Hey all
A friend just told me that Cybernet told him there is a Switzerlandwide Internet Problem.
Does anybody know something?
Cheers
Michele
--------
Online Consulting AG, Michele Capobianco, System Administrator, Weststrasse 38, CH-9500 Wil
Phone +41 (0)71 913 31 31, Fax +41 (0)71 913 31 32
http://www.online.ch, michele.capobianco(a)online.ch<mailto:michele.capobianco@online.ch>
--------
Hi all,
I am starting a small project with a student of the Technical School in
Lausanne ETML-ES (for his diplom work), it will end up as a mobile kit
for remote staging.
I would like to collect some experience from you folks, will be kept
100% anonymous.
If you agree, can you drop me an email directly and answer these questions:
- do you have Out-of-Band console management for your network equipment ?
- if no : how do you manage your network equipment ?
- if yes: which product (brand/model) ?
- if yes: which interfaces on the equipment side ? (RJ45, USB, etc..)
Thanks in advance.
For the people providing answers: I will send you the survey result
without company or people's names.
Best regards
--félix
--
Félix Curinga
+41 79 446 38 11
Hello,
I am only using SPF, DKIM and DMARC information to up points in my
spamassassin (there are too many badly configured SPF sites around, and
they most of the time are not DNSSEC-secured). In general, SPF/DMARC
alone is not enough to mark as spam in my opinion.
However, someone reported the following issue with Sunrise: apparently they are
lacking at least ONE of their webmail SMTP senders in their SPF records:
195.141.178.228 for example.
dplanet.ch descriptive text "v=spf1 mx include:spf.sunrise.ch -all"
spf.sunrise.ch descriptive text "v=spf1 ip4:195.141.178.100 ip4:195.141.178.101 ip4:195.141.178.220 ip4:195.141.178.221 ip4:195.141.178.223 ip4:195.141.178.229 ip4:195.141.178.94 ip4:195.141.178.95 ip4:195.141.178.96 ip4:195.141.178.71 ip4:195.141.178.199 ip4:195.141.178.74 195.141.178."
It especially may break dplanet.ch senders as their DMARC policy is quarantine
(sunrise's is none). Gmail was for example reporting random problems depending
on the sunrise sender (webmail) SMTP IP address:
ARC-Authentication-Results: i=1; mx.google.com;
spf=pass (google.com: domain of innocent-buddy(a)dplanet.ch designates
195.141.178.229 as permitted sender)
smtp.mailfrom=innocent-buddy(a)dplanet.ch;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE)
header.from=dplanet.ch
ARC-Authentication-Results: i=1; mx.google.com;
spf=fail (google.com: domain of innocent-buddy(a)dplanet.ch does not
designate 195.141.178.228 as permitted sender)
smtp.mailfrom=innocent-buddy(a)dplanet.ch;
dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=QUARANTINE)
header.from=dplanet.ch
Sunrise end-user support did not seem to notice yet, so if someone around
here has better / direct contact, it would be handy.
Have a nice week-end anyway.
Dear all
We are selling a bunch of juniper hardware. Hardware is all in good
condition, clean and was used until recently. Rackmount ears/rails are
included.
2x MX80 each with
- 2x AC Power Supplies
- 1x MIC-3D-20GE-SFP
2x SRX1400BASE-XGE-AC each with
- 1x SRX1400BASE-XGE-AC
- 2x Power Supplies (SRX1K-PWR-AC)
- 1x Routing Engine (SRX1K-RE-12-10)
- 1x I/O Card (SRX1K-SYSIO-XGE)
- 1x Blank (SRX3K-BLANK)
5x EX4200-48T each with
- 2x AC Power Supplies
...4 of them are equipped with EX-UM-2X4SFP (4x 1G or 2x 10G)
...VC Cables
We also have a bunch of XFP/SFP+ SR gbic's and MM cables laying around.
Price: Feel free to make an offer (bid > 0 welcome :-)
If you are interested, please contact me offlist: mb(a)byteworks.ch
Best regards
Michael
*—*
*Michael Bischof*
—
Byteworks GmbH
Baarerstrasse 112, CH-6300 Zug
mb(a)byteworks.ch
*www.byteworks.ch <https://www.byteworks.ch/>*
Dear SwiNOG,
We (Init7) expect a >100Gbps ddos this Thursday or Friday. The attack will be directed against a transit customer of ours and will be the 2nd attack from this known group against this customer.
Please make sure you’re not a source and keep an eye on your graphs
Thanks!
Pascal
Dear SwiNOG community,
Please forward me to whomever you think should now about our community.
This is the official Call for Paper email. Please submit your proposal via https://www.swinog.ch/cfp/
The 37th meeting of the Swiss Network Operators Group (SwiNOG) will be held in Berne on top of the Gurten on Thursday December 2nd 2021.
Important Dates for https://www.swinog.ch/meetings/swinog37/:
23.07.2021 Call for Papers
01.10.2021 Registration opens
31.10.2021 Call for Papers closing
15.11.2021 Final publication of agenda
25.11.2021 Registration closes
26.11.2021 Deadline for all slides
02.12.2021 Meeting day
Topics for Presentations/Talks
Please re-submit your paper if you're still up with a topic which you have submitted during … yeah whatever you call this period…!
The number and length of presentations per session is not fixed, although we prefer the length of the presentations to be between 5 to 45 minutes. Here is a non-exhaustive list of typical SwiNOG meeting topics:
* Security, DDOS Mitigation,
* IPv6
* Open-Source tools and interesting Github projects
* International view of the internet (incidents, outages, measurements)
* Routing
* Peering
* Server applications (DNS, Web, etc.)
* Legal issues (BÜPF, etc.)
* Telecommunication politics (Net Neutrality, Incumbent monopoly, etc.)
* Off-Topic if you think the audience will enjoy
* Feel free to talk to us about any kind of topic and collaboration! Or you can always start a discussion on the list - I'm sure people join in. Or join our telegram group at https://t.me/SWINOG
Language of Slides and Talks
The whole day will be hold in English, therefore we kindly ask you to produce your presentation in English.
Submission Guidelines
All submissions must have a strong technical bias (or be completely off topic) and must not be promotional for your employer.
Please remember that your presentations should be suitable for a target audience of technicians from varied backgrounds, working for companies whose sizes may vary considerably.
To submit a proposal for a presentation, we request that you to fill in the form at https://www.swinog.ch/cfp/
We also welcome suggestions for specific presentations which you feel would be valuable to the SwiNOG community.
Please be aware that your presentation will be published on the SwiNOG website after the event. We can publish modified slides if requested - it might be that some confidential data will be presented by you which are not intended for publication on the internet.
Greetings,
Simon
SwiNOG Core Team
General Information (SwiNOG Community)
The Swiss Network Operators Group (SwiNOG) is an informal group of people who are concerned with engineering and operation of the Swiss Internet.
SwiNOG exists to enhance the quality of Internet services available in Switzerland. It does this by fostering the free exchange of technical ideas and information between different companies and organisations.
SwiNOG is a community for professionals who are operating, designing or researching the Internet. It provides a technical forum where those working on, with and for the Internet can come together to solve problems with every aspect of their (net)work.
The meeting is designed to provide an opportunity for the exchange of information among network operators, engineers, researchers and other professionals close to the network community.
More information about SwiNOG can be found at http://www.swinog.ch/, Facebook, Xing,
Information about the meeting will be published at http://www.swinog.ch/meetings/swinog37/
General Information (SwiNOG Organisation)
The SwiNOG Organisation Association is a non-profit association under article 60 and further of the swiss civil law. It manages the SwiNOG community ressources (domain, web, mailing-lists, etc..) and organises SwiNOG meetings.
Contact:
SwiNOG Organisation
8000 Zurich
Switzerland
Dear all
This is a call for Presentations for the virtual European Peering Forum 2021
AMS-IX, DE-CIX, LINX, Netnod are happy to host the virtual European
Peering Forum (EPF) 2021 from the 20th - 22th September 2021.
The event will welcome peering managers and coordinators from networks
connected to the host Internet exchanges.
Besides some interesting topical agenda, the three-day event
accommodates room for attendees to meet virtually on a one-to-one basis
to discuss bilateral peering business opportunities.
The programme committee will be looking for presentations related to
peering and technical topics of interconnection. Your presentation should
address
* Interconnection Automation
* Regional Peering
* Interconnection / Peering Internet Governance and Regulatory Topics
* Economic and Product Trends
* Peering / Interconnection strategies
* Interesting findings about Peering / Interconnection
* 400GE and beyond
* Any other hot topic related to Interconnection / Peering
Submissions
===========
Presentations must be of a non-commercial nature. Product or
marketing-heavy talks are strongly discouraged.
Submissions of presentations should be made to the programme
committee <epf-pc(a)peering-forum.eu>. Please include:
* Author's name and e-mail address
* Presentation title
* Abstract
* Slides (if available)
* Time requested (max. 30 minutes incl. Q&A)
Deadlines
=========
Please send in your presentation asap. We decide on a first come first
serve basis. The latest date for submission is July 30th.
More information about the event and other activities around the virtual
EPF 2021 may be found at
* https://peering-forum.eu/
* https://www.facebook.com/groups/1586607564933665/
Cheers
Arnold
--
Keep calm, keep distance, keep connected!
Arnold Nipper
email: arnold(a)nipper.de
mobile: +49 172 2650958
Hi all,
Does anyone see a chance to get hands on the post-mortem they
(hopefully) write about the phone outage from last week?
I'm very interested in technical details, as I always feel that from
such stories we can all learn and improve.
Cheers,
Tobias
Hi Folks,
Is there an official announcement that I missed?
Seems that blocklist.gespa.ch is the new place, and that all of
comlot.ch now points to gespa.ch, but filenames have been renamed too.
(see previous brokeness email in the mailarchive for old details).
Considering neither is under admin.ch, cannot really say it is an
official website either.
Anybody got an official update about this, or did they just break the
system again? Cannot find any duckduckgoogle references either.
Why did Swiss Voters vote for this broken system if it is not working
anyway? (it is not, because otherwise it is a perfect list to find your
casinos that are 'illegal' or something)....
All those poor* casino users that now have access to a bunch of
unlicensed casinos... what a sad day again.
Greets,
Jeroen
* = as the house always wins
-----
$ wget -v https://blacklist.comlot.ch/blacklist.comlot.ch.pub
--2021-06-03 08:21:02-- https://blacklist.comlot.ch/blacklist.comlot.ch.pub
Resolving blacklist.comlot.ch (blacklist.comlot.ch)... 194.187.88.5
Connecting to blacklist.comlot.ch
(blacklist.comlot.ch)|194.187.88.5|:443... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://blocklist.gespa.ch//blacklist.comlot.ch.pub [following]
--2021-06-03 08:21:03-- https://blocklist.gespa.ch//blacklist.comlot.ch.pub
Resolving blocklist.gespa.ch (blocklist.gespa.ch)... 194.187.88.5
Connecting to blocklist.gespa.ch
(blocklist.gespa.ch)|194.187.88.5|:443... connected.
HTTP request sent, awaiting response... 404 Not Found
2021-06-03 08:21:05 ERROR 404: Not Found.
-----
It seems the "official specification" (comlot.ch redirects is gone):
https://www.gespa.ch/download/pictures/9a/e78461lvxuzcv82c505b1kpckd58pf/sp…
still have blocklist.comlot.ch in it.
Except for the URL itself, Google also finds nothing about this:
https://www.google.com/search?hl=en&q=%22blacklist.gespa.ch%22
$ dig +short comlot.ch
194.187.88.3
$ dig +short comlot.ch aaaa
<none>
$ dig +short comlot.ch mx
10 mx.cmsbox.com.
$ dig +short comlot.ch ns
ns3.netstyle.ch.
ns1.netstyle.ch.
ns2.netstyle.ch.
$ dig +short gespa.ch a
194.187.88.3
$ dig +short gespa.ch aaaa
2a00:c38:2:9f62::2:3
dig +short comlot.ch mx
10 mx.cmsbox.com.
$ dig +short gespa.ch ns
ns3.netstyle.ch.
ns2.netstyle.ch.
ns1.netstyle.ch.
I also gotta love the generic wildcard Let's Encrypt cert, though
comlot.ch did that too
https://crt.sh/?q=gespa.chhttps://crt.sh/?q=comlot.ch
Looks like a rather generic hoster. Maybe the whole domain got hacked?
Dear List
I am a bit puzzled by repeated Cloudflare Takedown Requests regarding
the domain: lord-film.cash we are getting.
lord-film.cash has address 172.67.181.230
lord-film.cash has address 104.21.32.5
lord-film.cash has IPv6 address 2606:4700:3035::6815:2005
lord-film.cash has IPv6 address 2606:4700:3032::ac43:b5e6
According to Cloudflare, the content is hosted at an IP address under
our control, on a Webserver on Port 80.
I told them some time ago, there is no Webserver running under the IP
address they mention.
They replied, they could verify the IP with:
curl -v -H "Host: lord-film.cash" [IPADDRESS]/
Still, every time I try, I don't get a connection. No wonder, that is a
NAT router with Firewall.
So I wonder, if either the user of that IP Address has cleverly set up a
firewall which blocks all requests not via Cloudflare proxies, or if
this domain uses some kind of P2P Protocol and the IP of that user
is just one of 'many' which is only reachable, when some P2P tool is
running and opening a UPNP Port.
When I try to access the site itself: http://lord-film.cash/ I get
'access denied' from Cloudflare.
Do others get similar takedown notices? Maybe even for that same domain?
Mit freundlichen Grüssen
-Benoît Panizzon-
--
I m p r o W a r e A G - Leiter Commerce Kunden
______________________________________________________
Zurlindenstrasse 29 Tel +41 61 826 93 00
CH-4133 Pratteln Fax +41 61 826 93 01
Schweiz Web http://www.imp.ch
______________________________________________________