UBNT Security was Re: Cloudflare 18.104.22.168 public DNS broken w/ AT&T CPE
nanog at ics-il.net
Mon Apr 2 21:23:31 UTC 2018
I believe at one point UBNT did block outside management access, but then their customers voiced to bring it back.
That said, I think they're taking security more seriously going forward.
Intelligent Computing Solutions
----- Original Message -----
From: "Brielle Bruns" <bruns at 2mbit.com>
To: nanog at nanog.org
Sent: Monday, April 2, 2018 4:20:38 PM
Subject: Re: Cloudflare 22.214.171.124 public DNS broken w/ AT&T CPE
On 4/2/2018 9:35 AM, Simon Lockhart wrote:
> This looks like a willy-waving exercise by Cloudflare coming up with the lowest
> quad-digit IP. They must have known that this would cause routing issues, and
> now suddenly it's our responsibility to make significant changes to live
> infrastructures just so they can continue to look clever with the IP address.
I don't see how this is Cloudflare's fault really? Its the
responsibility of network maintainers to... well, lets be blunt here,
maintain their network.
If part of maintaining their network involves updating bogon
routes/filters, then that's part of maintaining the network that can't
This is like the WISPs blaming Ubiquiti for their failure to update
their CPEs and PtP devices for a security flaw that Ubnt released fix
for more then a year before (and for not properly securing the
management interfaces of their network devices).
Or even better, the morons who blocked all of 126.96.36.199/8 even though a
good portion of that block is live public IP space. I actually felt
really bad for AOL having been assigned IP blocks from that space, since
it had to have created customer complaints at times.
There's only one person to blame here, and it's not the RIRs or Cloudflare.
The Summit Open Source Development Group
http://www.sosdg.org / http://www.ahbl.org
More information about the NANOG