Hey all
A friend just told me that Cybernet told him there is a Switzerlandwide Internet Problem.
Does anybody know something?
Cheers
Michele
--------
Online Consulting AG, Michele Capobianco, System Administrator, Weststrasse 38, CH-9500 Wil
Phone +41 (0)71 913 31 31, Fax +41 (0)71 913 31 32
http://www.online.ch, michele.capobianco(a)online.ch<mailto:michele.capobianco@online.ch>
--------
As it is 1 april tomorrow, some things expired yesterday:
Not After : Mar 30 13:28:58 2021 GMT
That thing is.... the COMLOT key to verify those Geldspielgesetz keys
for their fun list of worldwide casinos:
https://blacklist.comlot.ch/comlot_blacklist.txt
see full cert details below.
You can get the key with or attached:
$ wget -vS https://blacklist.comlot.ch/blacklist.comlot.ch.pub
--2021-03-31 16:50:00-- https://blacklist.comlot.ch/blacklist.comlot.ch.pub
Resolving blacklist.comlot.ch (blacklist.comlot.ch)... 194.187.88.5
Connecting to blacklist.comlot.ch
(blacklist.comlot.ch)|194.187.88.5|:443... connected.
HTTP request sent, awaiting response...
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Wed, 31 Mar 2021 14:50:01 GMT
Content-Type: application/octet-stream
Content-Length: 2927
Connection: keep-alive
Last-Modified: Wednesday, 31-Mar-2021 14:50:01 GMT
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate,
max-age=0
Strict-Transport-Security: max-age=15768000
Accept-Ranges: bytes
Length: 2927 (2.9K) [application/octet-stream]
Saving to: ‘blacklist.comlot.ch.pub’
blacklist.comlot.ch.pub
100%[==========================================================>]
2.86K --.-KB/s in 0s
2021-03-31 16:50:01 (558 MB/s) - ‘blacklist.comlot.ch.pub’ saved [2927/2927]
Funny that nginx claims the file changed... the moment I downloaded it,
bit strange for a static file.
Anybody has contacts at COMLOT. As technically speaking, we should not
be updating the list anymore into RPZ now; the process I have is thus
stuck at the list from yesterday.... (not that it matters, with such a
nice list, a bit of VPN and/or simply choosing any non-provider DNS
server and voila... bypassed the law.... you, know, Their Law!
https://www.youtube.com/watch?v=zKNoU2P0dQc
Enjoy!
Greet,
Jeroen
--
openssl x509 -in blacklist.comlot.ch.pub -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
61:5d:a4:eb:83:eb:a0:a3:be:97:59:c9:56:9b:28:e9
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = CH, O = SwissSign AG, CN = SwissSign CH Person
Platinum CA 2017 - G22, organizationIdentifier = NTRCH-CHE-109.357.012
Validity
Not Before: Mar 30 13:28:58 2020 GMT
Not After : Mar 30 13:28:58 2021 GMT
Subject: C = CH, L = Bern, ST = BE, organizationIdentifier =
NTRCH-CHE-196.380.112, O = Lotterie- und Wettkommission Comlot, CN =
Lotterie- und Wettkommission Comlot
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:2c:7f:48:c2:07:30:b9:fa:29:26:1d:29:83:
82:41:ef:73:2e:8e:dc:de:28:a4:6b:0b:93:0d:19:
b6:ee:d2:c5:63:95:3f:d0:ed:a7:f3:80:70:e3:07:
48:6e:f3:e7:5a:d1:fd:80:d5:2e:4e:6d:3d:e1:db:
8e:44:2f:4f:a7:21:58:1d:c9:59:40:9b:97:85:4c:
b6:5a:f6:cc:1a:71:a1:ef:59:59:65:f2:6c:be:25:
74:15:37:29:40:b1:6c:6d:3b:43:82:85:ee:5b:e8:
01:86:92:32:a5:f8:a9:ba:8b:85:6e:14:6e:ca:cc:
33:35:ff:7e:b7:fb:1c:c6:dc:c3:c4:f8:31:7b:73:
c8:91:86:59:07:4b:75:1f:10:68:50:61:93:19:5b:
ac:3d:43:c4:49:0a:ea:17:1b:ea:0e:f5:c1:7f:d5:
db:c0:58:c5:61:19:dd:05:b7:b5:35:27:85:ea:ec:
70:6e:c5:a6:d5:c1:ca:5b:85:3e:42:08:14:f0:01:
aa:b5:47:93:ed:ed:eb:20:35:db:d8:d8:58:da:6b:
dc:3d:14:ee:e1:91:c8:85:12:d5:59:9c:fc:4f:04:
0e:f5:a4:d5:c0:ab:ec:57:6b:c1:d9:8f:1d:6b:dc:
bf:5a:0e:58:a0:4c:01:0f:13:31:c0:0b:dd:ac:aa:
2b:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
1B:2B:A0:91:2C:6F:2B:92:49:EC:96:04:BD:1C:8D:36:35:45:4D:76
X509v3 Authority Key Identifier:
keyid:1E:C8:04:6D:FB:72:62:51:60:A2:73:24:6F:BE:F2:5F:4D:34:92:FC
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.swisssign.net/1EC8046DFB72625160A273246FBEF25F4D3492FC
Full Name:
URI:ldap://directory.swisssign.com/CN=1EC8046DFB72625160A273246FBEF25F4D349…
X509v3 Certificate Policies:
Policy: 2.16.756.1.89.1.1.1.1.10
CPS:
https://repository.swisssign.com/SwissSign-Platinum-CP-CPS.pdf
User Notice:
Explicit Text: regulated certificate
Policy: 0.4.0.194112.1.3
Authority Information Access:
CA Issuers -
URI:http://swisssign.net/cgi-bin/authority/download/1EC8046DFB72625160A2732…
OCSP -
URI:http://platinum-g2.ocsp.swisssign.net/1EC8046DFB72625160A273246FBEF25F4…
qcStatements:
0c0......F..0B.....F..08.2https://repository.swisssign.com/SwissSign-PDS.pd…...
Signature Algorithm: sha256WithRSAEncryption
10:08:b0:64:2d:63:90:e2:07:4e:ed:d1:87:62:0a:43:88:c8:
87:b9:85:91:ae:ba:8b:f7:f6:33:d3:cd:a0:63:37:28:28:4f:
c0:ec:15:06:a7:e4:86:1f:03:28:ad:e5:32:68:14:e2:ee:6e:
62:97:fc:95:7a:ac:fe:b1:a4:24:d1:99:89:2e:cd:ee:ca:c3:
76:c9:38:8e:3b:16:bd:6f:89:5e:4a:94:d5:ea:f1:73:46:15:
41:45:a4:8a:0b:8a:14:22:35:36:8c:fa:70:bb:19:73:6e:39:
93:5d:0d:5c:43:60:8e:0e:38:ed:ac:96:74:0a:b9:51:bc:23:
51:80:4d:cf:e2:64:02:80:af:dd:ef:40:b9:ba:36:0e:aa:3d:
88:d9:29:20:56:68:39:a8:74:46:79:81:df:d0:c8:fb:4b:76:
2b:c4:41:42:e8:c6:16:f7:94:7f:30:de:ba:22:d9:67:94:a7:
c2:01:4f:1f:31:2b:52:16:f3:ae:c4:b6:a4:f8:87:df:7f:92:
73:e1:89:07:05:9b:8d:e9:c1:21:8a:b6:87:59:04:12:fb:b0:
f3:1a:95:0e:29:5d:95:af:a2:82:54:cb:9f:77:d7:90:00:42:
06:53:88:d4:9f:26:b0:43:e9:b0:c1:9a:24:17:69:fc:87:66:
e3:67:01:bf
-----BEGIN CERTIFICATE-----
MIIG9zCCBd+gAwIBAgIQYV2k64ProKO+l1nJVpso6TANBgkqhkiG9w0BAQsFADB5
MQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMTMwMQYDVQQDEypT
d2lzc1NpZ24gQ0ggUGVyc29uIFBsYXRpbnVtIENBIDIwMTcgLSBHMjIxHjAcBgNV
BGETFU5UUkNILUNIRS0xMDkuMzU3LjAxMjAeFw0yMDAzMzAxMzI4NThaFw0yMTAz
MzAxMzI4NThaMIGlMQswCQYDVQQGEwJDSDENMAsGA1UEBxMEQmVybjELMAkGA1UE
CBMCQkUxHjAcBgNVBGETFU5UUkNILUNIRS0xOTYuMzgwLjExMjEsMCoGA1UEChMj
TG90dGVyaWUtIHVuZCBXZXR0a29tbWlzc2lvbiBDb21sb3QxLDAqBgNVBAMTI0xv
dHRlcmllLSB1bmQgV2V0dGtvbW1pc3Npb24gQ29tbG90MIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAjSx/SMIHMLn6KSYdKYOCQe9zLo7c3iikawuTDRm2
7tLFY5U/0O2n84Bw4wdIbvPnWtH9gNUuTm094duORC9PpyFYHclZQJuXhUy2WvbM
GnGh71lZZfJsviV0FTcpQLFsbTtDgoXuW+gBhpIypfipuouFbhRuyswzNf9+t/sc
xtzDxPgxe3PIkYZZB0t1HxBoUGGTGVusPUPESQrqFxvqDvXBf9XbwFjFYRndBbe1
NSeF6uxwbsWm1cHKW4U+QggU8AGqtUeT7e3rIDXb2NhY2mvcPRTu4ZHIhRLVWZz8
TwQO9aTVwKvsV2vB2Y8da9y/Wg5YoEwBDxMxwAvdrKorbwIDAQABo4IDTDCCA0gw
DgYDVR0PAQH/BAQDAgeAMAwGA1UdEwQFMAMBAQAwHQYDVR0OBBYEFBsroJEsbyuS
SeyWBL0cjTY1RU12MB8GA1UdIwQYMBaAFB7IBG37cmJRYKJzJG++8l9NNJL8MIIB
BAYDVR0fBIH8MIH5MEegRaBDhkFodHRwOi8vY3JsLnN3aXNzc2lnbi5uZXQvMUVD
ODA0NkRGQjcyNjI1MTYwQTI3MzI0NkZCRUYyNUY0RDM0OTJGQzCBraCBqqCBp4aB
pGxkYXA6Ly9kaXJlY3Rvcnkuc3dpc3NzaWduLmNvbS9DTj0xRUM4MDQ2REZCNzI2
MjUxNjBBMjczMjQ2RkJFRjI1RjREMzQ5MkZDJTJDTz1Td2lzc1NpZ24lMjBBRyUy
Q0M9Q0g/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNz
PWNSTERpc3RyaWJ1dGlvblBvaW50MIGXBgNVHSAEgY8wgYwwfwYKYIV0AVkBAQEB
CjBxMEoGCCsGAQUFBwIBFj5odHRwczovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNv
bS9Td2lzc1NpZ24tUGxhdGludW0tQ1AtQ1BTLnBkZjAjBggrBgEFBQcCAjAXDBVy
ZWd1bGF0ZWQgY2VydGlmaWNhdGUwCQYHBACL7EABAzCB0gYIKwYBBQUHAQEEgcUw
gcIwZAYIKwYBBQUHMAKGWGh0dHA6Ly9zd2lzc3NpZ24ubmV0L2NnaS1iaW4vYXV0
aG9yaXR5L2Rvd25sb2FkLzFFQzgwNDZERkI3MjYyNTE2MEEyNzMyNDZGQkVGMjVG
NEQzNDkyRkMwWgYIKwYBBQUHMAGGTmh0dHA6Ly9wbGF0aW51bS1nMi5vY3NwLnN3
aXNzc2lnbi5uZXQvMUVDODA0NkRGQjcyNjI1MTYwQTI3MzI0NkZCRUYyNUY0RDM0
OTJGQzBxBggrBgEFBQcBAwRlMGMwCAYGBACORgEEMEIGBgQAjkYBBTA4FjJodHRw
czovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS9Td2lzc1NpZ24tUERTLnBkZhMC
ZW4wEwYGBACORgEGMAkGBwQAjkYBBgIwDQYJKoZIhvcNAQELBQADggEBABAIsGQt
Y5DiB07t0YdiCkOIyIe5hZGuuov39jPTzaBjNygoT8DsFQan5IYfAyit5TJoFOLu
bmKX/JV6rP6xpCTRmYkuze7Kw3bJOI47Fr1viV5KlNXq8XNGFUFFpIoLihQiNTaM
+nC7GXNuOZNdDVxDYI4OOO2slnQKuVG8I1GATc/iZAKAr93vQLm6Ng6qPYjZKSBW
aDmodEZ5gd/QyPtLdivEQULoxhb3lH8w3roi2WeUp8IBTx8xK1IW867EtqT4h99/
knPhiQcFm43pwSGKtodZBBL7sPMalQ4pXZWvooJUy59315AAQgZTiNSfJrBD6bDB
miQXafyHZuNnAb8=
-----END CERTIFICATE-----
Hello everybody
Since yesterday, we see a lot of bounced messages to bluewin addresses with SMTP code 554, for example:
relay=mxbw-bluewin-ch.hdb-cs04.ellb.ch[195.186.227.50]:25, delay=0.16, delays=0/0.01/0.09/0.05, dsn=5.2.0, status=bounced (host mxbw-bluewin-ch.hdb-cs04.ellb.ch[195.186.227.50] said: 554 5.2.0 sc976: Rejected due to policy reasons - https://support.bluewin.ch/provider/bounce/XXXXXXXXXXXXXXXXX[redacted]== (in reply to end of DATA command))
Unfortunately, sc976 is not documented on https://postmaster.bluewin.ch/content/de/technical-details/
We can't see any general pattern behind those rejections (hosts trough our entire IP range are affected), switching to a different IP address for delivery works in most cases.
Do you see the same and have any insight what is going on here?
Greetings
Peter
> On 20210225, at 16:52, Jean-Pierre Schwickerath <swinog(a)hilotec.net> wrote:
>
> Hi Jeroen
>> that "sinkhole" is just a misconfigured/internet-ignorant "load
>> balancer": those things do not care about ICMP...
>>
>> you are thus reaching the dest, it is just misconfigured: the Internet
>> is just HTTP for many, they do not care about this TCP, ICMP or IP
>> thing... be happy there is some kind of IPv6...
>>
> I wouldn't have noticed the issue if the loadbalancer / webserver had
> actually returned a webpage on port TCP/443. But it doesn't. So I tried
> from a different network to see if the issue is reproducible and that
> when I noticed the path taken by the traceroute packets.
>
Check with a tcpdump, don't forget to include ICMP.
Could also be an MTU issue or something on your side killing it.
Of course the behavior of the "load balancer" says quite a few things... sbb.ch is like that too...
>>
>> Btw, when complaining about something, it is wise to include IP
>> addresses, especially for the source...
>>
> The first hop of the traceroute is actually a good indicator for the
> source.
192.168.205.240 ?
DNS is ambiguous and reverses do not always match forwards. Including the actual IPs can thus be very useful...
That is, if you actually want it resolved.
You might want contact swisscom directly (good luck with that) or at least your ISPs that provide the connectivity, they might have better chance at contacting them.
(taking transit over swissix is a fun one; but yea it is not that swisscom likes to peer, what else would a monopoly do)
Greets,
Jeroen
Good afternoon SWINOG!
Since SWINOG is also a German-speaking network operator group, I wanted to take the chance to invite you to the first DENOG Leadership Meetup.
The new meeting series will start on Wednesday, 24th March 2021, at 18:30 CET. It will come in a variety of different formats and is all about leadership. This series's target audience is people in the network operator community who currently are in leadership roles or are interested in leadership roles, either in your career or voluntary appearances.
The first meeting is about leadership and managing a team during a global pandemic, including hidden challenges. You will find more details, the preliminary plan, and a way to register for a free ticket at https://www.denog.de/de/events/leadership.html.
The event will be in GERMAN only!
Greetings from DENOG. We would be pleased to see you at our Meetup next Wednesday.
Regards,
-Stefan
Hi,
(Possibly in relation to http://lists.swinog.ch/public/swinog/2021-March/007457.html, but in this case not even a TCP ACK...)
It seems smtp.bluewin.ch (25 and 465 tested) is unreachable from all places I checked (Init7, Quickline, BIT.nl).
Is that service normally open for Bluewin customers to connect to smtp.bluewin.ch?
As apparently Swisscom is sending out mails to providers that their customers are complaining that their customers on non-swisscom/bluewin cannot use their SMTP service.....
But telnet does not even answer.... (no TCP ACK at all, no ICMP, nada nothing), thus looks like it is firewalled away.
Greets,
Jeroen
Dear List
Having issue in accessing www.coop.ch
"Aus Sicherheitsgründen ist ein Login aus Ihrem Land nicht erlaubt".
And a hint I shall not use a VPN or Proxy.
No proxy or VPN in use, just IPv4 NAT, as confirmed by 'wieistmeineip'.
(www.coop.ch is not IPv6 yet)
So I supposed a messed up GeoIP Database and changed my SNAT IP a couple
of times (all those IP are registered with country=CH @RIPE since
decades and I never had such issues)
157.161.57.65 => blocked (main NAT ip)
157.161.57.66 => Ok (a static server ip not used anymore)
157.161.57.68 => Ok (a static client ip)
157.161.57.70 => blocked (alternate NAT ip seldom used)
157.161.5.199 => blocked (Gateway IP, not usually used as src, except
local stuff on the Mtik like DNS)
Weird! Anyone has insight in what geoIP database coop uses? Or if there
are other criteria they use for blocking?
--
-Benoît Panizzon-
--
I m p r o W a r e A G - Leiter Commerce Kunden
______________________________________________________
Zurlindenstrasse 29 Tel +41 61 826 93 00
CH-4133 Pratteln Fax +41 61 826 93 01
Schweiz Web http://www.imp.ch
______________________________________________________