<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle20
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">Former employer was in Expedient’s DC. You can honestly do better than Expedient. Look into the Power Redundancy, Cooling Efficiency of the building, if the site is a purpose built DC (Expedient in Cleveland is not). Is Cloud Connect for
backups important? Have you identified your requirements? If you need a starting point look at the following: Data Center Certification (from the Uptime Institute), Distance, Compliance (if needed), Level of Controlled Access, Power SLA, N+1 Cooling, Multi-Homed
ISPs, Uptime %, Monitoring, NOC, Purpose Built DC.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Involta has a really good data center in Independence, Akron, and a very impressive site near Pittsburgh. They would give you the option of having Hot/Hot datacenters with their connectivity. I’m not sure if you have to be in Cleveland
or Cincinnati, but Cyxtera has an AMAZING data center in Columbus. (The DC can withstand winds up 140 MPH, is on the Century Link backbone, and has a solid rubber roof with no holes or cooling systems on the roof.)<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal"><span style="color:black">Thank you,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:12.0pt;color:black">David Kehoe</span></b><span style="color:#1F497D"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> NANOG <nanog-bounces@nanog.org> <b>On Behalf Of
</b>nanog-request@nanog.org<br>
<b>Sent:</b> Friday, January 4, 2019 7:00 AM<br>
<b>To:</b> nanog@nanog.org<br>
<b>Subject:</b> NANOG Digest, Vol 132, Issue 4<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Send NANOG mailing list submissions to<br>
<a href="mailto:nanog@nanog.org">nanog@nanog.org</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a href="https://mailman.nanog.org/mailman/listinfo/nanog">https://mailman.nanog.org/mailman/listinfo/nanog</a><br>
or, via email, send a message with subject or body 'help' to<br>
<a href="mailto:nanog-request@nanog.org">nanog-request@nanog.org</a><br>
<br>
You can reach the person managing the list at<br>
<a href="mailto:nanog-owner@nanog.org">nanog-owner@nanog.org</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of NANOG digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. Re: Cleveland/Cincinnati Co-location<br>
(Allen McKinley Kitchen (gmail))<br>
2. Re: Service Provider NetFlow Collectors (Aaron)<br>
3. Re: Cleveland/Cincinnati Co-location (Shawn Ritchie)<br>
4. Re: Announcing Peering-LAN prefixes to customers (Andy Davidson)<br>
5. Report on Legal Barriers to RPKI Adoption (Christopher S. Yoo)<br>
6. <a href="http://192.208.19.0/24">
192.208.19.0/24</a> hijack transiting 209, 286, 3320, 5511, 6461,<br>
6762, 6830, 8220, 9002, 12956 (Dominik Bay)<br>
7. Re: <a href="http://192.208.19.0/24">
192.208.19.0/24</a> hijack transiting 209, 286, 3320, 5511,<br>
6461, 6762, 6830, 8220, 9002, 12956 (Jeff Shultz)<br>
8. Astronaut accidently calls 911 from space (Sean Donelan)<br>
9. Re: Cellular backup connections (Dovid Bender)<br>
10. Re: <a href="http://192.208.19.0/24">
192.208.19.0/24</a> hijack transiting 209, 286, 3320, 5511,<br>
6461, 6762, 6830, 8220, 9002, 12956 (Job Snijders)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Thu, 3 Jan 2019 10:50:45 -0500<br>
From: "Allen McKinley Kitchen (gmail)"<br>
<<a href="mailto:allenmckinleykitchen@gmail.com">allenmckinleykitchen@gmail.com</a>><br>
To: "Justin M. Streiner" <<a href="mailto:streinerj@gmail.com">streinerj@gmail.com</a>><br>
Cc: NANOG <<a href="mailto:nanog@nanog.org">nanog@nanog.org</a>><br>
Subject: Re: Cleveland/Cincinnati Co-location<br>
Message-ID: <<a href="mailto:91679AF9-E310-463C-B427-630F69C02222@gmail.com">91679AF9-E310-463C-B427-630F69C02222@gmail.com</a>><br>
Content-Type: text/plain; charset=us-ascii<br>
<br>
+1 for Expedient. Not a current customer but a VERY satisfied former customer. (Decision to leave them was a foul case of penny-pincher mismanagement, above my pay grade and over my objections.)<br>
<br>
..Allen<br>
<br>
> On Jan 3, 2019, at 01:00, Justin M. Streiner <<a href="mailto:streinerj@gmail.com">streinerj@gmail.com</a>> wrote:<br>
> <br>
>> On Tue, 1 Jan 2019, Mitchell Lewis wrote:<br>
>> <br>
>> I am working on project that may involve building points of presence in Cleveland & Cincinnati. Any suggestions as to which colocation facility in each city to build in? The prime factor of consideration for this project is access to waves to places like
Chicago, New York & Ashburn. It would be nice to have multiple wave provider options to choose from.<br>
>> <br>
>> I have been looking at Cyrus One-7thStreet in Cincinnati & Databank in Cleveland.<br>
> <br>
> Expedient has two facilities in Cleveland that might be worth looking at.<br>
> <br>
> Thank you<br>
> jms<br>
<br>
<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Thu, 3 Jan 2019 10:40:44 +0900<br>
From: Aaron <<a href="mailto:aaron_ppus@fmad.com">aaron_ppus@fmad.com</a>><br>
To: "Michel 'ic' Luczak" <<a href="mailto:lists@benappy.com">lists@benappy.com</a>><br>
Cc: Erik Sundberg <<a href="mailto:ESundberg@nitelusa.com">ESundberg@nitelusa.com</a>>, "<a href="mailto:nanog@nanog.org">nanog@nanog.org</a>"<br>
<<a href="mailto:nanog@nanog.org">nanog@nanog.org</a>><br>
Subject: Re: Service Provider NetFlow Collectors<br>
Message-ID:<br>
<<a href="mailto:CABq4n+TREPexPGWJJRdgRJZSuLBhVpO9pEd5mxz+Vn7p122FaQ@mail.gmail.com">CABq4n+TREPexPGWJJRdgRJZSuLBhVpO9pEd5mxz+Vn7p122FaQ@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
Throwing my hat in the ring also (vendor from fmadio)<br>
<a href="https://github.com/fmadio/pcap2json">https://github.com/fmadio/pcap2json</a><br>
<br>
Not exactly a newflow collector, its pcap -> flowgen -> elk on a single<br>
box, working very well so far, still work in progress.<br>
<br>
Problem with logstash is its too slow for high flow rates. So we did<br>
everything inside the flow generator for direct ELK bulk uploads removing<br>
logstash completely.<br>
<br>
Cheers<br>
Aaron<br>
<br>
On Mon, 31 Dec 2018 at 18:40, Michel 'ic' Luczak <<a href="mailto:lists@benappy.com">lists@benappy.com</a>> wrote:<br>
<br>
> Don’t underestimate good old ELK<br>
> <a href="https://www.elastic.co/guide/en/logstash/current/netflow-module.html">
https://www.elastic.co/guide/en/logstash/current/netflow-module.html</a><br>
> + <a href="https://github.com/robcowart/elastiflow">
https://github.com/robcowart/elastiflow</a><br>
><br>
> BR, ic<br>
><br>
> On 31 Dec 2018, at 04:29, Erik Sundberg <<a href="mailto:ESundberg@nitelusa.com">ESundberg@nitelusa.com</a>> wrote:<br>
><br>
> Hi Nanog….<br>
><br>
> We are looking at replacing our Netflow collector. I am wonder what other<br>
> service providers are using to collect netflow data off their Core and Edge<br>
> Routers. Pros/Cons… What to watch out for any info would help.<br>
><br>
> We are mainly looking to analyze the netflow data. Bonus if it does ddos<br>
> detection and mitigation.<br>
><br>
> We are looking at<br>
> ManageEngine Netflow Analyzer<br>
> PRTG<br>
> Plixer – Scrutinizer<br>
> PeakFlow<br>
> Kentik<br>
> Solarwinds NTA<br>
><br>
><br>
> Thanks in advance…<br>
><br>
> Erik<br>
><br>
><br>
> ------------------------------<br>
><br>
> CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files<br>
> or previous e-mail messages attached to it may contain confidential<br>
> information that is legally privileged. If you are not the intended<br>
> recipient, or a person responsible for delivering it to the intended<br>
> recipient, you are hereby notified that any disclosure, copying,<br>
> distribution or use of any of the information contained in or attached to<br>
> this transmission is STRICTLY PROHIBITED. If you have received this<br>
> transmission in error please notify the sender immediately by replying to<br>
> this e-mail. You must destroy the original transmission and its attachments<br>
> without reading or saving in any manner. Thank you.<br>
><br>
><br>
><br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="http://mailman.nanog.org/pipermail/nanog/attachments/20190103/2975478b/attachment-0001.html">http://mailman.nanog.org/pipermail/nanog/attachments/20190103/2975478b/attachment-0001.html</a>><br>
<br>
------------------------------<br>
<br>
Message: 3<br>
Date: Thu, 3 Jan 2019 11:21:32 -0600<br>
From: Shawn Ritchie <<a href="mailto:me@shawnritchie.com">me@shawnritchie.com</a>><br>
To: "Allen McKinley Kitchen (gmail)" <<a href="mailto:allenmckinleykitchen@gmail.com">allenmckinleykitchen@gmail.com</a>><br>
Cc: "Justin M. Streiner" <<a href="mailto:streinerj@gmail.com">streinerj@gmail.com</a>>, NANOG<br>
<<a href="mailto:nanog@nanog.org">nanog@nanog.org</a>><br>
Subject: Re: Cleveland/Cincinnati Co-location<br>
Message-ID: <<a href="mailto:19433FF4-0E0C-4D7A-9CF2-CF385AE0AAB1@fastmail.fm">19433FF4-0E0C-4D7A-9CF2-CF385AE0AAB1@fastmail.fm</a>><br>
Content-Type: text/plain; charset=utf-8<br>
<br>
On Jan 3, 2019, at 9:50 AM, Allen McKinley Kitchen (gmail) <<a href="mailto:allenmckinleykitchen@gmail.com">allenmckinleykitchen@gmail.com</a>> wrote:<br>
> <br>
> +1 for Expedient. Not a current customer but a VERY satisfied former customer. (Decision to leave them was a foul case of penny-pincher mismanagement, above my pay grade and over my objections.)<br>
> <br>
> ..Allen<br>
> <br>
>> On Jan 3, 2019, at 01:00, Justin M. Streiner <<a href="mailto:streinerj@gmail.com">streinerj@gmail.com</a>> wrote:<br>
>> <br>
>>> On Tue, 1 Jan 2019, Mitchell Lewis wrote:<br>
>>> <br>
>>> I am working on project that may involve building points of presence in Cleveland & Cincinnati. Any suggestions as to which colocation facility in each city to build in? The prime factor of consideration for this project is access to waves to places like
Chicago, New York & Ashburn. It would be nice to have multiple wave provider options to choose from.<br>
>>> <br>
>>> I have been looking at Cyrus One-7thStreet in Cincinnati & Databank in Cleveland.<br>
>> <br>
>> Expedient has two facilities in Cleveland that might be worth looking at.<br>
>> <br>
>> Thank you<br>
>> jms<br>
<br>
I’m in Expedient’s Cleveland DC and will second that they’re decent.<br>
<br>
—<br>
Shawn<br>
<br>
------------------------------<br>
<br>
Message: 4<br>
Date: Thu, 3 Jan 2019 20:08:46 +0000<br>
From: Andy Davidson <<a href="mailto:andy@nosignal.org">andy@nosignal.org</a>><br>
To: Dominic Schallert <<a href="mailto:ds@schallert.com">ds@schallert.com</a>><br>
Cc: "<a href="mailto:nanog@nanog.org">nanog@nanog.org</a>" <<a href="mailto:nanog@nanog.org">nanog@nanog.org</a>><br>
Subject: Re: Announcing Peering-LAN prefixes to customers<br>
Message-ID: <<a href="mailto:34E9593E-5004-4A01-BAFC-E56CA6520433@nosignal.org">34E9593E-5004-4A01-BAFC-E56CA6520433@nosignal.org</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
Hi, Dominic --<br>
<br>
On 20/12/2018, 17:49, Dominic Schallert <<a href="mailto:ds@schallert.com">ds@schallert.com</a>> wrote:<br>
<br>
> this might be a stupid question but today I was discussing with a colleague if<br>
> Peering-LAN prefixes should be re-distributed/announced to direct customers/peers.<br>
> My standpoint is that in any case, Peering-LAN prefixes should be filtered and not<br>
> announced to peers/customers because a Peering-LAN represents some sort of<br>
> DMZ and there is simply no need for them to be reachable by third-parties not being<br>
> physically connected to an IXP themselves.<br>
<br>
There are no stupid questions! It is a good idea to not BGP announce and perhaps also to drop traffic toward peering LAN prefixes at customer-borders, this was already well discussed in the thread. But there wasn’t a discussion on how we got to this point.
Until the Cloudflare 2013 BGP speaker attack, that sought to flood Cloudflare’s transfer networks and exchange connectivity (and with it saturating IXP inter-switch links and IXP participant ports), it was common for IXP IPv4/6 peering LANs to be internet
reachable and BGP transited. <br>
<br>
This facilitated troubleshooting (e.g. traceroutes showing peering lan interfaces in traceroutes instead of ‘starring out’) and PMTUD (e.g. see recommendation in
<a href="https://www.ripe.net/ripe/mail/archives/ipv6-wg/2011-July/001839.html">
https://www.ripe.net/ripe/mail/archives/ipv6-wg/2011-July/001839.html</a> which actually asked for IXP peering LANs to be announced).<br>
<br>
There are good reasons to announce but there are better reasons to filter. The security benefits of filtering outweigh the upsides on today’s internet, but fashions and best practice may further evolve over time.
<br>
<br>
Andy<br>
<br>
<br>
-- <br>
Andy Davidson<br>
Director, Asteroid International BV <a href="http://www.asteroidhq.com">
www.asteroidhq.com</a><br>
Director, Euro-IX - The European Internet Exchange Association <a href="http://www.euro-ix.net">
www.euro-ix.net</a><br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 5<br>
Date: Thu, 3 Jan 2019 20:51:56 +0000<br>
From: "Christopher S. Yoo" <<a href="mailto:csyoo@law.upenn.edu">csyoo@law.upenn.edu</a>><br>
To: "<a href="mailto:nanog@nanog.org">nanog@nanog.org</a>" <<a href="mailto:nanog@nanog.org">nanog@nanog.org</a>><br>
Cc: David Wishnick <<a href="mailto:dwishn@law.upenn.edu">dwishn@law.upenn.edu</a>><br>
Subject: Report on Legal Barriers to RPKI Adoption<br>
Message-ID:<br>
<<a href="mailto:BYAPR01MB4936273F035E0BE12EB3DCD8FD8D0@BYAPR01MB4936.prod.exchangelabs.com">BYAPR01MB4936273F035E0BE12EB3DCD8FD8D0@BYAPR01MB4936.prod.exchangelabs.com</a>><br>
<br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
As many of you know, the prospects for widespread RPKI adoption grew more promising in 2018. Cloudflare issued route origin authorizations ("ROAs") to cover 25% of its prefixes, including its
<a href="http://1.1.1.1">
1.1.1.1</a> resolver and DNS servers. NTT began treating RPKI ROAs as if they were IRR route(6)-objects. Google announced its intention to begin filtering routes in early 2019. The Mutually Agreed Norms for Routing Security now has over 100 network operators
signed on.<br>
<br>
Still, as 2019 begins, many worry that legal issues are hindering RPKI adoption. This is especially true for North American networks, which have a comparatively low percentage of IPv4 space covered by ROAs, and whose ROAs are comparatively underutilized by
parties using RPKI-based route origin validation ("ROV") to inform their routing decisions.<br>
<br>
My coauthor (David Wishnick) and I have spent the past year delving into the legal issues surrounding RPKI. Today, we are publicizing our report on how the network operator community should address these issues. It is available here<<a href="https://ssrn.com/abstract=3308619">https://ssrn.com/abstract=3308619</a>>.
If you are interested in the future of routing security, we encourage you to read it (or its Executive Summary). We've tried to keep the legalese to a minimum.<br>
<br>
RPKI was a major topic of discussion at NANOG 74 and ARIN 42 in Vancouver. Going forward, we expect to continue a fruitful dialogue about how the network operator community can reduce the legal barriers to RPKI adoption.<br>
<br>
Here is a summary of our recommendations:<br>
<br>
On the ROV side of the equation, the principal legal hindrances have to do with the terms and conditions governing access to the RPKI repository offered by ARIN in its Relying Party Agreement ("RPA"), and in the manner it has employed to ensure the agreement
is binding. Regarding ROV:<br>
<br>
1. The goal of widespread ROV counsels in favor of ARIN reviewing its current approach to repository distribution, embodied in the RPA. We conclude that two paths would be reasonable. First, ARIN should consider dropping the RPA altogether. This would remove
the most significant legal barriers to widespread utilization of the ARIN RPKI repository. Second, because the legal risks faced by ARIN in an RPA-free world are ultimately uncertain, it would also be reasonable for ARIN to maintain the RPA for the purposes
of contractually allocating risks to the parties best positioned to reduce and mitigate them. If ARIN keeps the RPA, ARIN should consider removing the RPA's indemnification clause, instead relying solely on the RPA's disclaimers of warranties and limitations
of liability, or at least reducing the indemnification clause's scope to eliminate the problem of moral hazard.<br>
<br>
2. Developers of RPKI validation software should consider integrating acceptance of ARIN's RPA into their software workflows. ARIN recently enabled this possibility, and developers should deliberate on whether to capitalize on the opportunity.<br>
<br>
3. The network operator community and ARIN should broadly publicize ARIN's policy of revising various RPA clauses for government entities that are prohibited from agreeing to them.<br>
<br>
4. In addition to the important step ARIN has already taken to enable third-party software developers to integrate RPA acceptance into their software workflows, ARIN should consider reducing the barriers to third-party service development imposed by the RPA's
prohibited conduct clause. Specifically, ARIN should consider methods for allowing approved developers to make use of RPKI information as an input into more sophisticated services.<br>
<br>
5. Separately, ARIN should consider revising the prohibited conduct clause to allow broader distribution of information created with RPKI as an input for research and analysis purposes.<br>
<br>
6. As a general alternative, the Internet community should consider whether to develop a separate corporate entity that would be responsible for operational aspects of RPKI repository provision. That corporation could conduct such activities for the North American
region, or on a worldwide basis.<br>
<br>
Regarding the ROA-issuance side of the equation, the principal legal obstacles stem from the terms and conditions found in ARIN's Registration Services Agreement ("RSA"), Legacy Registration Services Agreement ("LRSA"), and RPKI Terms of Service. Regarding
these, the report recommends the following:<br>
<br>
1. ARIN should consider adopting a pathway to provide RPKI services that would explicitly refrain from altering the existing balance of property and transferability rights associated with IP address allocations.<br>
<br>
2. The network operator community and ARIN should broadly publicize ARIN's policy of revising certain RSA/LRSA and RPKI Terms of Service clauses for government entities that are prohibited from agreeing to them. ARIN should also begin presenting the RPKI Terms
of Service to newly-onboarded members alongside their RSA/LRSA, so that organizations spend less time dealing with legal issues overall.<br>
<br>
Separately, the report recommends that the network operator community consider whether to encourage companies and the federal government to include RPKI adoption in procurement best practices or requirements.<br>
<br>
In tandem with recommendations designed to encourage adoption, the report also makes two recommendations concerning operational readiness for widespread RPKI deployment. Specifically:<br>
<br>
1. To reduce any legal risks associated with RPKI, the network operator community should focus on adopting operational best practices. No system is 100% reliable across all contingencies; as a result, operators should prepare for outages and other headaches.
RPKI implementations should be resilient in the face of such contingencies.<br>
<br>
2. The five RIRs should work to ensure readiness for widespread RPKI adoption and strive to publicize deeper details on their service-level intentions to the Internet community.<br>
<br>
This research is supported by NSF Award No. 1748362. The contents of the report represent our independent views, not those of the NSF. Any mistakes, of course, are also ours alone.<br>
<br>
<br>
Christopher S. Yoo<br>
John H. Chestnut Professor of Law, Communication, and Computer & Information Science<br>
Founding Director, Center for Technology, Innovation and Competition<br>
University of Pennsylvania Law School<br>
3501 Sansom St.<br>
Philadelphia, PA 19104-6204<br>
(215) 746-8772 (o)<br>
(215) 573-2025 (f)<br>
<a href="mailto:csyoo@law.upenn.edu%3cmailto:csyoo@law.upenn.edu">csyoo@law.upenn.edu<mailto:csyoo@law.upenn.edu</a>><br>
<a href="http://www.law.upenn.edu/faculty/csyoo/">http://www.law.upenn.edu/faculty/csyoo/</a><br>
<br>
For more information on the Center for Technology, Innovation and Competition, see
<a href="https://www.law.upenn.edu/institutes/ctic/">
https://www.law.upenn.edu/institutes/ctic/</a>.<br>
<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="http://mailman.nanog.org/pipermail/nanog/attachments/20190103/82ae6154/attachment-0001.html">http://mailman.nanog.org/pipermail/nanog/attachments/20190103/82ae6154/attachment-0001.html</a>><br>
<br>
------------------------------<br>
<br>
Message: 6<br>
Date: Thu, 3 Jan 2019 22:01:56 +0000<br>
From: Dominik Bay <<a href="mailto:db@rrbone.net">db@rrbone.net</a>><br>
To: "<a href="mailto:nanog@nanog.org">nanog@nanog.org</a>" <<a href="mailto:nanog@nanog.org">nanog@nanog.org</a>><br>
Subject: <a href="http://192.208.19.0/24">
192.208.19.0/24</a> hijack transiting 209, 286, 3320, 5511, 6461,<br>
6762, 6830, 8220, 9002, 12956<br>
Message-ID: <<a href="mailto:4E73CA49-E9B1-4F26-9986-D64DE9E0DB06@rrbone.net">4E73CA49-E9B1-4F26-9986-D64DE9E0DB06@rrbone.net</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
I see the follwowing ASN transiting a leak concerning <a href="http://192.208.19.0/24">
192.208.19.0/24</a> originated by 4812<br>
<br>
209<br>
286<br>
3320<br>
5400<br>
5511<br>
6327<br>
6461<br>
6762<br>
6830<br>
8218<br>
8220<br>
8447<br>
8551<br>
9002<br>
12956<br>
<br>
The proper source is 32982 (Department of Energy).<br>
More details to be found here: <a href="https://bgpstream.com/event/171779">
https://bgpstream.com/event/171779</a><br>
And here: <a href="http://lg.ring.nlnog.net/prefix_detail/lg01/ipv4?q=192.208.19.0">
http://lg.ring.nlnog.net/prefix_detail/lg01/ipv4?q=192.208.19.0</a><br>
<br>
Cheers,<br>
Dominik<br>
<br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 7<br>
Date: Thu, 3 Jan 2019 14:37:28 -0800<br>
From: Jeff Shultz <<a href="mailto:jeffshultz@sctcweb.com">jeffshultz@sctcweb.com</a>><br>
To: Dominik Bay <<a href="mailto:db@rrbone.net">db@rrbone.net</a>><br>
Cc: "<a href="mailto:nanog@nanog.org">nanog@nanog.org</a>" <<a href="mailto:nanog@nanog.org">nanog@nanog.org</a>><br>
Subject: Re: <a href="http://192.208.19.0/24">
192.208.19.0/24</a> hijack transiting 209, 286, 3320, 5511,<br>
6461, 6762, 6830, 8220, 9002, 12956<br>
Message-ID:<br>
<<a href="mailto:CAGb3Bgf60fye4W5HwLXqwvv3K06sVJmBA6HNzJywsTRjVZumXg@mail.gmail.com">CAGb3Bgf60fye4W5HwLXqwvv3K06sVJmBA6HNzJywsTRjVZumXg@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="UTF-8"<br>
<br>
China Telecom originating a network that belongs to the agency that<br>
controls all things nuclear in the US... nothing suspicious there.<br>
<br>
On Thu, Jan 3, 2019 at 2:03 PM Dominik Bay <<a href="mailto:db@rrbone.net">db@rrbone.net</a>> wrote:<br>
><br>
> I see the follwowing ASN transiting a leak concerning <a href="http://192.208.19.0/24">
192.208.19.0/24</a> originated by 4812<br>
><br>
> 209<br>
> 286<br>
> 3320<br>
> 5400<br>
> 5511<br>
> 6327<br>
> 6461<br>
> 6762<br>
> 6830<br>
> 8218<br>
> 8220<br>
> 8447<br>
> 8551<br>
> 9002<br>
> 12956<br>
><br>
> The proper source is 32982 (Department of Energy).<br>
> More details to be found here: <a href="https://bgpstream.com/event/171779">
https://bgpstream.com/event/171779</a><br>
> And here: <a href="http://lg.ring.nlnog.net/prefix_detail/lg01/ipv4?q=192.208.19.0">
http://lg.ring.nlnog.net/prefix_detail/lg01/ipv4?q=192.208.19.0</a><br>
><br>
> Cheers,<br>
> Dominik<br>
><br>
><br>
<br>
<br>
-- <br>
Jeff Shultz<br>
<br>
-- <br>
Like us on Social Media for News, Promotions, and other information!!<br>
<br>
<br>
<<a href="https://www.facebook.com/SCTCWEB/">https://www.facebook.com/SCTCWEB/</a>>
<br>
<<a href="https://www.instagram.com/sctc_503/">https://www.instagram.com/sctc_503/</a>>
<br>
<<a href="https://www.yelp.com/biz/sctc-stayton-3">https://www.yelp.com/biz/sctc-stayton-3</a>>
<br>
<<a href="https://www.youtube.com/c/sctcvideos">https://www.youtube.com/c/sctcvideos</a>><br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
_**** This message <br>
contains confidential information and is intended only for the individual <br>
named. If you are not the named addressee you should not disseminate, <br>
distribute or copy this e-mail. Please notify the sender immediately by <br>
e-mail if you have received this e-mail by mistake and delete this e-mail <br>
from your system. E-mail transmission cannot be guaranteed to be secure or <br>
error-free as information could be intercepted, corrupted, lost, destroyed, <br>
arrive late or incomplete, or contain viruses. The sender therefore does <br>
not accept liability for any errors or omissions in the contents of this <br>
message, which arise as a result of e-mail transmission. ****_<br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 8<br>
Date: Thu, 3 Jan 2019 17:45:00 -0500 (EST)<br>
From: Sean Donelan <<a href="mailto:sean@donelan.com">sean@donelan.com</a>><br>
To: <a href="mailto:nanog@nanog.org">nanog@nanog.org</a><br>
Subject: Astronaut accidently calls 911 from space<br>
Message-ID:<br>
<<a href="mailto:nycvar.OFS.7.76.4444.1901031742280.94156@cnex.qbaryna.pbz">nycvar.OFS.7.76.4444.1901031742280.94156@cnex.qbaryna.pbz</a>><br>
Content-Type: text/plain; format=flowed; charset=US-ASCII<br>
<br>
<br>
I was disappointed that it was just a misdial. I was looking forward to <br>
how IP geolocation worked with 9-1-1 calls from space. I always wondered <br>
how that altitude parameter in 911 packets was used. :-)<br>
<br>
<br>
<a href="https://www.newsweek.com/astronaut-accidentally-calls-911-space-1276892">https://www.newsweek.com/astronaut-accidentally-calls-911-space-1276892</a><br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 9<br>
Date: Thu, 3 Jan 2019 18:46:08 -0500<br>
From: Dovid Bender <<a href="mailto:dovid@telecurve.com">dovid@telecurve.com</a>><br>
To: Mark Milhollan <<a href="mailto:mlm@pixelgate.net">mlm@pixelgate.net</a>><br>
Cc: NANOG <<a href="mailto:nanog@nanog.org">nanog@nanog.org</a>><br>
Subject: Re: Cellular backup connections<br>
Message-ID:<br>
<<a href="mailto:CAM3TTh0mNx4apFpZFTXEzW4=HUM4OQND65gW3f5V2=jtdGpVyw@mail.gmail.com">CAM3TTh0mNx4apFpZFTXEzW4=HUM4OQND65gW3f5V2=jtdGpVyw@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
All,<br>
<br>
Thanks for all of the feedback. I was on site today and noticed two things.<br>
1) As someone mentioned it could be for static IP's they have the traffic<br>
going to a specific location. The POP is in NJ there was a min. latency of<br>
120ms which prob had to do with this.<br>
2) I was watching the ping times and it looked something like this:<br>
400ms<br>
360ms<br>
330ms<br>
300ms<br>
260ms<br>
210ms<br>
170ms<br>
140ms<br>
120ms<br>
400ms<br>
375ms<br>
<br>
It seems to have been coming in "waves". I assume this has to do with "how<br>
cellular work" and the signal. I tried moving it around by putting it down<br>
low on the floor, moving it locations etc. and saw the same thing every<br>
time. I am going to try Verizon next and see how it goes.<br>
<br>
<br>
<br>
On Sat, Dec 29, 2018 at 12:13 PM Mark Milhollan <<a href="mailto:mlm@pixelgate.net">mlm@pixelgate.net</a>> wrote:<br>
<br>
> On Fri, 28 Dec 2018, Dovid Bender wrote:<br>
><br>
> >I finally got around to setting up a cellular backup device in our new<br>
> POP.<br>
><br>
> >When SSH'ing in remotely the connection seems rather slow.<br>
><br>
> Perhaps using MOSH can help make the interactive CLI session less<br>
> annoying.<br>
><br>
> >Verizon they charge $500.00 just to get a public IP and I want to avoid<br>
> >that if possible.<br>
><br>
> You might look into have it call out / maintain a connection back to<br>
> your infrastructure.<br>
><br>
><br>
> /mark<br>
><br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="http://mailman.nanog.org/pipermail/nanog/attachments/20190103/b4c3f157/attachment-0001.html">http://mailman.nanog.org/pipermail/nanog/attachments/20190103/b4c3f157/attachment-0001.html</a>><br>
<br>
------------------------------<br>
<br>
Message: 10<br>
Date: Fri, 4 Jan 2019 11:21:32 +0300<br>
From: Job Snijders <<a href="mailto:job@ntt.net">job@ntt.net</a>><br>
To: Dominik Bay <<a href="mailto:db@rrbone.net">db@rrbone.net</a>><br>
Cc: "<a href="mailto:nanog@nanog.org">nanog@nanog.org</a>" <<a href="mailto:nanog@nanog.org">nanog@nanog.org</a>><br>
Subject: Re: <a href="http://192.208.19.0/24">
192.208.19.0/24</a> hijack transiting 209, 286, 3320, 5511,<br>
6461, 6762, 6830, 8220, 9002, 12956<br>
Message-ID:<br>
<<a href="mailto:CACWOCC8DRPSWCvsa6n-Yyf0LwR=81APcL+HAvgOF9GHwvYhvuA@mail.gmail.com">CACWOCC8DRPSWCvsa6n-Yyf0LwR=81APcL+HAvgOF9GHwvYhvuA@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
Dear all,<br>
<br>
NTT / AS 2914 deployed explicit filters to block this BGP announcement from<br>
AS 4134. I recommend other operators to do the same.<br>
<br>
I’d also like to recommend AS 32982 to remove the AS_PATH prepend on the<br>
/24 announcement so the counter measure is more effective.<br>
<br>
Kind regards,<br>
<br>
Job<br>
<br>
On Fri, Jan 4, 2019 at 1:02 Dominik Bay <<a href="mailto:db@rrbone.net">db@rrbone.net</a>> wrote:<br>
<br>
> I see the follwowing ASN transiting a leak concerning <a href="http://192.208.19.0/24">
192.208.19.0/24</a><br>
> originated by 4812<br>
><br>
> 209<br>
> 286<br>
> 3320<br>
> 5400<br>
> 5511<br>
> 6327<br>
> 6461<br>
> 6762<br>
> 6830<br>
> 8218<br>
> 8220<br>
> 8447<br>
> 8551<br>
> 9002<br>
> 12956<br>
><br>
> The proper source is 32982 (Department of Energy).<br>
> More details to be found here: <a href="https://bgpstream.com/event/171779">
https://bgpstream.com/event/171779</a><br>
> And here: <a href="http://lg.ring.nlnog.net/prefix_detail/lg01/ipv4?q=192.208.19.0">
http://lg.ring.nlnog.net/prefix_detail/lg01/ipv4?q=192.208.19.0</a><br>
><br>
> Cheers,<br>
> Dominik<br>
><br>
><br>
><br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="http://mailman.nanog.org/pipermail/nanog/attachments/20190104/0c84b757/attachment-0001.html">http://mailman.nanog.org/pipermail/nanog/attachments/20190104/0c84b757/attachment-0001.html</a>><br>
<br>
End of NANOG Digest, Vol 132, Issue 4<br>
*************************************<o:p></o:p></p>
</div>
</body>
</html>