swinog April 2010

swinog@lists.swinog.ch

32 participants
22 discussions

Cablecom SMTP
by Q-X GmbH - Pascal Wagenhofer 26 Apr '10

26 Apr '10

Hello Could someone from Cablecom-MTA Team contact me offlist, pls? Thank you and kind regards Pascal Wagenhofer Head of Technical Services Q-X GmbH Schmittestrasse 5 Postfach 61 CH-8606 Nänikon / Switzerland Phone 0840 11 11 10 (International +41 840 11 11 10) (Lokaltarif) Fax 0840 22 22 20 (International +41 840 22 22 20) (Lokaltarif) www.Q-X.ch <http://www.q-x.ch/>

1 0

Internet-Community Meeting @ Tweakfest, April 24, Zurich
by Norbert Bollow 17 Apr '10

17 Apr '10

(Für deutschen Text siehe unten.) ---> Internet-Community Meeting <--- at Tweakfest 2010 ( http://www.tweakfest.ch/ ) When? Saturday 24.4.2010, 14.00-16.00 Where? Alte Börse in Zurich (Bleicherweg 5), Gallerie http://alteboerse.com/lageplan.15.html (Die Gallery is in the Club in the fourth floor, and can be reached via the spiral stairs on the left. We will put up signs to help you find the Meeting.) Why, and what's the goal? The Federal Institute … [View More]of Intellectual Property ( http://ige.ch/ ) organizes in May a meeting called "Urheberrechtsgespräch" (rough translation: "conversation about copyright matters"). They have invited various interest groups to nominate representatives for this event. The "Internet-Community" is one of the interest groups that have been invited. As per the invitation, the associations Digitale Allmend ( http://allmend.ch ) and /ch/open ( http://ch-open.ch ) have designated representatives who shall represent the Internet Community at that event. In order to achieve an authentic representation of the Internet Community, it is of course important that before the event, there should be a discussion involving as many diverse members of the Internet Community as possible, so that our representatives will be able to represent not only their own perspective, but as far as possible the concerns and interests of the Internet Community as a whole. This year, the topic of collection societies and their supervision will be one focus area of the "Urheberrechtsgespräch", but there will also be a session for addressing other topics. We really should give our representatives an authentic first-hand impression of how we see things. For example, we could formulate a position statement on ACTA, the so-called "Anti-Counterfeiting Trade Agreement", in which the negotiators want to include a chapter about the Internet. Are you coming? Please register for the meeting by email to: siug(a)siug.ch If you cannot come to the meeting, you are welcome to email suggestions to siug(a)siug.ch and we'll discuss them at the meeting. Responsible for the Internet-Community Meeting: Swiss Internet User Group (SIUG), an Initiative of /ch/open http://siug.ch/ With best regards in the name of SIUG Norbert Bollow --snip--------------------------------------------------------------- ---> Internet-Community Meeting <--- am Tweakfest 2010 ( http://www.tweakfest.ch/de/ ) Wann? Samstag 24.4.2010, 14.00-16.00 Wo? Alte Börse in Zürich (Bleicherweg 5, Zürich), Gallerie http://alteboerse.com/lageplan.15.html (Die Gallerie ist oben im vierten Stock im Club über die kleine Wendeltreppe links zu erreichen. Wir werden das Treffen vor Ort signalisieren.) Warum und wozu? Das Eidgenössische Institut für Geistiges Eigentum ( http://ige.ch/ ) veranstaltet im Mai ein "Urheberrechtsgespräch", zu dem Vertreter der verschiedenen Interessengruppen eingeladen werden. Auch die "Internet-Community" ist eine der dazu eingeladenen Interessengruppen. Entsprechend der Einladung haben die Vereine Digitale Allmend ( http://allmend.ch ) und /ch/open ( http://ch-open.ch ) Vertreter bestimmt, die die Internet-Community dort vertreten sollen. Um eine möglichst authentische Vertretung der Internet-Community zu erreichen, ist natürlich wichtig, dass zuvor eine möglichst breit abgestützte Diskussion unter Mitgliedern der "Internet-Community" stattfinden sollte, damit unsere Vertreter nicht nur ihre eigene Perspektive, sondern möglichst die Sorgen und Interessen der Internet-Community insgesamt vertreten können. Vom IGE her ist vorgesehen, dass es beim "Urheberrechtsgespräch" in einem ersten Teil um den Themenbereich "kollektive Verwertung und Aufsicht" (mit "Aufsicht" ist Aufsicht über die Tätigkeit der Verwertungsgesellschaften gemeint) und dann in einem zweiten Teil um ein grösseres Themenspektrum gehen soll. Wir sollten unseren Vertretern unbedingt von der Community her aus erster Hand einen starken Eindruck mitgeben, wie wir die Dinge sehen. Zum Beispiel bietet es sich an, eine Position im Hinblick auf ACTA zu formulieren, das sogenannte "Anti-Counterfeiting Trade Agreement", das ein Kapitel über das Internet enthalten soll. Kommst Du auch? Bitte Anmeldung per Email an: siug(a)siug.ch Wer nicht zu dem Meeting kommen kann, kann gerne Anregungen in schriftlicher Form an siug(a)siug.ch senden, diese werden dann am Meeting diskutiert. Verantworlich für das Internet-Community Meeting: Swiss Internet User Group (SIUG), eine Initiative von /ch/open http://siug.ch/ Mit herzlichen Grüssen im Namen der SIUG Norbert Bollow [View Less]

1 0

Root Zone DNSSEC Deployment Technical Status Update
by Joe Abley 14 Apr '10

14 Apr '10

This is the fourth of a series of technical status updates intended to inform a technical audience on progress in signing the root zone of the DNS. RESOURCES Details of the project, including documentation published to date, can be found at http://www.root-dnssec.org/. We'd like to hear from you. If you have feedback for us, please send it to rootsign(a)icann.org. DOCUMENTATION The following draft document was recently published: - Resolver Testing with a DURZ - TCR - Proposed … [View More]Approach to Root Key Management ICANN has begun the process of formally soliciting expressions of interest for volunteers from the technical community to act as Trusted Community Representatives. These volunteers will witness cryptographic key ceremonies and also carry out various important roles relating to KSK key management. For more information, see: http://www.icann.org/en/announcements/announcement-12apr10-en.htm Expressions of interest can be submitted here: http://www.root-dnssec.org/tcr/ DEPLOYMENT STATUS KSR exchanges continue between production platforms at VeriSign and ICANN. Build-out of KSK Key Ceremony facilities at ICANN continues, and both facilities (east- and west-coast USA) are expected to be ready on schedule. The incremental deployment of DNSSEC in the Root Zone is being carried out first by serving a Deliberately Unvalidatable Root Zone (DURZ), and subsequently by a conventionally signed root zone. Discussion of the approach can be found in the document "DNSSEC Deployment for the Root Zone", as well as in the technical presentations delivered at RIPE, NANOG, IETF and ICANN meetings. Twelve of the thirteen root servers have now made the transition to the DURZ. No harmful effects have been identified. Some early analysis of packet captures from many root servers surrounding each event was recently presented at the IETF meeting in Anaheim, CA, USA and can be found with other presentation materials at <http://www.root-dnssec.org/presentations/>. PLANNED DEPLOYMENT SCHEDULE Already completed: 2010-01-27: L starts to serve DURZ 2010-02-10: A starts to serve DURZ 2010-03-03: M, I start to serve DURZ 2010-03-24: D, K, E start to serve DURZ 2010-04-14: B, H, C, G, F start to serve DURZ To come: 2010-05-05: J starts to serve DURZ 2010-07-01: Distribution of validatable, production, signed root zone; publication of root zone trust anchor (Please note that this schedule is tentative and subject to change based on testing results or other unforeseen factors.) A more detailed DURZ transition timetable with maintenance windows can be found in the document "DNSSEC Deployment for the Root Zone", the most recent draft of which can be found on the project web page at <http://www.root-dnssec.org/>. [View Less]

1 0

Port 25 Blockade @ Swisscom (Bluewin)
by Steven.Glogger＠swisscom.com 14 Apr '10

14 Apr '10

Hi everyone To officially talk about the "mail problems on port 25 with swisscom dsl" I would like to give you some (technical) information. We had several needs to stop spam from our network: - We're receiving about 30'000-100'000 abuse complaints per month (contains multiple reports per case) - Mail filtering on our infrastructure (our mail servers) are only catching 20% of all spam sent from swisscom dsl - 80% is sent directly from the customer lines. (source: http://www.maawg.org/port25) -… [View More] About 60% to over 90% of all mails sent over residential customer lines are identified as spam. This is more than 10 millions spam emails per day (~375 terabytes per year) The impacts are clear: - Spam generates a quite high amount of cost within Swisscom (money, personal, time, storage, data, etc.) - Our reputation is getting bad - We might get listed on blacklists (-> impact on legimite traffic) - Customers are getting blocked (e.g. in sandbox) and are not happy therefore (most of the customers are not realizing, that they are sending spam, because they are virus-/trojan-infected) So, what we did and what are we doing? We currently ran a pilot. The productive rollout which will affect all customers will start this week and will take around 2 months until all customers are migrated. Only (ex-)bluewin customers with dynamic adsl-lines will be affected. Swisscom has published an official statement on http://www.swisscom.ch/p25 and modifies the error-message sent to the customer which will be more clearer. The pilot showed very clearly that this countermeasure is very effectful in stopping outgoing spam. Going to the technical part: We're running a transparent proxy on port 25 (smtp) which gets communication from any customer to any port 25 (Layer 4 redirect feature). The proxy is analyzing the email and if it detects that spam has been sent he will reject the connection by issuing an error message to the customer (the mailclient will notice: smtp-error). If the mail is a normal and legitimate email -> no problem: mail will be sent. We will even insert a "received-from:" line in the header. If a bot/trojan is trying to send emails, the customer will not notice. There are no mails beeing stored on the filter server. All decisions are made on-the-fly. Customers, which are virus-affected are handled by the standard abuse process which we have in place (inform, quarantine in a sandbox, etc.). The option for layer 4 redirect is activated via radius - so it can be turned off on request and the customer just has to reconnect. For dynamic customers the option will be activated by default. Customers are asked to authenticate their smtp session and use the mail submission port 587 (not filtered). So, will this affect non-smtp traffic on port 25? Unfortunately, yes. This traffic will be lost. If the customer has a need to use port 25 for other purposes than email he can request turning of the redirecting feature. If a customer usses SSL via port 25 does it work? No, it will be dropped. Customers are kindly requested to use port 465 instead. If a customer uses smtp auth via port 25, will this work? He will receive a smtp error like "sorry, smtp auth not possible. use 587" (error 573). Will we start to block completely port 25 in the future? No, absolutely not. So, I hope things are now getting clearer ,-) Greetings -steven Steven Glogger ___________________________________________________________________________ Cisco CCIE#23778 Network Engineer Telefon +41 44 294 58 41 Mobile +41 79 277 92 35 Fax +41 86 079 277 92 35 steven.glogger(a)swisscom.com ___________________________________________________________________________ Swisscom (Schweiz) AG Network & IT Network Engineering & Operations Binzring 17 CH-8045 Zürich www.swisscom.com [View Less]

11 14

Trusted Community Representatives
by Joe Abley 13 Apr '10

13 Apr '10

Colleagues, ICANN and VeriSign, with the support of the US Department of Commerce, continue to work towards DNSSEC deployment in the root zone of the DNS. ICANN is looking for Trusted Community Representatives (TCRs) to help us carry out various technical security operations. An announcement can be found here: <http://www.icann.org/en/announcements/announcement-12apr10-en.htm> You can submit an expression of interest here: <http://www.root-dnssec.org/tcr/> DNSSEC key ceremonies … [View More]

1 0

SWISSLOS-NET not reachable
by Erich Hohermuth 12 Apr '10

12 Apr '10

Dear AS6730-MNT, Currently SWISSLOS-NET (www.swisslos.ch) is not globally reachable cause of a missing RPLS route object. Even the DE-CIX looking glass has no entry (1). inetnum: 91.213.227.0 - 91.213.227.255 netname: SWISSLOS-NET descr: Swisslos Interkantonale Landeslotterie country: CH org: ORG-SIL15-RIPE admin-c: MT8036-RIPE tech-c: MT8036-RIPE status: ASSIGNED PI mnt-by: RIPE-NCC-END-MNT mnt-lower: RIPE-NCC-END-MNT … [View More]

2 1

Gmail
by Andreas Weiler - Kabelfernsehen Boedeli AG 12 Apr '10

12 Apr '10

Can a Gmail (google) techie contact me offlist please? I got a question about the Sunrise spam protection. Thank you, Andreas

1 0

outage
by Florian Forster 07 Apr '10

07 Apr '10

Did anyone heard about a current outage @ telehouse in zuerich?

2 2

SwiNOG-BE84 - Beer Event 84 - 12th of April 2010 @ Mama Africa
by Steven Glogger 07 Apr '10

07 Apr '10

hi everybody here's the announcement for the next beer event. the facts for the next event: ----------------------------- Date: 12th of April 2010 Time: starting around 18.30 o'clock Location: @ the "Mama Africa" nearby Cinema Abaton http://www.mamaafrica.ch Registration deadline: 10.04.2010 15:00:00 (Saturday) ------------- Please register here: http://swinog.mrmouse.ch/ since we have to make reservations, i need to know who's coming and who not. If you cannot attend and you're … [View More]

1 0

Do you want to save a legacy Cisco 5505? Last call.
by Gregory Agerba 07 Apr '10

07 Apr '10

Dear List, I am getting rid of a (dinosaur) Cisco switch gear. It is a Cisco 5505 chassis and features the following top-notch, future-proof duly recognized forefront technologies parts: 2 x Power supply WS-C5008B 1 x Supervisor Engine II MMF 4 x 10/100 WS-X5234-RJ45 The box is just about to fossilize in the dust under my desk. Now seriously, this switch will start-up and work. I have no clue what version of IOS it is running. I bet about a ~ 5 years old. The box is quite in a good shape (no … [View More]

1 1

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

swinog April 2010