swinog July 2021

swinog@lists.swinog.ch

17 participants
11 discussions

Switzerlandwide Internet problem
by Michele Capobianco 16 Jul '23

16 Jul '23

Hey all A friend just told me that Cybernet told him there is a Switzerlandwide Internet Problem. Does anybody know something? Cheers Michele -------- Online Consulting AG, Michele Capobianco, System Administrator, Weststrasse 38, CH-9500 Wil Phone +41 (0)71 913 31 31, Fax +41 (0)71 913 31 32 http://www.online.ch, michele.capobianco(a)online.ch<mailto:michele.capobianco@online.ch> --------

8 7

Survey : which console/terminal servers are you using for Out-of-band mgmt ?
by Félix Curinga 30 Jul '21

30 Jul '21

Hi all, I am starting a small project with a student of the Technical School in Lausanne ETML-ES (for his diplom work), it will end up as a mobile kit for remote staging. I would like to collect some experience from you folks, will be kept 100% anonymous. If you agree, can you drop me an email directly and answer these questions: - do you have Out-of-Band console management for your network equipment ? - if no : how do you manage your network equipment ? - if yes: which product (brand/model) ? - if yes: which interfaces on the equipment side ? (RJ45, USB, etc..) Thanks in advance. For the people providing answers: I will send you the survey result without company or people's names. Best regards --félix -- Félix Curinga +41 79 446 38 11

3 3

SPF/DMARC sunrise issue
by Marc SCHAEFER 30 Jul '21

30 Jul '21

Hello, I am only using SPF, DKIM and DMARC information to up points in my spamassassin (there are too many badly configured SPF sites around, and they most of the time are not DNSSEC-secured). In general, SPF/DMARC alone is not enough to mark as spam in my opinion. However, someone reported the following issue with Sunrise: apparently they are lacking at least ONE of their webmail SMTP senders in their SPF records: 195.141.178.228 for example. dplanet.ch descriptive text "v=spf1 mx include:spf.sunrise.ch -all" spf.sunrise.ch descriptive text "v=spf1 ip4:195.141.178.100 ip4:195.141.178.101 ip4:195.141.178.220 ip4:195.141.178.221 ip4:195.141.178.223 ip4:195.141.178.229 ip4:195.141.178.94 ip4:195.141.178.95 ip4:195.141.178.96 ip4:195.141.178.71 ip4:195.141.178.199 ip4:195.141.178.74 195.141.178." It especially may break dplanet.ch senders as their DMARC policy is quarantine (sunrise's is none). Gmail was for example reporting random problems depending on the sunrise sender (webmail) SMTP IP address: ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of innocent-buddy(a)dplanet.ch designates 195.141.178.229 as permitted sender) smtp.mailfrom=innocent-buddy(a)dplanet.ch; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=dplanet.ch ARC-Authentication-Results: i=1; mx.google.com; spf=fail (google.com: domain of innocent-buddy(a)dplanet.ch does not designate 195.141.178.228 as permitted sender) smtp.mailfrom=innocent-buddy(a)dplanet.ch; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=QUARANTINE) header.from=dplanet.ch Sunrise end-user support did not seem to notice yet, so if someone around here has better / direct contact, it would be handy. Have a nice week-end anyway.

1 0

Selling juniper hardware
by Michael Bischof 26 Jul '21

26 Jul '21

Dear all We are selling a bunch of juniper hardware. Hardware is all in good condition, clean and was used until recently. Rackmount ears/rails are included. 2x MX80 each with - 2x AC Power Supplies - 1x MIC-3D-20GE-SFP 2x SRX1400BASE-XGE-AC each with - 1x SRX1400BASE-XGE-AC - 2x Power Supplies (SRX1K-PWR-AC) - 1x Routing Engine (SRX1K-RE-12-10) - 1x I/O Card (SRX1K-SYSIO-XGE) - 1x Blank (SRX3K-BLANK) 5x EX4200-48T each with - 2x AC Power Supplies ...4 of them are equipped with EX-UM-2X4SFP (4x 1G or 2x 10G) ...VC Cables We also have a bunch of XFP/SFP+ SR gbic's and MM cables laying around. Price: Feel free to make an offer (bid > 0 welcome :-) If you are interested, please contact me offlist: mb(a)byteworks.ch Best regards Michael *—* *Michael Bischof* — Byteworks GmbH Baarerstrasse 112, CH-6300 Zug mb(a)byteworks.ch *www.byteworks.ch <https://www.byteworks.ch/>*

1 0

planned ddos - alert
by Pascal Gloor 24 Jul '21

24 Jul '21

Dear SwiNOG, We (Init7) expect a >100Gbps ddos this Thursday or Friday. The attack will be directed against a transit customer of ours and will be the 2nd attack from this known group against this customer. Please make sure you’re not a source and keep an eye on your graphs Thanks! Pascal

2 1

##### SwiNOG #37 - Call for Papers #####
by Simon Ryf 22 Jul '21

22 Jul '21

Dear SwiNOG community, Please forward me to whomever you think should now about our community. This is the official Call for Paper email. Please submit your proposal via https://www.swinog.ch/cfp/ The 37th meeting of the Swiss Network Operators Group (SwiNOG) will be held in Berne on top of the Gurten on Thursday December 2nd 2021. Important Dates for https://www.swinog.ch/meetings/swinog37/: 23.07.2021 Call for Papers 01.10.2021 Registration opens 31.10.2021 Call for Papers closing 15.11.2021 Final publication of agenda 25.11.2021 Registration closes 26.11.2021 Deadline for all slides 02.12.2021 Meeting day Topics for Presentations/Talks Please re-submit your paper if you're still up with a topic which you have submitted during … yeah whatever you call this period…! The number and length of presentations per session is not fixed, although we prefer the length of the presentations to be between 5 to 45 minutes. Here is a non-exhaustive list of typical SwiNOG meeting topics: * Security, DDOS Mitigation, * IPv6 * Open-Source tools and interesting Github projects * International view of the internet (incidents, outages, measurements) * Routing * Peering * Server applications (DNS, Web, etc.) * Legal issues (BÜPF, etc.) * Telecommunication politics (Net Neutrality, Incumbent monopoly, etc.) * Off-Topic if you think the audience will enjoy * Feel free to talk to us about any kind of topic and collaboration! Or you can always start a discussion on the list - I'm sure people join in. Or join our telegram group at https://t.me/SWINOG Language of Slides and Talks The whole day will be hold in English, therefore we kindly ask you to produce your presentation in English. Submission Guidelines All submissions must have a strong technical bias (or be completely off topic) and must not be promotional for your employer. Please remember that your presentations should be suitable for a target audience of technicians from varied backgrounds, working for companies whose sizes may vary considerably. To submit a proposal for a presentation, we request that you to fill in the form at https://www.swinog.ch/cfp/ We also welcome suggestions for specific presentations which you feel would be valuable to the SwiNOG community. Please be aware that your presentation will be published on the SwiNOG website after the event. We can publish modified slides if requested - it might be that some confidential data will be presented by you which are not intended for publication on the internet. Greetings, Simon SwiNOG Core Team General Information (SwiNOG Community) The Swiss Network Operators Group (SwiNOG) is an informal group of people who are concerned with engineering and operation of the Swiss Internet. SwiNOG exists to enhance the quality of Internet services available in Switzerland. It does this by fostering the free exchange of technical ideas and information between different companies and organisations. SwiNOG is a community for professionals who are operating, designing or researching the Internet. It provides a technical forum where those working on, with and for the Internet can come together to solve problems with every aspect of their (net)work. The meeting is designed to provide an opportunity for the exchange of information among network operators, engineers, researchers and other professionals close to the network community. More information about SwiNOG can be found at http://www.swinog.ch/, Facebook, Xing, Information about the meeting will be published at http://www.swinog.ch/meetings/swinog37/ General Information (SwiNOG Organisation) The SwiNOG Organisation Association is a non-profit association under article 60 and further of the swiss civil law. It manages the SwiNOG community ressources (domain, web, mailing-lists, etc..) and organises SwiNOG meetings. Contact: SwiNOG Organisation 8000 Zurich Switzerland

1 0

[FYI] Call for Presentations for the virtual European Peering Forum 2021
by Arnold Nipper 13 Jul '21

13 Jul '21

Dear all This is a call for Presentations for the virtual European Peering Forum 2021 AMS-IX, DE-CIX, LINX, Netnod are happy to host the virtual European Peering Forum (EPF) 2021 from the 20th - 22th September 2021. The event will welcome peering managers and coordinators from networks connected to the host Internet exchanges. Besides some interesting topical agenda, the three-day event accommodates room for attendees to meet virtually on a one-to-one basis to discuss bilateral peering business opportunities. The programme committee will be looking for presentations related to peering and technical topics of interconnection. Your presentation should address * Interconnection Automation * Regional Peering * Interconnection / Peering Internet Governance and Regulatory Topics * Economic and Product Trends * Peering / Interconnection strategies * Interesting findings about Peering / Interconnection * 400GE and beyond * Any other hot topic related to Interconnection / Peering Submissions =========== Presentations must be of a non-commercial nature. Product or marketing-heavy talks are strongly discouraged. Submissions of presentations should be made to the programme committee <epf-pc(a)peering-forum.eu>. Please include: * Author's name and e-mail address * Presentation title * Abstract * Slides (if available) * Time requested (max. 30 minutes incl. Q&A) Deadlines ========= Please send in your presentation asap. We decide on a first come first serve basis. The latest date for submission is July 30th. More information about the event and other activities around the virtual EPF 2021 may be found at * https://peering-forum.eu/ * https://www.facebook.com/groups/1586607564933665/ Cheers Arnold -- Keep calm, keep distance, keep connected! Arnold Nipper email: arnold(a)nipper.de mobile: +49 172 2650958

1 0

Swisscom (Emergency) Phone Outage Post-Mortem
by Tobias Brunner 12 Jul '21

12 Jul '21

Hi all, Does anyone see a chance to get hands on the post-mortem they (hopefully) write about the phone outage from last week? I'm very interested in technical details, as I always feel that from such stories we can all learn and improve. Cheers, Tobias

2 1

Geldspielgesetz: 404 COMLOT renamed to GESPA? (or did they get hacked!?)
by Jeroen Massar 07 Jul '21

07 Jul '21

Hi Folks, Is there an official announcement that I missed? Seems that blocklist.gespa.ch is the new place, and that all of comlot.ch now points to gespa.ch, but filenames have been renamed too. (see previous brokeness email in the mailarchive for old details). Considering neither is under admin.ch, cannot really say it is an official website either. Anybody got an official update about this, or did they just break the system again? Cannot find any duckduckgoogle references either. Why did Swiss Voters vote for this broken system if it is not working anyway? (it is not, because otherwise it is a perfect list to find your casinos that are 'illegal' or something).... All those poor* casino users that now have access to a bunch of unlicensed casinos... what a sad day again. Greets, Jeroen * = as the house always wins ----- $ wget -v https://blacklist.comlot.ch/blacklist.comlot.ch.pub --2021-06-03 08:21:02-- https://blacklist.comlot.ch/blacklist.comlot.ch.pub Resolving blacklist.comlot.ch (blacklist.comlot.ch)... 194.187.88.5 Connecting to blacklist.comlot.ch (blacklist.comlot.ch)|194.187.88.5|:443... connected. HTTP request sent, awaiting response... 301 Moved Permanently Location: https://blocklist.gespa.ch//blacklist.comlot.ch.pub [following] --2021-06-03 08:21:03-- https://blocklist.gespa.ch//blacklist.comlot.ch.pub Resolving blocklist.gespa.ch (blocklist.gespa.ch)... 194.187.88.5 Connecting to blocklist.gespa.ch (blocklist.gespa.ch)|194.187.88.5|:443... connected. HTTP request sent, awaiting response... 404 Not Found 2021-06-03 08:21:05 ERROR 404: Not Found. ----- It seems the "official specification" (comlot.ch redirects is gone): https://www.gespa.ch/download/pictures/9a/e78461lvxuzcv82c505b1kpckd58pf/sp… still have blocklist.comlot.ch in it. Except for the URL itself, Google also finds nothing about this: https://www.google.com/search?hl=en&q=%22blacklist.gespa.ch%22 $ dig +short comlot.ch 194.187.88.3 $ dig +short comlot.ch aaaa <none> $ dig +short comlot.ch mx 10 mx.cmsbox.com. $ dig +short comlot.ch ns ns3.netstyle.ch. ns1.netstyle.ch. ns2.netstyle.ch. $ dig +short gespa.ch a 194.187.88.3 $ dig +short gespa.ch aaaa 2a00:c38:2:9f62::2:3 dig +short comlot.ch mx 10 mx.cmsbox.com. $ dig +short gespa.ch ns ns3.netstyle.ch. ns2.netstyle.ch. ns1.netstyle.ch. I also gotta love the generic wildcard Let's Encrypt cert, though comlot.ch did that too https://crt.sh/?q=gespa.ch https://crt.sh/?q=comlot.ch Looks like a rather generic hoster. Maybe the whole domain got hacked?

2 2

Cloudflare DMCA Takedown requests - but content not present under mentioned IP
by Benoit Panizzon 06 Jul '21

06 Jul '21

Dear List I am a bit puzzled by repeated Cloudflare Takedown Requests regarding the domain: lord-film.cash we are getting. lord-film.cash has address 172.67.181.230 lord-film.cash has address 104.21.32.5 lord-film.cash has IPv6 address 2606:4700:3035::6815:2005 lord-film.cash has IPv6 address 2606:4700:3032::ac43:b5e6 According to Cloudflare, the content is hosted at an IP address under our control, on a Webserver on Port 80. I told them some time ago, there is no Webserver running under the IP address they mention. They replied, they could verify the IP with: curl -v -H "Host: lord-film.cash" [IPADDRESS]/ Still, every time I try, I don't get a connection. No wonder, that is a NAT router with Firewall. So I wonder, if either the user of that IP Address has cleverly set up a firewall which blocks all requests not via Cloudflare proxies, or if this domain uses some kind of P2P Protocol and the IP of that user is just one of 'many' which is only reachable, when some P2P tool is running and opening a UPNP Port. When I try to access the site itself: http://lord-film.cash/ I get 'access denied' from Cloudflare. Do others get similar takedown notices? Maybe even for that same domain? Mit freundlichen Grüssen -Benoît Panizzon- -- I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________

5 5

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

swinog July 2021