swinog

swinog@lists.swinog.ch

3 participants
2927 discussions

experiencing DDOS via a drupal GET request
by maj＠mbuf.net 21 Jan '21

21 Jan '21

Hello, this is to share with you that I am experiencing a ddos attack for a webserver I manage. It is a Drupal/PHP/Nginx platform that is flooded with GET requests such as: GET /es/search?f%5B0%5D=language%3Aes&f%5B1%5D=regions%3A4490&f%5B2%5D=regions%3A4511&f%5B3%5D=regions%3A4538&f%5B4%5D=regions%3A4556&f%5B5%5D=regions%3A4567&f%5B6%5D=regions%3A4593&f%5B7%5D=regions%3A4601&f%5B8%5D=regions%3A4603&f%5B9%5D=regions%3A4620&f%5B10%5D=regions%3A4631&f%5B11%5D=regions%3A4674&f%5B12%5D=type_of_content%3A4697&f%5B13%5D=type_of_content%3A4710&f%5B14%5D=type_of_content%3A4857&f%5B15%5D=type_of_content%3A4862&f%5B16%5D=type_of_content%3A4943&f%5B17%5D=type_of_content%3A6249&f%5B18%5D=type_of_content%3A6423&f%5B19%5D=wcc_programmes%3A4882&f%5B20%5D=wcc_programmes%3A4893 It targets the search module which does not cache the data and means resource impact. This involves more than 12'000 individual ip addresses, spread over CN, IN, KO, MX, and US. A list of the subnet part involved can be found here[0]. (list is of course gorwing over time, attack is not over and spread of hosts continue) I plan to further investigate the networks involved, how likely they are cloud nodes or infected hosts for instance. I am on the AS3303/Swisscom BTW. Is anyone experiencing such traffic? This is not huge in terms of bw, but scaled adequately to eat servers cpu resources. Regards. [0] https://www.mbuf.net/files/f/ebbc54f52b564824bf5e/ -- |_|0|_| Julien MABILLARD - Matrix: @jma:matrix.mbuf.net - XMPP: jma(a)tls.mbuf.net |_|_|0| OpenPGP fingerprint: 1E47 513E 8B00 8BC5 E874 23E4 54A4 32FB 260A 2D41 |0|0|0| ssb: @O7yM/4Y0Jcp1uZToeis2AKApyOvb8ZHkoXuAh0wPcAM=.ed25519

1 0

Anyone from AS9009 / GlobalAXS / m247 Zurich NOC?
by Benoît Panizzon 04 Jan '21

04 Jan '21

Happy new Year. If anyone from AS9009 Zurich NOC reads this list. Please contact me off list about a more serious incident involving some of your IP Addresses. -- Mit freundlichen Grüssen -Benoît Panizzon- @ HomeOffice und normal erreichbar -- I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________

1 0

.ch zone file is open data now
by Michael Hausding 04 Jan '21

04 Jan '21

Dear list Happy new Year! We want to let you know that the the .ch zone file, containing all delegated .ch domain names, is publicly available for download. Access is limited by Article 10(1)(a)(6) of the Ordinance on Internet Domains for combating cybercrime, scientific and social research or for other purposes in the public interest. Details, on how to access the file are available here: https://swit.ch/zonedata, and I also wrote a blogpost https://securityblog.switch.ch/2020/11/18/dot_ch_zone_is_open_data/. If you have any feedback or do anything interesting with the data, please share. Michael ------------------------------------ Michael Hausding, Competence Lead DNS & Domain Abuse SWITCH-CERT Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland phone +41 44 268 15 77, incident phone +41 44 268 15 40 michael.hausding(a)switch.ch http://securityblog.switch.ch

1 0

Spam from 'Rocketmails.ch'
by Benoît Panizzon 28 Dec '20

28 Dec '20

Dear List Today we received several delisting request for URI's and IP Addresses somehow associated with Newsletters sent by 'Rocketmails.ch'. The listings were caused during the last 14 days or so by multiple customers reporting those emails as spam and claiming not having subscribed, nor being a customer of the advertising company. And I guess I can figure out why... Quote: "Sie erhalten dieses Mailing, weil Sie sich bei unseren Aktionsseiten oder der unserer Werbepartner mit der Email-Adresse XXXX eingetragen haben." There is no mention of WHAT partner or WHAT website they allegedly subscribed. So that could also explain that they don't know the company whose products are advertised via Rocketmails. So for the recipient this is just spam. Anyone else seeing these and knowing more about how the transfer of such personal data happens between those partner and what kind of partners those are? So far no spamtrap hits, so this does not look like harvested addresses. -- Mit freundlichen Grüssen -Benoît Panizzon- @ HomeOffice und normal erreichbar -- I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________

10 23

Swiss4net : any experiences with this company ?
by Félix Curinga 20 Nov '20

20 Nov '20

Hi all, If someone is close to a city or a provider having experiences with Swiss4Net , can you please contact me directly. Thanks --félix -- Félix Curinga

1 0

Fwd: [PDB Announce] PeeringDB Satisfaction Survey
by Arnold Nipper 17 Nov '20

17 Nov '20

Guten Abend zusammen, wer mit Interconnection - sei es Colo, IXP oder Netzbetreiber - zu tun hat, dem ist PeeringDB ein Begriff und die gehört zum Toolset. Bitte lasst uns daher eure Meinung wissen. --- Buona sera a tutti, Chiunque si occupi di interconnessione, sia esso Colo, IXP o operatore di rete, conosce PeeringDB ed è parte del set di strumenti. Quindi per favore fateci sapere cosa ne pensate. --- Bonsoir à tous, Quiconque s'occupe de l'interconnexion - que ce soit Colo, IXP ou opérateur de réseau - connaît PeeringDB et fait partie de l'ensemble d'outils. Alors faites-nous savoir ce que vous en pensez. --- Good evening everyone, Anyone who deals with interconnection - be it Colo, IXP or network operator - is familiar with PeeringDB and it is part of your toolset. So please let us know what you think. Gruß Arnold -------- Weitergeleitete Nachricht -------- Betreff: [PDB Announce] PeeringDB Satisfaction Survey Datum: Mon, 2 Nov 2020 07:55:40 -0800 Von: Leo Vegoda <leo(a)peeringdb.com> An: pdb-announce(a)lists.peeringdb.com We want input from network operators, exchange operators, facility providers, content distributors and anyone who uses our interconnection database. This year we are running an anonymous satisfaction survey in addition to the usual feedback gathering we employ. The survey will be available here: https://surveyhero.com/c/f7be5236 until 23:59 UTC on 20 November 2020. We would like your feedback to help us make PeeringDB more useful to everyone involved in connecting networks.This survey will help us understand what is important to you and how satisfied you are with what we are doing. We will use your responses to focus our product roadmap on the improvements that will make things better for you. If you have specific comments or suggestions, we’d love you to leave them along with your ratings. This is the first survey we are making available in multiple languages. In this survey we are using the six UN languages for the questions. That said, we’re happy with people providing free text comments in another whichever language they are happiest expressing themselves. We’ll share the results and the new product roadmap early in 2021. Leo Vegoda on behalf of PeeringDB ProductCom _______________________________________________ Pdb-announce mailing list Pdb-announce(a)lists.peeringdb.com https://lists.peeringdb.com/cgi-bin/mailman/listinfo/pdb-announce -- Keep calm, keep distance, keep connected! Arnold Nipper email: arnold(a)nipper.de mobile: +49 172 2650958

1 0

Fwd: [uknof] PeeringDB Satisfaction Survey
by Massimiliano Stucchi 17 Nov '20

17 Nov '20

-------- Forwarded Message -------- Subject: [uknof] PeeringDB Satisfaction Survey Date: Mon, 2 Nov 2020 10:29:01 -0800 From: Leo Vegoda <leo(a)vegoda.org> To: uknof(a)lists.uknof.org.uk PeeringDB is a non-profit, freely available, user-maintained, database of networks, and the go-to location for interconnection data. The database facilitates the global interconnection of networks at Internet Exchange Points (IXPs), data centers, and other interconnection facilities, and is the first stop in making interconnection decisions. We want input from network operators, exchange operators, facility providers, content distributors and anyone who uses our interconnection database. This year we are running an anonymous satisfaction survey in addition to the usual feedback gathering we employ. The survey will be available here: https://surveyhero.com/c/f7be5236 until 23:59 UTC on 20 November 2020. We would like your feedback to help us make PeeringDB more useful to everyone involved in connecting networks.This survey will help us understand what is important to you and how satisfied you are with what we are doing. We will use your responses to focus our product roadmap on the improvements that will make things better for you. If you have specific comments or suggestions, we’d love you to leave them along with your ratings. This is the first survey we are making available in multiple languages. In this survey we are using the six UN languages for the questions. That said, we’re happy with people providing free text comments in another whichever language they are happiest expressing themselves. We’ll share the results and the new product roadmap early in 2021. Leo Vegoda on behalf of PeeringDB ProductCom

1 0

Fwd: [ncc-announce] [news] LIR Account closure? Notify us by 1 December
by Massimiliano Stucchi 16 Nov '20

16 Nov '20

If you have an LIR account you would like to close before the end of the year, pay attention to this email. -------- Forwarded Message -------- Subject: [ncc-announce] [news] LIR Account closure? Notify us by 1 December Date: Mon, 16 Nov 2020 13:38:00 +0100 (CET) From: henriette(a)ripe.net To: ncc-announce(a)ripe.net Dear RIPE NCC members, We would like to inform you that a request to close an LIR account or any request that will result in the closure of an LIR account should be submitted in full before 1 December 2020. This includes closures that result from policy transfers and changes in business structures. Any requests submitted after this date mean that you could be invoiced for 2021. The request should contain all the requested information and documents in order for the RIPE NCC to process it before the end of the year. An overview of the required documents can be found at: https://www.ripe.net/manage-ips-and-asns/resource-transfers-and-mergers/req… For requests resulting in the closure of an LIR account that are submitted later than 1 December 2020, or requests that are incomplete, we can not guarantee that the LIR account will be closed before 31 December 2020. Invoices for 2021 will be issued for LIR accounts still open on 1 January 2021. Best Regards, Henriette van Ingen Registry Services Assistant Manager RIPE NCC

1 0

Cloudflare 'relaying' complaints and take down notices to the hosting ISP instead of handling them.
by Benoît Panizzon 12 Nov '20

12 Nov '20

Hi Community A website (no imprint, domain registered via anonymous proxy), which allegedly breaks some copyright laws, is proxied by CloudFlare. CloudFlare got a DMCA take-down notice from an attorney and replied to the attorney, that the site in question is hosted at AS6772, ImproWare AG, but did not tell the attorney the IP Address (nor the customer which could have been looked up via RIPE). Cloudflare also contacted us and told the IP Address. I contacted the customer in question. He states he has nothing to do with that website (I might be tempted to doubt this statement, it could be a customer of the customer who is involved...). But I cannot verify: I have no access to the logs of our customer's Server. I have no access to the proxy logs @ Cloudflare. The attorney is now getting a bit impatient and considers filing a legal complaint against us to have us 'solve the issue'. So I contact Cloudflare as they must have a customer who ordered said proxy service with them and probably pays for it. Cloudflare could handle the issue themself, directly at the source, knowing the paying 'culpit'. I quickly got the reply, that they are not responsible for content hosted by their customer, therefore they relay complaints to the ISP in charge of the IP address in question. That is a bit weird.... isn't it? -- Mit freundlichen Grüssen -Benoît Panizzon- @ HomeOffice und normal erreichbar -- I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________

2 1

Übersetzer für PeeringDB gesucht // SwiNOG
by Arnold Nipper 05 Nov '20

05 Nov '20

[ German only for obvious reasons ] Hallo SwiNOG community seit einiger Zeit gibt es PeeringDB [0] nicht nur in Englisch, sondern in zwölf weiteren Sprachen; unter anderem Deutsch (de_de). Da PeeringDB ständig erweitert wird, sind auch laufend neue Übersetzungen im kleineren Umfang notwendig. Hast du Lust, an der Übersetzung mitzumachen? Ja? * du hast einen PeeringDB-Account [1] * registriere dich auf der Übersetzerliste [2] * melde dich bei dem Übersetzungstool [3] an * fülle dein Profil aus [4] * starte mit der Übersetzung [5] Wenn Du Fragen hast, komm gerne auf mich zu. Viele Grüße Arnold [0] https://peeringdb.com/ [1] https://peeringdb.com/register [2] http://lists.peeringdb.com/cgi-bin/mailman/listinfo/pdb-translate [3] https://translate.peeringdb.com/accounts/login/?next=/ [4] https://translate.peeringdb.com/accounts/profile/ [5] https://translate.peeringdb.com/languages/de/peeringdb/ -- Keep calm, keep distance, keep connected! Arnold Nipper email: arnold(a)nipper.de mobile: +49 172 2650958

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

swinog