Hey all
A friend just told me that Cybernet told him there is a Switzerlandwide Internet Problem.
Does anybody know something?
Cheers
Michele
--------
Online Consulting AG, Michele Capobianco, System Administrator, Weststrasse 38, CH-9500 Wil
Phone +41 (0)71 913 31 31, Fax +41 (0)71 913 31 32
http://www.online.ch, michele.capobianco(a)online.ch<mailto:michele.capobianco@online.ch>
--------
> On 20210225, at 16:52, Jean-Pierre Schwickerath <swinog(a)hilotec.net> wrote:
>
> Hi Jeroen
>> that "sinkhole" is just a misconfigured/internet-ignorant "load
>> balancer": those things do not care about ICMP...
>>
>> you are thus reaching the dest, it is just misconfigured: the Internet
>> is just HTTP for many, they do not care about this TCP, ICMP or IP
>> thing... be happy there is some kind of IPv6...
>>
> I wouldn't have noticed the issue if the loadbalancer / webserver had
> actually returned a webpage on port TCP/443. But it doesn't. So I tried
> from a different network to see if the issue is reproducible and that
> when I noticed the path taken by the traceroute packets.
>
Check with a tcpdump, don't forget to include ICMP.
Could also be an MTU issue or something on your side killing it.
Of course the behavior of the "load balancer" says quite a few things... sbb.ch is like that too...
>>
>> Btw, when complaining about something, it is wise to include IP
>> addresses, especially for the source...
>>
> The first hop of the traceroute is actually a good indicator for the
> source.
192.168.205.240 ?
DNS is ambiguous and reverses do not always match forwards. Including the actual IPs can thus be very useful...
That is, if you actually want it resolved.
You might want contact swisscom directly (good luck with that) or at least your ISPs that provide the connectivity, they might have better chance at contacting them.
(taking transit over swissix is a fun one; but yea it is not that swisscom likes to peer, what else would a monopoly do)
Greets,
Jeroen
Dear List
Having issue in accessing www.coop.ch
"Aus Sicherheitsgründen ist ein Login aus Ihrem Land nicht erlaubt".
And a hint I shall not use a VPN or Proxy.
No proxy or VPN in use, just IPv4 NAT, as confirmed by 'wieistmeineip'.
(www.coop.ch is not IPv6 yet)
So I supposed a messed up GeoIP Database and changed my SNAT IP a couple
of times (all those IP are registered with country=CH @RIPE since
decades and I never had such issues)
157.161.57.65 => blocked (main NAT ip)
157.161.57.66 => Ok (a static server ip not used anymore)
157.161.57.68 => Ok (a static client ip)
157.161.57.70 => blocked (alternate NAT ip seldom used)
157.161.5.199 => blocked (Gateway IP, not usually used as src, except
local stuff on the Mtik like DNS)
Weird! Anyone has insight in what geoIP database coop uses? Or if there
are other criteria they use for blocking?
--
-Benoît Panizzon-
--
I m p r o W a r e A G - Leiter Commerce Kunden
______________________________________________________
Zurlindenstrasse 29 Tel +41 61 826 93 00
CH-4133 Pratteln Fax +41 61 826 93 01
Schweiz Web http://www.imp.ch
______________________________________________________
Dear Swisscom Routing-Experts
Are you not peeing at swissIX anymore?
Your webserver www.swisscom.ch (2a02:a90:c400:4001::2) gives me a hard
time to be reached. Either it wants it traffic to be routed from Berne
via NL, UK, US and ends in a sinkhole or it uses what looks like using
private peering from tineo/netrics/finecom to the same sinkhole:
tracepath6 2a02:a90:c400:4001::2
1?: [LOCALHOST] 0.367ms pmtu 1500
1: sv96.hilotec.net 0.776ms
1: sv96.hilotec.net 0.740ms
2: 2a00:c38::1:0:2a 1.538ms
3: lo0.01.p.cbn.ch.as15576.nts.ch 1.725ms
4: lo0.01.p.czh.ch.as15576.nts.ch 4.075ms
5: lo0.02.p.czh.ch.as15576.nts.ch 4.354ms
6: zayog.swissix.ch 10.184ms
7: no reply
8: ae2.cs1.ams17.nl.eth.zayo.com 151.857ms asymm 25
9: no reply
10: no reply
11: no reply
12: ae5.cs1.lhr11.uk.eth.zayo.com 153.354ms asymm 21
13: no reply
14: 2001:438:ffff::407d:1d13 151.202ms asymm 19
15: ae6.cs1.sjc2.us.eth.zayo.com 159.227ms asymm 18
16: ae9.mpr1.pao1.us.zip.zayo.com 152.345ms
17: 2001:438:fffe::2456 153.873ms asymm 10
18: 2001:c10:80:1::e51 259.737ms asymm 10
19: 2001:c10:80:1::b96 265.511ms asymm 11
20: 2001:c10:80:2::ad2 243.109ms asymm 10
21: geb-030-lo0-0.ip6.ip-plus.net 247.019ms asymm 9
22: geb-015-loo6.ip6.ip-plus.net 236.957ms asymm 8
23: gem-005-loo6.ip6.ip-plus.net 242.943ms asymm 8
24: 2001:918:100:63::1 230.491ms asymm 7
25: 2001:918:100:4c::1 240.121ms asymm 8
26: 2001:918:100:52::1 247.741ms asymm 7
27: 2001:918:ce::49 241.013ms asymm 8
28: 2a02:a90:4024:fff::14 247.804ms asymm 9
29: 2a02:a90:4024:fff::15 234.473ms asymm 8
30: no reply
Too many hops: pmtu 1500
Resume: pmtu 1500
tracepath 2a02:a90:c400:4001::2
1?: [LOCALHOST] 0.030ms pmtu 1500
1: router.3550.ch 0.418ms
1: router.3550.ch 0.410ms
2: bd4.lar01.lna001.bb.fcom.ch 4.561ms
3: no reply
4: no reply
5: 2001:4d98:a000::1b4 3.218ms asymm 4
6: zhh-015-lo0-0.ip6.ip-plus.net 11.088ms asymm 5
7: 2001:918:ce::45 6.146ms asymm 6
8: 2a02:a90:4024:fff:8000::15 5.452ms
9: no reply
10: no reply
11: no reply
12: no reply
13: no reply
14: no reply
15: no reply
16: no reply
17: no reply
18: no reply
19: no reply
20: no reply
21: no reply
22: no reply
23: no reply
24: no reply
25: no reply
26: no reply
27: no reply
28: no reply
29: no reply
30: no reply
Too many hops: pmtu 1500
Resume: pmtu 1500
Is that a management decision or a technical issue?
Cheers
Jean-Pierre
--
HILOTEC Engineering + Consulting AG - Langnau im Emmental
IT für KMUs: Netzwerke, Server, PCs, Linux, Telefonanlagen,
VOIP, Hosting, Datenbanken, Entwicklung, WLAN, Cloud, Firewalls
Tel: +41 34 408 01 00 - https://www.hilotec.com/
Hi all
We (Hostpoint) see increasing problems sending automated Mails to bluewwin
recipients (such as account confirmation emails). Respectively we see them
identiefd as spam mails. Can a Swisscom/Bluewin Postmaster please get in touch
with me/us to identify the cause?
Thanks, Michael Naef
Head of System Engineering, Hostpoint AG
-------- Forwarded Message --------
Subject: [ncc-announce] Attack on RIPE NCC Access - Please Enable
Two-Factor Authentication
Date: Thu, 18 Feb 2021 16:49:59 +0100
From: Ivo Dijkhuis <ivo.dijkhuis(a)ripe.net>
To: ncc-announce(a)ripe.net
Dear colleagues,
Last weekend, RIPE NCC Access, our single sign-on (SSO) service was
affected by what appears to be a deliberate ‘credential-stuffing’
attack, which caused some downtime. We mitigated the attack, and we are
now taking steps to ensure that our services are better protected
against such threats in the future.
Our preliminary investigations do not indicate that any SSO accounts
have been compromised. If we do find that an account has been affected
in the course of our investigations, we will contact the account holder
individually to inform them.
We would like to ask you to enable two-factor authentication on your
RIPE NCC Access account if you have not already done so to ensure that
your account is secure. In general, using two-factor authentication
across all your accounts can help limit your exposure to such attacks.
If you notice any suspicious activity in your RIPE NCC Access account,
please contact us immediately at <security(a)ripe.net>.
Best regards,
Ivo Dijkhuis
Senior Information Security Officer,
RIPE NCC
Dear Swinog
I am very pleased to inform you first-hand that SWITCH and Quad9 are jointly announcing today the relocation of Quad9's headquarters from California to Zurich. Quad9, a public domain name service, will thus offer its users worldwide maximum internet privacy protection. The move to Switzerland is being facilitated in large part by SWITCH. The joint mission of SWITCH and Quad9 - to provide security and robust services to internet users around the world - was a key factor in this collaboration.
More information can be found in the joint media release https://www.switch.ch/news/Quad9-moves-to-Switzerland/ and on the Quad9 website https://quad9.net/
Should you have any questions about this, please don't hesitate to contact me or Quad9 directly.
Best regards,
Michael
------------------------------------
Michael Hausding,
Competence Lead DNS & Domain Abuse
SWITCH-CERT
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 77, incident phone +41 44 268 15 40
michael.hausding(a)switch.ch
http://securityblog.switch.ch
Hi,
Sometimes I have users send me email from bluewin. Those emails can be
significantly delayed. An example just came in this morning:
Received: from quar.lb.bluewin.ch ([195.186.123.234])
by vimdzmsp-sfwd04.bluewin.ch Swisscom AG with ESMTP
id 9FbplVkv74QBH9Fc9l0UVW; Tue, 09 Feb 2021 00:06:41 +0100
Received: from vimdzmsp-sfwd04.bluewin.ch ([195.186.227.132])
by vimdzmsp-quar01.bluewin.ch Swisscom AG with SMTP
id 82c8lv39dIuiP82c8lqzVg; Fri, 05 Feb 2021 16:01:41 +0100
Delayed from Friday until Tuesday by quar.lb.bluewin.ch. Quar seems to
be short for "quarantine".
The sending user had no idea that this happened.
I previously asked in the Swisscom community about this and they
confirmed that this happens when the server suspects it's spam. The
questions I have now though are:
- How is the sending user supposed to know that this happened?
- It seems that they really expect the sending user to call their
support line and ask the mail to be released (!).
- How did the mail get released in this case? The length of the
quarantine seems to change and you could suspect that it's a human
looking through those emails.
regards,
Maxim
Hello Swinog,
Does anybody from Bluewin can check SMTP host configuration ?
It seems that mx doesnt support SMTP UTF8 (we have customers with email
address that contains ~ (for example):
SMTPUTF8 is required, but was not offered by
host mxbw.lb.bluewin.ch[195.186.227.50]
Thanks,
Rémy