Hi all
I might be slightly off-topic here, because it's not a network issue,
but it might be of interest to some of you anyway and maybe you've had
customers which were affected as well.
I don't know if this ploy is new, but after having two customers
affected within one week, I suspect it is.
The customer receives an e-mail with an invoice from his supplier, which
he trusts and has worked with in the past. Shortly after this e-mail he
receives another e-mail from the same sender and in the exact same
layout stating that the company has a new bank account and that this
account should be used.
The second e-mail is forged of course. We haven't beeen able to find out
where the original mail gets captured (most likely on the suppliers
client, because in one case, more than one customer of the supplier was
affected).
The fraudulent bank account was in UK in both cases, in one case the
amount was around CHF 6K, where the UK authorities did not get active,
in the second case it was a 6 digit amount... That case is still ongoing.
The fraudulent bank account was already closed again in both cases when
the customer realized that his transaction had gone to the wrong account
(usually after the supplier asked if the money had not been transferred
yet).
Have you had similar cases?
Regards,
Mike
--
Mike Kellenberger | Escapenet GmbH
www.escapenet.ch
+41 52 235 0700/04
Skype mikek70atwork
Since we see >1Tbps DDOS attacs in the wild, I suppose out-of-the-box
DDOS mitigation suppliers have lost this race. There is no operator in
Switzerland which can handle 1Tbps DDOS attacks.
When we saw DDOS against digitec.ch and others earlier this year, I was
a bit surprised that none of the so called "experts" proposed regional
BGP propagation as a remedy.
Given that e-commerce such as digitec.ch is assumingly making 99.9% of
the revenue within Switzerland, their prefix doesn't need to reachable
from all over the world. If the prefix of a Swiss e-commerce would be
reachable from Swiss broadband providers only, the DDOS is mitigated, as
the vast majority of the botnet is lacking a route to the targeted
victim IP address.
To achieve this I think we need a collaborative community effort setting
up a common procedure and define a BGP communitiy with the effect "do
not announce beyond Switzerland".
An e-commerce should be able to hit the button injecting this defined
BGP community when under attack (or permanently, of course).
I suppose to make this idea a success we need to have all major
operators in Switzerland on board (3303, 6730, 6830) and I suppose the
smaller operators will follow in their own interest to avoid blackholes.
Anyone? I think it's good if a somewhat "neutral body" with decent BGP
knowledge could take the lead for such a working group, maybe SWITCH or
SwissIX?
--
Fredy Kuenzler
---------------------
Fiber7. No Limits.
https://www.fiber7.ch
---------------------
Init7 (Switzerland) Ltd.
AS13030
St.-Georgen-Strasse 70
CH-8400 Winterthur
Skype: flyingpotato
Phone: +41 44 315 4400
Fax: +41 44 315 4401
Twitter: @init7 / @kuenzler
http://www.init7.net/
Hi community,
18 coming, cool!
Get yourself registered now: http://swinog.be/
Cheers, have a great weekend!
Emanuel
-----Original Message-----
From: Emanuel Kleindienst [mailto:emanuel.kleindienst@vshn.ch]
Sent: Freitag, 2. September 2016 14:30
To: swinog(a)lists.swinog.ch
Subject: Joined SwissIX - SwiNOG-BE159 - Beer Event 159 @ Erzbierschof Zurich, Monday, 2016-09-26
Dear SwissIXers & SwiNOGers,
JOINED SwiNOG & SwissIX Beering
Let's have some Beer & Food at Erzbierschof - an new location AGAIN!!!
Upcoming events for rest of 2016:
> SwiNOG-BE160: Mo, 24.10.16
> SwiNOG-BE161: Mo, 28.11.16
> SwiNOG-BE162: Mo, 12.12.16 (Christmas dinner)
Looking forward seeing you!
Emanuel, mobile +41 79 382 73 77, Email emanuel(a)vshn.ch
Details for the next event:
-----------------------------------------------
Event: Joined SwissIX - SwiNOG-BE159 - Beer Event 159
When? Monday, 26th September 2016 18:30
Where? Erzbierschof
Freischuetzgasse 10, 8004 Zurich
http://blackrider.erzbierschof.ch/
(GoogleMaps Link: http://https://goo.gl/maps/va7vLZkHngy)
Places available? 35
!! Please sign up if you're really coming - because the seats are limited! !!
-----------------------------------------------
Registration:
Start: Friday, 2nd September 2016 - 14:20
Stop: Monday, 26th September 2016 - 17:00
Reg-URL: http://swinog.be/
-----------------------------------------------
Since we have to make reservations, I need to know who's coming and who not.
If you can't attend and you're registered please inform me ASAP (+41 79 382 73 77).
Cheers,
Emanuel Kleindienst
Hi Roger, can you text me? I've no time to kill the swinog inbox :(
+41 79 370 41 57
Gesendet mit meinem HTC
----- Nachricht beantworten -----
Von: "Roger" <roger(a)mgz.ch>
An: <swinog(a)lists.swinog.ch>
Betreff: [swinog] ping
Datum: Do., Sep. 22, 2016 15:07
_______________________________________________
swinog mailing list
swinog(a)lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
As there is an upcoming SwiNOG.... lets throw some people under the bus
before they arrive. Or at least allow them time to come up with more
excuses.
Some quotes from Swiss ISPs from the Call Your ISP page:
https://www.sixxs.net/wiki/Call_Your_ISP_for_IPv6
8<----
"Currently, as demand for IPv6 is very low, we have no plans to
introduce IPv6 native.
"No plans to support IPv6 for our private and SoHo clients"
"The plan is to move everyone on DSLite."
"Provider info: IPv6 is "planned" and soon should get a priority status.
When that "soon" will be is not yet known."
"They know what IPV6 is, eventually they will provide it"
---->8
Come on folks, it is 2016! IPv6 is *20 years* old...
Even Sky.uk was able to get it working[1].
Oh and note: Dual-stack IPv4 + IPv6, along with a /56 per user.
It is not that hard to get right.... and yeah, you kinda had 20 years
already to 'plan' for this....
Greets,
Jeroen
[1]
https://corporate.sky.com/media-centre/news-page/2016/sky-completes-roll-ou…
--- rainer(a)ultra-secure.de wrote:
From: Rainer Duffner <rainer(a)ultra-secure.de>
> Am 18.09.2016 um 08:11 schrieb Fredy Kuenzler <kuenzler(a)init7.net>:
> Friday night we observed several Brocade MLXe linecards rebooting
> (several locations, i.e. Amsterdam, Frankfurt, Geneva), which
> caused network instability due to flapping iBGP etc.
<snip>
: Coincidence?
:
: https://twitter.com/schneierblog/status/775783898366160896
---------------------------------------------------
"Take Down the Internet"
"it feels like a large nation state...China or Russia"
"I am unable to give details"
"It feels like a nation's military cybercommand"
etc.
Seems like FUD to get viewers. 'The sky's going to fall and I can't
tell you why or when, but I know it is. Trust me.' Where's the
technical details so we can make an informed decision, rather than
"it feels like..."
scott
_______________________________________________
swinog mailing list
swinog(a)lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Friday night we observed several Brocade MLXe linecards rebooting (several locations, i.e. Amsterdam, Frankfurt, Geneva), which caused network instability due to flapping iBGP etc.
As of now we know that iWay and nine.ch suffered from similar issues in the same time window, and we believe that they use also Brocade MLXe.
Tonight around 4 a.m. symptoms occurred again, on a lesser degree. nine.ch reports it too.
For reference the tickets:
http://www.init7.net/de/status/?ticket=10348https://status.nine.ch/en/messages/544https://www.iway.ch/iway/status/
Did anyone else observed similar symptoms?
Since these routers operate in various locations and ASNs but are the same make/model I suppose it's a software security issue. Can malicious packets force a linecard reboot?
Regards,
--
Fredy Kuenzler
Init7 (Switzerland) Ltd.
St.-Georgen-Strasse 70
CH-8400 Winterthur
Switzerland
http://www.init7.net/
A little reminder to everyone who has not cast their vote yet:
On September 25, the Swiss citizens will decide whether to accept or refuse
the new NDG/LRens/LAIn/LSI/ISA (Nachrichtendienstgesetz/Loi fédérale sur le
renseignement/Legge federale sulle attività informative/Lescha federala davart
il servetsch d'infurmaziun/Intelligence Service Act):
https://www.admin.ch/gov/en/start/documentation/votes/20160925/intelligence…
Please don't forget to vote!