I am starting a small project with a student of the Technical School in
Lausanne ETML-ES (for his diplom work), it will end up as a mobile kit
for remote staging.
I would like to collect some experience from you folks, will be kept
If you agree, can you drop me an email directly and answer these questions:
- do you have Out-of-Band console management for your network equipment ?
- if no : how do you manage your network equipment ?
- if yes: which product (brand/model) ?
- if yes: which interfaces on the equipment side ? (RJ45, USB, etc..)
Thanks in advance.
For the people providing answers: I will send you the survey result
without company or people's names.
+41 79 446 38 11
I am only using SPF, DKIM and DMARC information to up points in my
spamassassin (there are too many badly configured SPF sites around, and
they most of the time are not DNSSEC-secured). In general, SPF/DMARC
alone is not enough to mark as spam in my opinion.
However, someone reported the following issue with Sunrise: apparently they are
lacking at least ONE of their webmail SMTP senders in their SPF records:
220.127.116.11 for example.
dplanet.ch descriptive text "v=spf1 mx include:spf.sunrise.ch -all"
spf.sunrise.ch descriptive text "v=spf1 ip4:18.104.22.168 ip4:22.214.171.124 ip4:126.96.36.199 ip4:188.8.131.52 ip4:184.108.40.206 ip4:220.127.116.11 ip4:18.104.22.168 ip4:22.214.171.124 ip4:126.96.36.199 ip4:188.8.131.52 ip4:184.108.40.206 ip4:220.127.116.11 195.141.178."
It especially may break dplanet.ch senders as their DMARC policy is quarantine
(sunrise's is none). Gmail was for example reporting random problems depending
on the sunrise sender (webmail) SMTP IP address:
ARC-Authentication-Results: i=1; mx.google.com;
spf=pass (google.com: domain of innocent-buddy(a)dplanet.ch designates
18.104.22.168 as permitted sender)
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE)
ARC-Authentication-Results: i=1; mx.google.com;
spf=fail (google.com: domain of innocent-buddy(a)dplanet.ch does not
designate 22.214.171.124 as permitted sender)
dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=QUARANTINE)
Sunrise end-user support did not seem to notice yet, so if someone around
here has better / direct contact, it would be handy.
Have a nice week-end anyway.
We are selling a bunch of juniper hardware. Hardware is all in good
condition, clean and was used until recently. Rackmount ears/rails are
2x MX80 each with
- 2x AC Power Supplies
- 1x MIC-3D-20GE-SFP
2x SRX1400BASE-XGE-AC each with
- 1x SRX1400BASE-XGE-AC
- 2x Power Supplies (SRX1K-PWR-AC)
- 1x Routing Engine (SRX1K-RE-12-10)
- 1x I/O Card (SRX1K-SYSIO-XGE)
- 1x Blank (SRX3K-BLANK)
5x EX4200-48T each with
- 2x AC Power Supplies
...4 of them are equipped with EX-UM-2X4SFP (4x 1G or 2x 10G)
We also have a bunch of XFP/SFP+ SR gbic's and MM cables laying around.
Price: Feel free to make an offer (bid > 0 welcome :-)
If you are interested, please contact me offlist: mb(a)byteworks.ch
Baarerstrasse 112, CH-6300 Zug
We (Init7) expect a >100Gbps ddos this Thursday or Friday. The attack will be directed against a transit customer of ours and will be the 2nd attack from this known group against this customer.
Please make sure you’re not a source and keep an eye on your graphs
Dear SwiNOG community,
Please forward me to whomever you think should now about our community.
This is the official Call for Paper email. Please submit your proposal via https://www.swinog.ch/cfp/
The 37th meeting of the Swiss Network Operators Group (SwiNOG) will be held in Berne on top of the Gurten on Thursday December 2nd 2021.
Important Dates for https://www.swinog.ch/meetings/swinog37/:
23.07.2021 Call for Papers
01.10.2021 Registration opens
31.10.2021 Call for Papers closing
15.11.2021 Final publication of agenda
25.11.2021 Registration closes
26.11.2021 Deadline for all slides
02.12.2021 Meeting day
Topics for Presentations/Talks
Please re-submit your paper if you're still up with a topic which you have submitted during … yeah whatever you call this period…!
The number and length of presentations per session is not fixed, although we prefer the length of the presentations to be between 5 to 45 minutes. Here is a non-exhaustive list of typical SwiNOG meeting topics:
* Security, DDOS Mitigation,
* Open-Source tools and interesting Github projects
* International view of the internet (incidents, outages, measurements)
* Server applications (DNS, Web, etc.)
* Legal issues (BÜPF, etc.)
* Telecommunication politics (Net Neutrality, Incumbent monopoly, etc.)
* Off-Topic if you think the audience will enjoy
* Feel free to talk to us about any kind of topic and collaboration! Or you can always start a discussion on the list - I'm sure people join in. Or join our telegram group at https://t.me/SWINOG
Language of Slides and Talks
The whole day will be hold in English, therefore we kindly ask you to produce your presentation in English.
All submissions must have a strong technical bias (or be completely off topic) and must not be promotional for your employer.
Please remember that your presentations should be suitable for a target audience of technicians from varied backgrounds, working for companies whose sizes may vary considerably.
To submit a proposal for a presentation, we request that you to fill in the form at https://www.swinog.ch/cfp/
We also welcome suggestions for specific presentations which you feel would be valuable to the SwiNOG community.
Please be aware that your presentation will be published on the SwiNOG website after the event. We can publish modified slides if requested - it might be that some confidential data will be presented by you which are not intended for publication on the internet.
SwiNOG Core Team
General Information (SwiNOG Community)
The Swiss Network Operators Group (SwiNOG) is an informal group of people who are concerned with engineering and operation of the Swiss Internet.
SwiNOG exists to enhance the quality of Internet services available in Switzerland. It does this by fostering the free exchange of technical ideas and information between different companies and organisations.
SwiNOG is a community for professionals who are operating, designing or researching the Internet. It provides a technical forum where those working on, with and for the Internet can come together to solve problems with every aspect of their (net)work.
The meeting is designed to provide an opportunity for the exchange of information among network operators, engineers, researchers and other professionals close to the network community.
More information about SwiNOG can be found at http://www.swinog.ch/, Facebook, Xing,
Information about the meeting will be published at http://www.swinog.ch/meetings/swinog37/
General Information (SwiNOG Organisation)
The SwiNOG Organisation Association is a non-profit association under article 60 and further of the swiss civil law. It manages the SwiNOG community ressources (domain, web, mailing-lists, etc..) and organises SwiNOG meetings.
This is a call for Presentations for the virtual European Peering Forum 2021
AMS-IX, DE-CIX, LINX, Netnod are happy to host the virtual European
Peering Forum (EPF) 2021 from the 20th - 22th September 2021.
The event will welcome peering managers and coordinators from networks
connected to the host Internet exchanges.
Besides some interesting topical agenda, the three-day event
accommodates room for attendees to meet virtually on a one-to-one basis
to discuss bilateral peering business opportunities.
The programme committee will be looking for presentations related to
peering and technical topics of interconnection. Your presentation should
* Interconnection Automation
* Regional Peering
* Interconnection / Peering Internet Governance and Regulatory Topics
* Economic and Product Trends
* Peering / Interconnection strategies
* Interesting findings about Peering / Interconnection
* 400GE and beyond
* Any other hot topic related to Interconnection / Peering
Presentations must be of a non-commercial nature. Product or
marketing-heavy talks are strongly discouraged.
Submissions of presentations should be made to the programme
committee <epf-pc(a)peering-forum.eu>. Please include:
* Author's name and e-mail address
* Presentation title
* Slides (if available)
* Time requested (max. 30 minutes incl. Q&A)
Please send in your presentation asap. We decide on a first come first
serve basis. The latest date for submission is July 30th.
More information about the event and other activities around the virtual
EPF 2021 may be found at
Keep calm, keep distance, keep connected!
mobile: +49 172 2650958
Does anyone see a chance to get hands on the post-mortem they
(hopefully) write about the phone outage from last week?
I'm very interested in technical details, as I always feel that from
such stories we can all learn and improve.
Is there an official announcement that I missed?
Seems that blocklist.gespa.ch is the new place, and that all of
comlot.ch now points to gespa.ch, but filenames have been renamed too.
(see previous brokeness email in the mailarchive for old details).
Considering neither is under admin.ch, cannot really say it is an
official website either.
Anybody got an official update about this, or did they just break the
system again? Cannot find any duckduckgoogle references either.
Why did Swiss Voters vote for this broken system if it is not working
anyway? (it is not, because otherwise it is a perfect list to find your
casinos that are 'illegal' or something)....
All those poor* casino users that now have access to a bunch of
unlicensed casinos... what a sad day again.
* = as the house always wins
$ wget -v https://blacklist.comlot.ch/blacklist.comlot.ch.pub
--2021-06-03 08:21:02-- https://blacklist.comlot.ch/blacklist.comlot.ch.pub
Resolving blacklist.comlot.ch (blacklist.comlot.ch)... 126.96.36.199
Connecting to blacklist.comlot.ch
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://blocklist.gespa.ch//blacklist.comlot.ch.pub [following]
--2021-06-03 08:21:03-- https://blocklist.gespa.ch//blacklist.comlot.ch.pub
Resolving blocklist.gespa.ch (blocklist.gespa.ch)... 188.8.131.52
Connecting to blocklist.gespa.ch
HTTP request sent, awaiting response... 404 Not Found
2021-06-03 08:21:05 ERROR 404: Not Found.
It seems the "official specification" (comlot.ch redirects is gone):
still have blocklist.comlot.ch in it.
Except for the URL itself, Google also finds nothing about this:
$ dig +short comlot.ch
$ dig +short comlot.ch aaaa
$ dig +short comlot.ch mx
$ dig +short comlot.ch ns
$ dig +short gespa.ch a
$ dig +short gespa.ch aaaa
dig +short comlot.ch mx
$ dig +short gespa.ch ns
I also gotta love the generic wildcard Let's Encrypt cert, though
comlot.ch did that too
Looks like a rather generic hoster. Maybe the whole domain got hacked?
I am a bit puzzled by repeated Cloudflare Takedown Requests regarding
the domain: lord-film.cash we are getting.
lord-film.cash has address 184.108.40.206
lord-film.cash has address 220.127.116.11
lord-film.cash has IPv6 address 2606:4700:3035::6815:2005
lord-film.cash has IPv6 address 2606:4700:3032::ac43:b5e6
According to Cloudflare, the content is hosted at an IP address under
our control, on a Webserver on Port 80.
I told them some time ago, there is no Webserver running under the IP
address they mention.
They replied, they could verify the IP with:
curl -v -H "Host: lord-film.cash" [IPADDRESS]/
Still, every time I try, I don't get a connection. No wonder, that is a
NAT router with Firewall.
So I wonder, if either the user of that IP Address has cleverly set up a
firewall which blocks all requests not via Cloudflare proxies, or if
this domain uses some kind of P2P Protocol and the IP of that user
is just one of 'many' which is only reachable, when some P2P tool is
running and opening a UPNP Port.
When I try to access the site itself: http://lord-film.cash/ I get
'access denied' from Cloudflare.
Do others get similar takedown notices? Maybe even for that same domain?
Mit freundlichen Grüssen
I m p r o W a r e A G - Leiter Commerce Kunden
Zurlindenstrasse 29 Tel +41 61 826 93 00
CH-4133 Pratteln Fax +41 61 826 93 01
Schweiz Web http://www.imp.ch
Question for mail infrastructure operators:
In the last weeks we had requests from customers, whose "newsletter" via sendinblue could not be delivered to us. In the logs I see at the given time, that the IP of sendinblue was on the blacklist of spamcop.net. That is, the mails were rejected by us.
The customer now says the mails go through everywhere else (I'm looking at you bluewin.ch), just not with you.
sendinblue suggests to whitelist their IPs (> 100'000 ip addresses) (https://help.sendinblue.com/hc/de/articles/208848409-SendinBlue-IP-Bereiche)
Of course I would like to avoid this.
Question: How do other providers deal with such senders? Let everything from sendinblue through for the sake of the customers?
Thanks for your answers.
sasag Kabelkommunikation AG