) [AS9141] 320.477 ms 303.223 ms 305.160 ms
19 * * *
20 * * *
yeah .. who wonders, the last seen hop seems to be there where maybe
your missed car allready is ;)
the target is an unnamed swiss hoster in Kanton ZH ;)
I have also been having trouble with my Swiss provider (hosttech) making
such insane spam rejections.
1. Recently I travelled to Germany, and stayed at a hotel using Deutsche
Telekom as broadband provider.
Apparently the entire DT DSL pool appears on two blacklists, so Hosttech
just ignore them. No error message is returned, just a timeout -- a
behavior so typical of Swiss bureaucracy. I got around this by using Google
or GMX to send my mails. Hosttech first tried to tell me my settings were
wrong (not likely), but finally had to confess that they were the problem.
2. Some time ago, I sent an email message containing the name of a Rumanian
colleague in the body. That time I got an error message saying 'This server
doesn't like spam.' I took the Rumanian name out, left everything else the
same (except the recipient address, as the mail no longer made sense to the
original recipient) and the mail went through fine.
Concerning the first problem, Hosttech claim they fear getting on blacklists
themselves, or that evil scripts might get uploaded to the SMTP server.
I've never heard of such a thing, but even if it were true, since they use
SMTP-Auth, isn't it enough to insist that the SMTP-Auth credentials are
restricted to users who don't send spam, and to block the credentials of
those who do? Why make something simple so bureaucratically difficult and
obnoxious?
To expect a user travelling on business to drop everything in their busy
schedule to get IP addresses out of a DSL pool removed from blacklists by
contacting a local broadband administration with whom they are not customers
strikes me as completely unreasonable.
Charles Buckley
-----Original Message-----
From: swinog-bounces(a)lists.swinog.ch [mailto:swinog-bounces@lists.swinog.ch]
On Behalf Of Jeroen Massar
Sent: 18 March, 2016 10:03
To: swinog(a)lists.swinog.ch
Subject: Re: [swinog] Reject von hotmail.com
On 2016-03-18 09:47, Franco Hug wrote:
> Hoi zaema,
>
> Ich beobachte das gleiche Verhalten mit contabo.de, aus dem Netz
178.238.224.0/22, evtl. gar 178.238.224.0/20 ...
>
>> DE-GIGA-HOSTING-20100728 178.238.224.0 - 178.238.239.255
>> CONTABO 178.238.224.0 - 178.238.227.255
>
> Da scheint das ganze Netz auf einer Migro$oft Blacklist gelandet zu sein.
>
>> 550 SC-001 (BAY004-MC3F37) Unfortunately, messages from
>> 178.238.227.40 weren't sent. Please contact your Internet service
>> provider since part of their network is on our block list. You can also
refer your provider to
http://mail.live.com/mail/troubleshooting.aspx#errors.
>
> Bei den einschlaegig bekannten blacklists ist das Netz auf jeden Fall
nicht gelistet.
>
> In der Tat hatte ich selbst innerhalb der letzten 3 Monate 1x ein
Spam-Mail aus diesem Netz erhalten.
> Eigentlich nichts Aussergewoehnliches, hin und wieder flutscht halt
> mal was durch bei diesen grossen Providern. Dass deswegen ein ganzes
> Netz gelistet wird, und somit auch Unschuldige betroffen sind, ist
aergerlich. Umso mehr, weil nicht wirklich klar ist, was man genau tun muss,
um das Problem zu beheben.
Registriere bei postmaster.live.com ... (yep, und auch bei google etc, die
grossen haben kein lust um spam zu empfangen, so schieben sie das auf der
ISPs die gerne mail wollen schicken)
Richtige WHOIS, reverse DNS, SPF + DKIM und naturlich funktionierende abuse@
und abuse mail auch richtig behandeln.
abuse-c oben ist abuse(a)contabo.de und wann dort sage 50 /24s hin gehen und
aus der 50, 1 /24 viel spam geschickt werde und abuse@ das nicht losst, dan
werd gleich die andere 50 auch als 'reagiert nicht' markiert, also.. rufe
deine ISP an und frage mal nach ob die abuse behandeln...
Greets,
Jeroen
_______________________________________________
swinog mailing list
swinog(a)lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hallo folks,
zur Zeit bekomme ich meine Mails an hotmail.com-Adressen mit der Meldung
"550 SC-001 (COL004-MC2F18) Unfortunately, messages from 5.9.7.51
weren't +sent. Please contact your Internet service provider since part
of their network is on our block list. You can +also refer your provider
to http://mail.live.com/mail/troubleshooting.aspx#errors." abgelehnt.
Auch mails an postmaster werden, entgegen jeglichen gültigen Standards
mit der selben Meldung quitiert.
Die IP 5.9.7.51 ist meine Outgoing-Adresse und ist seit Jahren der
valide Mailserver meiner Domains. Ich kann auch ausschließen, daß über
die Domain auch nur die geringste Spam oder andere Malware versendet
wird.
Haben noch andere diese Probleme mit hotmail.com bzw. hat wer eine
Kontaktmöglichkeit zu denen? Irgendwie habe ich das Gefühl, das die
ihre Server nicht im Griff haben.
Gruß
Klaus Ethgen
- --
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <Klaus(a)Ethgen.ch>
Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQGcBAEBCgAGBQJW65PzAAoJEKZ8CrGAGfasZ94MALl72j1zpt646JdZ4nplkYir
DtRD3CMXB90AjVxgITSGbR4ec8gmcltHsaVAZmgMdEdHQPX3T6uiZYsM40MY5jEj
YBhS7GYQglTZWYvYtrGvhsL0ZDR0EWDiTYxqEgsV/5I5qdjzW6Cvk5rZN7eS+HS9
1X17H9AtUW5hi5cuVI5EmHMENtys0T0tyOdjt6rBcQ/IvPFVPeK5HSGSMStd6Wx5
jBGkyBmvvZpP0IsNdjwoUpeQMAhDmsulM3MJtfZ3lQBEy/OTDXB55UzJh2Wpp6ey
k/JycZrE7Z6m6xnkjP/fr48VWDLV3gm8TMNMVepGw0pel4xOBSR43HnCagFjOU6c
gBmPiuXhnBdmuwpIv5q2zTlMfCqJkgntPUyG3xHFb9D9prt7EQo4YLvsLr7CkUTh
oSw81dTOXivW080T3P9IsPBokSQZWbJhBF93zt4RSoG9SQOXYZzJKTJs3EuzaAEL
l0ZH9h906DQjast4x16cKDw0pSFvCvzAsGZEmawxBg==
=U4IV
-----END PGP SIGNATURE-----
Hoi zaema,
Ich beobachte das gleiche Verhalten mit contabo.de, aus dem Netz 178.238.224.0/22, evtl. gar 178.238.224.0/20 ...
> DE-GIGA-HOSTING-20100728 178.238.224.0 - 178.238.239.255
> CONTABO 178.238.224.0 - 178.238.227.255
Da scheint das ganze Netz auf einer Migro$oft Blacklist gelandet zu sein.
> 550 SC-001 (BAY004-MC3F37) Unfortunately, messages from 178.238.227.40 weren't sent. Please contact your
> Internet service provider since part of their network is on our block list. You can also refer your
> provider to http://mail.live.com/mail/troubleshooting.aspx#errors.
Bei den einschlaegig bekannten blacklists ist das Netz auf jeden Fall nicht gelistet.
In der Tat hatte ich selbst innerhalb der letzten 3 Monate 1x ein Spam-Mail aus diesem Netz erhalten.
Eigentlich nichts Aussergewoehnliches, hin und wieder flutscht halt mal was durch bei diesen grossen
Providern. Dass deswegen ein ganzes Netz gelistet wird, und somit auch Unschuldige betroffen sind, ist
aergerlich. Umso mehr, weil nicht wirklich klar ist, was man genau tun muss, um das Problem zu beheben.
Deshalb habe ich als quick-fix die IP-Adresse des outgoing MX angepasst. D.h. ich habe das Problem
nicht geloest, sondern umschifft...
Gruass, Franco
----- Original Message -----
From: "David Schweikert" <david(a)schweikert.ch>
To: "Klaus Ethgen" <Klaus+swinog(a)Ethgen.de>
Cc: swinog(a)lists.swinog.ch
Sent: Friday, March 18, 2016 7:51:42 AM
Subject: Re: [swinog] Reject von hotmail.com
Hoi Klaus,
On Fri, Mar 18, 2016 at 06:36:52 +0100, Klaus Ethgen wrote:
> zur Zeit bekomme ich meine Mails an hotmail.com-Adressen mit der Meldung
> "550 SC-001 (COL004-MC2F18) Unfortunately, messages from 5.9.7.51
> weren't +sent. Please contact your Internet service provider since part
> of their network is on our block list. You can +also refer your provider
> to http://mail.live.com/mail/troubleshooting.aspx#errors." abgelehnt.
Mein privater Server bei Hetzner wird auch schon seit einigen Monaten
von hotmail.com, live.com, etc. blockiert. Ich glaube, dass ganze
Netblocks von Hetzner auf automatische Blacklisten gelandet sind. Meine
Vermutung ist, dass Hetzner ein spammer-hosting Problem hat.
Google hat uebrigens auf "mailop" (eine Mailing-Liste fuer Mail Hoster)
gesagt, dass es bei ihnen auch passieren kann, dass ganze netblocks
blockiert werden:
https://www.mail-archive.com/mailop@mailop.org/msg01042.html
Vielleicht koenntest du mit IPv6 versuchen. Oder auch ein Versuchswert
ist DMARC. Oder die Mails ueber eine andere IP routen...
Gruss
David
_______________________________________________
swinog mailing list
swinog(a)lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
hi,
I need someone who could install a Cisco router in Morge on 17th of March.
This is a quick task, and the customer has already prepared the
configuration.
Please contact me directly for details.
--
Stanislav Sinyagin
Senior Consultant, CCIE #5478
ssinyagin(a)k-open.com
+41 79 407 0224