Hey all
A friend just told me that Cybernet told him there is a Switzerlandwide Internet Problem.
Does anybody know something?
Cheers
Michele
--------
Online Consulting AG, Michele Capobianco, System Administrator, Weststrasse 38, CH-9500 Wil
Phone +41 (0)71 913 31 31, Fax +41 (0)71 913 31 32
http://www.online.ch, michele.capobianco(a)online.ch<mailto:michele.capobianco@online.ch>
--------
If you're not on the routing-wg mailing list, there's something you
should know
-------- Forwarded Message --------
Subject: [routing-wg] RPKI Outage Post-Mortem
Date: Tue, 25 Feb 2020 15:12:15 +0100
From: Nathalie Trenaman <nathalie(a)ripe.net>
To: routing-wg(a)ripe.net
Dear colleagues,
From Saturday 22 February at 08:24 (CET), any newly created, modified,
or deleted ROAs (176 in total) could not be added to our publication
server due to a disk problem. From that moment on, all the data was
stored on the database, but the publication did not happen. The disk did
not report any problems and, therefore, no engineer was alerted of this
incident.
Due to the disk problem, starting from Sunday 23 February at 09:10
(CET), our CRL expired and our repository could not be properly updated.
This was reported to us on Monday 24 February at 11:44 (CET).
Immediately, our engineers fixed the disk problem, however, since the
CRL expired, all underlying objects also expired. Depending on the
Relying Party software an operator used, this abnormal behaviour
appeared differently.
Initially, our engineers tried to do a full re-population of the RPKI
repository, but unfortunately, this did not update the CRL in the
validation tree. At 15:03 (CET), we performed a full CA key-roll, which
was completed at 21:02 (CET) and resolved the problem. At 19:58 (CET),
all objects in the backlog were published.
We apologise for any inconvenience this may have caused and we are
taking all the necessary steps to ensure this incident does not appear
again in the future.
Kind regards,
Nathalie Trenaman
Routing Security Programme Manager
RIPE NCC
Hello Swinog Users,
Has anyone of you received some info from MELANI / GovCERT about some IoT vulnerability you might be exposed to?
Well I did and I found very very strange things in this report.
1. The report contains only a timestamp, an IP address and a DNS name. Not which vulnerability, not potential loopholes, traces or ANYTHING useful to analyze whats happening.
2. The single IP address in the report is not in my network (I used to have that IP range in the past but I sold it in 2016. So long long ago. )
3. The abuse email they sent the report to is not in the whois of that network.
4. The DNS name used in the report is not the reverse PTR of that IP. Nor does the forward DNS point to that IP.
5. The DNS name points to a host in my network but that host is definitively not a IoT device which has any kind of default password. Its a solid Linux machine with a up to date distribution with 2 usernames only on it with very secure passwords and only one specific application running which doesn't talk to outside my network at all. If that machine would have gotten hacked, it would surprise me very much. At least I have found nothing unusual on that IP. No unexpected network activity, CPU load, processes etc.
So MELANI tells me my big fat Linux server is now a IOT device which has default passwords and I should simply do a factory default (and by doing this erase terabytes of data). I should look for "_SOMETHING_" without specifying it on SOME IP I don't own. And they address such a report to me while I am not the abuse contact of this SOME_IP. Furthermore SOME_IP looked not being reachable anyway when I tested.
So the report contains ZERO usable information. The only thing which might not be wrong in the report is the timestamp (but thats not verified neither).
I am shocked that a government entity which should take security seriously, is sending out such utter nonsense reports and wasting all our precious time.
If they got such reports from 3rd parties it should contain verifiable information and USEFUL information. Apparently MELANI has become some kind of open CERT-SMTP relay without authentication.
Let me know your experiences.
Andrea Fink
Fink Telecom Services
--.- .-. -
>> ENGLISH VERSION
>>
>> Dear Sir or Madam
>>
>> You are receiving this email because your email address is either registered as abuse contact for AS6775 in our system or because your email address is referenced as abuse contact for AS6775 at RIPE.
>>
>> The Reporting and Analysis Centre for Information Assurance (MELANI) has been informed by a partner about one of more devices (IoT - "Internet of Things") in your network that are likely to be compromised by Hackers and that are being used for malicious purpose. Attached to this email, you can find a list of all IP addresses that has been reported to us in the past 24 hours.
>>
>> The affected devices have most probably been compromised by hackers, likely due to the usage of a a default password. Therefore, hackers where able to install a malware (Mirai) on the said devices
>>
>> We therefore recommend you to identify the affected devices or customers, securing them and clean them up (e.g. by doing a factory reset). An overview of recommendations concerning IoT devices can be found on our website:
>>
>> Security in the internet of things (IoT):
>> https://www.melani.admin.ch/iotsecurity <https://www.melani.admin.ch/iotsecurity>
Dear SWINOG members
Are you interested in the latest development on Dataprotection and E-ID in Switzerland?
Before the ISOC-CH General Assembly on Feb 26 2020, we will host again an afternoon session on current Public Policy Topics with presentations and discussions on the following hot-topics in Swiss Politics:
• Swiss E-ID (Electronic ID)
A referendum to enforce a popular vote has just been successfully completed. More information here (German / French)
Speakers:
• André Golliez, Swiss Data Alliance / Zetamind AG
• Jorgo Ananiadis, ISOC-CH / Piratenpartei
• Revision of Swiss Data Protection Legislation
The Legislation on Swiss Data Protection is currently under revision with the National Parliament. There are several concerns, e.g. on profiling. More information here (German only).
Speaker:
• lic. iur. Viktor Györffy, Digitale Gesellschaft / Advokaturbüro Peyrot, Schlegel & Györffy
Registration and more information is available here:
https://www.isoc.ch/events/policy-workshop-and-discussions-2020
Michael
—
Michael Hausding
Chair ISOC Switzerland Chapter
michael.hausding(a)isoc.ch
https://isoc.ch
Hi everyone,
I created a telegram group for Swinog. It is meant to be a place to
have discussions that are more informal than what you could have on the
mailing list or simply for something more interactive.
The link to join is https://t.me/SWINOG
I've created a similar group for ITNOG almost two years ago and it
proved to be a good initiative, now with about 450 members and with
daily discussion on different topics. Maybe we can make it happen also
for Swinog.
Keep in mind this is just a personal initiative and not an official one
from Swinog. If it works out and it's positive, we'll see if we can
make it more official.
If you have any question or comment, please feel free to approach me.
Ciao!
--
Massimiliano Stucchi
MS16801-RIPE
Twitter/Telegram: @stucchimax
Hi There
Just saw this post by RIPE:
https://labs.ripe.net/Members/alun_davies/ripe-atlas-software-probes
RIPE Atlas probes are now available as software, offering future hosts a new way to help build the RIPE Atlas network. While not a replacement for their hardware counterparts, software probes will improve coverage by bringing RIPE Atlas to new and previously hard-to-reach places.
How cool is that?! 😊
greetings
-steven
Hi List
To migrate a couple of DNS Zones from green to another DNS operator. I
need the zone files. I am giving up on the green customer service.
So if a green tech with access to the zone files (as raw as possible,
for example extracted by 'dig AXRF') is reading this, please contact me
off-list.
Mit freundlichen Grüssen
-Benoît Panizzon-
--
I m p r o W a r e A G - Leiter Commerce Kunden
______________________________________________________
Zurlindenstrasse 29 Tel +41 61 826 93 00
CH-4133 Pratteln Fax +41 61 826 93 01
Schweiz Web http://www.imp.ch
______________________________________________________
Hi
hope someone from Swisscom reads here. We're currently seeing that DNS A
records for MX hosts of several domains disappeared. They all using
> mtainXX.mailsecurity.swisscom.com
as MX record. But there are no A records for those MX
; <<>> DiG 9.11.14-RedHat-9.11.14-2.fc31 <<>>
mtain01.mailsecurity.swisscom.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47048
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;mtain01.mailsecurity.swisscom.com. IN A
;; AUTHORITY SECTION:
swisscom.com. 574 IN SOA dns3.swisscom.com. admin\.dns.swisscom.com.
42532 21600 3600 604800 600
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fr Feb 07 10:42:03 CET 2020
;; MSG SIZE rcvd: 113
; <<>> DiG 9.11.14-RedHat-9.11.14-2.fc31 <<>>
mtain02.mailsecurity.swisscom.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 56271
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;mtain02.mailsecurity.swisscom.com. IN A
;; AUTHORITY SECTION:
swisscom.com. 574 IN SOA dns3.swisscom.com. admin\.dns.swisscom.com.
42532 21600 3600 604800 600
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fr Feb 07 10:42:03 CET 2020
;; MSG SIZE rcvd: 113
According to our passive DNS data there are at least 63 domains using
one of these hosts as their MX.
--
Cheers
tobi
Hi all
Can anyone recommend a serious Broker to purchase IPv4 Addresses with which he/she already has made successful transactions?
Thanks!
Mike
--
Mike Kellenberger
Teamleader Network & Security
nexellent ag
Sägereistrasse 33
CH-8152 Glattbrugg
Phone: + 41 44 872 20 00
Direct: + 41 44 872 20 30
Mobile: + 41 79 421 17 78
www.nexellent.chtwitter.com/nexellent