swinog February 2020

swinog@lists.swinog.ch

22 participants
9 discussions

Fwd: [routing-wg] RPKI Outage Post-Mortem

by Massimiliano Stucchi

If you're not on the routing-wg mailing list, there's something you should know -------- Forwarded Message -------- Subject: [routing-wg] RPKI Outage Post-Mortem Date: Tue, 25 Feb 2020 15:12:15 +0100 From: Nathalie Trenaman <nathalie(a)ripe.net> To: routing-wg(a)ripe.net Dear colleagues, From Saturday 22 February at 08:24 (CET), any newly created, modified, or deleted ROAs (176 in total) could not be added to our publication server due to a disk problem. From that moment on, all the data was stored on the database, but the publication did not happen. The disk did not report any problems and, therefore, no engineer was alerted of this incident. Due to the disk problem, starting from Sunday 23 February at 09:10 (CET), our CRL expired and our repository could not be properly updated. This was reported to us on Monday 24 February at 11:44 (CET). Immediately, our engineers fixed the disk problem, however, since the CRL expired, all underlying objects also expired. Depending on the Relying Party software an operator used, this abnormal behaviour appeared differently. Initially, our engineers tried to do a full re-population of the RPKI repository, but unfortunately, this did not update the CRL in the validation tree. At 15:03 (CET), we performed a full CA key-roll, which was completed at 21:02 (CET) and resolved the problem. At 19:58 (CET), all objects in the backlog were published. We apologise for any inconvenience this may have caused and we are taking all the necessary steps to ensure this incident does not appear again in the future. Kind regards, Nathalie Trenaman Routing Security Programme Manager RIPE NCC

3 years

MELANI / GovCERT.ch

by Andreas Fink

Hello Swinog Users, Has anyone of you received some info from MELANI / GovCERT about some IoT vulnerability you might be exposed to? Well I did and I found very very strange things in this report. 1. The report contains only a timestamp, an IP address and a DNS name. Not which vulnerability, not potential loopholes, traces or ANYTHING useful to analyze whats happening. 2. The single IP address in the report is not in my network (I used to have that IP range in the past but I sold it in 2016. So long long ago. ) 3. The abuse email they sent the report to is not in the whois of that network. 4. The DNS name used in the report is not the reverse PTR of that IP. Nor does the forward DNS point to that IP. 5. The DNS name points to a host in my network but that host is definitively not a IoT device which has any kind of default password. Its a solid Linux machine with a up to date distribution with 2 usernames only on it with very secure passwords and only one specific application running which doesn't talk to outside my network at all. If that machine would have gotten hacked, it would surprise me very much. At least I have found nothing unusual on that IP. No unexpected network activity, CPU load, processes etc. So MELANI tells me my big fat Linux server is now a IOT device which has default passwords and I should simply do a factory default (and by doing this erase terabytes of data). I should look for "_SOMETHING_" without specifying it on SOME IP I don't own. And they address such a report to me while I am not the abuse contact of this SOME_IP. Furthermore SOME_IP looked not being reachable anyway when I tested. So the report contains ZERO usable information. The only thing which might not be wrong in the report is the timestamp (but thats not verified neither). I am shocked that a government entity which should take security seriously, is sending out such utter nonsense reports and wasting all our precious time. If they got such reports from 3rd parties it should contain verifiable information and USEFUL information. Apparently MELANI has become some kind of open CERT-SMTP relay without authentication. Let me know your experiences. Andrea Fink Fink Telecom Services --.- .-. - >> ENGLISH VERSION >> >> Dear Sir or Madam >> >> You are receiving this email because your email address is either registered as abuse contact for AS6775 in our system or because your email address is referenced as abuse contact for AS6775 at RIPE. >> >> The Reporting and Analysis Centre for Information Assurance (MELANI) has been informed by a partner about one of more devices (IoT - "Internet of Things") in your network that are likely to be compromised by Hackers and that are being used for malicious purpose. Attached to this email, you can find a list of all IP addresses that has been reported to us in the past 24 hours. >> >> The affected devices have most probably been compromised by hackers, likely due to the usage of a a default password. Therefore, hackers where able to install a malware (Mirai) on the said devices >> >> We therefore recommend you to identify the affected devices or customers, securing them and clean them up (e.g. by doing a factory reset). An overview of recommendations concerning IoT devices can be found on our website: >> >> Security in the internet of things (IoT): >> https://www.melani.admin.ch/iotsecurity <https://www.melani.admin.ch/iotsecurity>

3 years, 1 month

Invitation for Public Policy Workshop in Bern 26.2.

by Michael Hausding

Dear SWINOG members Are you interested in the latest development on Dataprotection and E-ID in Switzerland? Before the ISOC-CH General Assembly on Feb 26 2020, we will host again an afternoon session on current Public Policy Topics with presentations and discussions on the following hot-topics in Swiss Politics: • Swiss E-ID (Electronic ID) A referendum to enforce a popular vote has just been successfully completed. More information here (German / French) Speakers: • André Golliez, Swiss Data Alliance / Zetamind AG • Jorgo Ananiadis, ISOC-CH / Piratenpartei • Revision of Swiss Data Protection Legislation The Legislation on Swiss Data Protection is currently under revision with the National Parliament. There are several concerns, e.g. on profiling. More information here (German only). Speaker: • lic. iur. Viktor Györffy, Digitale Gesellschaft / Advokaturbüro Peyrot, Schlegel & Györffy Registration and more information is available here: https://www.isoc.ch/events/policy-workshop-and-discussions-2020 Michael — Michael Hausding Chair ISOC Switzerland Chapter michael.hausding(a)isoc.ch https://isoc.ch

3 years, 1 month

Telegram group

by Massimiliano Stucchi

Hi everyone, I created a telegram group for Swinog. It is meant to be a place to have discussions that are more informal than what you could have on the mailing list or simply for something more interactive. The link to join is https://t.me/SWINOG I've created a similar group for ITNOG almost two years ago and it proved to be a good initiative, now with about 450 members and with daily discussion on different topics. Maybe we can make it happen also for Swinog. Keep in mind this is just a personal initiative and not an official one from Swinog. If it works out and it's positive, we'll see if we can make it more official. If you have any question or comment, please feel free to approach me. Ciao! -- Massimiliano Stucchi MS16801-RIPE Twitter/Telegram: @stucchimax

3 years, 1 month

RIPE Atlas probes as SW

by Steven.Glogger＠swisscom.com

Hi There Just saw this post by RIPE: https://labs.ripe.net/Members/alun_davies/ripe-atlas-software-probes RIPE Atlas probes are now available as software, offering future hosts a new way to help build the RIPE Atlas network. While not a replacement for their hardware counterparts, software probes will improve coverage by bringing RIPE Atlas to new and previously hard-to-reach places. How cool is that?! 😊 greetings -steven

3 years, 1 month

Any Green.ch DNS Admin on this list?

by Benoit Panizzon

Hi List To migrate a couple of DNS Zones from green to another DNS operator. I need the zone files. I am giving up on the green customer service. So if a green tech with access to the zone files (as raw as possible, for example extracted by 'dig AXRF') is reading this, please contact me off-list. Mit freundlichen Grüssen -Benoît Panizzon- -- I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________

3 years, 1 month

Missing DNS A records for several domains hosted by swisscom.com

by Tobi

Hi hope someone from Swisscom reads here. We're currently seeing that DNS A records for MX hosts of several domains disappeared. They all using > mtainXX.mailsecurity.swisscom.com as MX record. But there are no A records for those MX ; <<>> DiG 9.11.14-RedHat-9.11.14-2.fc31 <<>> mtain01.mailsecurity.swisscom.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47048 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;mtain01.mailsecurity.swisscom.com. IN A ;; AUTHORITY SECTION: swisscom.com. 574 IN SOA dns3.swisscom.com. admin\.dns.swisscom.com. 42532 21600 3600 604800 600 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fr Feb 07 10:42:03 CET 2020 ;; MSG SIZE rcvd: 113 ; <<>> DiG 9.11.14-RedHat-9.11.14-2.fc31 <<>> mtain02.mailsecurity.swisscom.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 56271 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;mtain02.mailsecurity.swisscom.com. IN A ;; AUTHORITY SECTION: swisscom.com. 574 IN SOA dns3.swisscom.com. admin\.dns.swisscom.com. 42532 21600 3600 604800 600 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fr Feb 07 10:42:03 CET 2020 ;; MSG SIZE rcvd: 113 According to our passive DNS data there are at least 63 domains using one of these hosts as their MX. -- Cheers tobi

3 years, 1 month

IPv4 Brokers

by Mike Kellenberger

Hi all Can anyone recommend a serious Broker to purchase IPv4 Addresses with which he/she already has made successful transactions? Thanks! Mike -- Mike Kellenberger Teamleader Network & Security nexellent ag Sägereistrasse 33 CH-8152 Glattbrugg Phone: + 41 44 872 20 00 Direct: + 41 44 872 20 30 Mobile: + 41 79 421 17 78 www.nexellent.ch twitter.com/nexellent

3 years, 1 month

IPv6 Council event - IPv6 Security Hands-On Crash Course with Fernando Gont, March 2020

by Silvia Hagen

Dear Swinogers We are happy to announce that we will have Fernando Gont in Switzerland, teaching his famous IPv6 Security Hands-On Crash course. Fernando is an expert in the international IPv6 community, author of many RFCs and developer of the hacking toolkit. He will show you how to work with it during this course. IPv6 Security Crash Kurs with Fernando Gont * 23. - 25. März 2020, at Digicomp in Zürich (in English) More Information <http://www.swissipv6council.ch/en/events/ipv6-security-crashcourse>Registration via Digicomp<https://www.digicomp.ch/weiterbildung/trainings-fuer-it-professionals/netwo…> Prerequisite for attending this course is a basic knowledge of IPv6, such as addressing architecture, header format, extension headers, neighbor discovery, SLAAC, DHCPv6, MLD etc. If you like to refresh your understanding of the IPv6 basics, you may attend the IPv6 Hands-On Training on 24. - 26. February<https://www.digicomp.ch/weiterbildung/trainings-fuer-it-professionals/netwo…> at Digicomp in Zurich (in German) All details and link to registration: http://www.swissipv6council.ch/en/events Cheers Silvia Sunny Connection AG CH-8124 Maur +41 (0)44 887 62 10 www.sunny.ch<http://www.sunny.ch/> http://twitter.com/sunny_shagen ****************************************** Business Agility - eine integrale Betrachtung. Kommen Sie mit auf unsere Entdeckungsreise<https://flowdays.net/de/training?category=Business_Agility&title=Business_A…> "When things fall into place" - 28. November in Zürich ****************************************** Think Agile, thrive in the Flow: www.flowdays.net<http://www.flowdays.net/> ******************************************

3 years, 1 month

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

swinog February 2020