swinog

swinog@lists.swinog.ch

1 participants
2916 discussions

E-Mail Hacks
by Mike Kellenberger 08 Oct '16

08 Oct '16

Hi all I might be slightly off-topic here, because it's not a network issue, but it might be of interest to some of you anyway and maybe you've had customers which were affected as well. I don't know if this ploy is new, but after having two customers affected within one week, I suspect it is. The customer receives an e-mail with an invoice from his supplier, which he trusts and has worked with in the past. Shortly after this e-mail he receives another e-mail from the same sender and in the exact same layout stating that the company has a new bank account and that this account should be used. The second e-mail is forged of course. We haven't beeen able to find out where the original mail gets captured (most likely on the suppliers client, because in one case, more than one customer of the supplier was affected). The fraudulent bank account was in UK in both cases, in one case the amount was around CHF 6K, where the UK authorities did not get active, in the second case it was a 6 digit amount... That case is still ongoing. The fraudulent bank account was already closed again in both cases when the customer realized that his transaction had gone to the wrong account (usually after the supplier asked if the money had not been transferred yet). Have you had similar cases? Regards, Mike -- Mike Kellenberger | Escapenet GmbH www.escapenet.ch +41 52 235 0700/04 Skype mikek70atwork

5 4

DDOS >1Tbps - Swiss-wide (regional) BGP propagation?!
by Fredy Kuenzler 03 Oct '16

03 Oct '16

Since we see >1Tbps DDOS attacs in the wild, I suppose out-of-the-box DDOS mitigation suppliers have lost this race. There is no operator in Switzerland which can handle 1Tbps DDOS attacks. When we saw DDOS against digitec.ch and others earlier this year, I was a bit surprised that none of the so called "experts" proposed regional BGP propagation as a remedy. Given that e-commerce such as digitec.ch is assumingly making 99.9% of the revenue within Switzerland, their prefix doesn't need to reachable from all over the world. If the prefix of a Swiss e-commerce would be reachable from Swiss broadband providers only, the DDOS is mitigated, as the vast majority of the botnet is lacking a route to the targeted victim IP address. To achieve this I think we need a collaborative community effort setting up a common procedure and define a BGP communitiy with the effect "do not announce beyond Switzerland". An e-commerce should be able to hit the button injecting this defined BGP community when under attack (or permanently, of course). I suppose to make this idea a success we need to have all major operators in Switzerland on board (3303, 6730, 6830) and I suppose the smaller operators will follow in their own interest to avoid blackholes. Anyone? I think it's good if a somewhat "neutral body" with decent BGP knowledge could take the lead for such a working group, maybe SWITCH or SwissIX? -- Fredy Kuenzler --------------------- Fiber7. No Limits. https://www.fiber7.ch --------------------- Init7 (Switzerland) Ltd. AS13030 St.-Georgen-Strasse 70 CH-8400 Winterthur Skype: flyingpotato Phone: +41 44 315 4400 Fax: +41 44 315 4401 Twitter: @init7 / @kuenzler http://www.init7.net/

9 14

Krebs: Source Code for IoT Botnet ‘Mirai’ Released
by Jeroen Massar 01 Oct '16

01 Oct '16

https://krebsonsecurity.com/2016/10/source-code-for-iot-botnet-mirai-releas… And now the script kiddies have their hands on it... Enjoy that Internet... Greets, Jeroen

1 0

Re: [swinog] Joined SwissIX - SwiNOG-BE159 - Beer Event 159 @ Erzbierschof Zurich, Monday, 2016-09-26 - Reminder 2 & last one
by Emanuel Kleindienst 23 Sep '16

23 Sep '16

Hi community, 18 coming, cool! Get yourself registered now: http://swinog.be/ Cheers, have a great weekend! Emanuel -----Original Message----- From: Emanuel Kleindienst [mailto:emanuel.kleindienst@vshn.ch] Sent: Freitag, 2. September 2016 14:30 To: swinog(a)lists.swinog.ch Subject: Joined SwissIX - SwiNOG-BE159 - Beer Event 159 @ Erzbierschof Zurich, Monday, 2016-09-26 Dear SwissIXers & SwiNOGers, JOINED SwiNOG & SwissIX Beering Let's have some Beer & Food at Erzbierschof - an new location AGAIN!!! Upcoming events for rest of 2016: > SwiNOG-BE160: Mo, 24.10.16 > SwiNOG-BE161: Mo, 28.11.16 > SwiNOG-BE162: Mo, 12.12.16 (Christmas dinner) Looking forward seeing you! Emanuel, mobile +41 79 382 73 77, Email emanuel(a)vshn.ch Details for the next event: ----------------------------------------------- Event: Joined SwissIX - SwiNOG-BE159 - Beer Event 159 When? Monday, 26th September 2016 18:30 Where? Erzbierschof Freischuetzgasse 10, 8004 Zurich http://blackrider.erzbierschof.ch/ (GoogleMaps Link: http://https://goo.gl/maps/va7vLZkHngy) Places available? 35 !! Please sign up if you're really coming - because the seats are limited! !! ----------------------------------------------- Registration: Start: Friday, 2nd September 2016 - 14:20 Stop: Monday, 26th September 2016 - 17:00 Reg-URL: http://swinog.be/ ----------------------------------------------- Since we have to make reservations, I need to know who's coming and who not. If you can't attend and you're registered please inform me ASAP (+41 79 382 73 77). Cheers, Emanuel Kleindienst

1 0

Re: [swinog] ping
by simon＠swinog.org 22 Sep '16

22 Sep '16

Hi Roger, can you text me? I've no time to kill the swinog inbox :( +41 79 370 41 57 Gesendet mit meinem HTC ----- Nachricht beantworten ----- Von: "Roger" <roger(a)mgz.ch> An: <swinog(a)lists.swinog.ch> Betreff: [swinog] ping Datum: Do., Sep. 22, 2016 15:07 _______________________________________________ swinog mailing list swinog(a)lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

1 0

ping
by Roger 22 Sep '16

22 Sep '16

1 0

Swiss ISPs and IPv6 --- 2016 edition
by Jeroen Massar 20 Sep '16

20 Sep '16

As there is an upcoming SwiNOG.... lets throw some people under the bus before they arrive. Or at least allow them time to come up with more excuses. Some quotes from Swiss ISPs from the Call Your ISP page: https://www.sixxs.net/wiki/Call_Your_ISP_for_IPv6 8<---- "Currently, as demand for IPv6 is very low, we have no plans to introduce IPv6 native. "No plans to support IPv6 for our private and SoHo clients" "The plan is to move everyone on DSLite." "Provider info: IPv6 is "planned" and soon should get a priority status. When that "soon" will be is not yet known." "They know what IPV6 is, eventually they will provide it" ---->8 Come on folks, it is 2016! IPv6 is *20 years* old... Even Sky.uk was able to get it working[1]. Oh and note: Dual-stack IPv4 + IPv6, along with a /56 per user. It is not that hard to get right.... and yeah, you kinda had 20 years already to 'plan' for this.... Greets, Jeroen [1] https://corporate.sky.com/media-centre/news-page/2016/sky-completes-roll-ou…

7 21

Re: [swinog] Brocade MLXe: Random Linecard Reboot - anyone else?
by Scott Weeks 19 Sep '16

19 Sep '16

--- rainer(a)ultra-secure.de wrote: From: Rainer Duffner <rainer(a)ultra-secure.de> > Am 18.09.2016 um 08:11 schrieb Fredy Kuenzler <kuenzler(a)init7.net>: > Friday night we observed several Brocade MLXe linecards rebooting > (several locations, i.e. Amsterdam, Frankfurt, Geneva), which > caused network instability due to flapping iBGP etc. <snip> : Coincidence? : : https://twitter.com/schneierblog/status/775783898366160896 --------------------------------------------------- "Take Down the Internet" "it feels like a large nation state...China or Russia" "I am unable to give details" "It feels like a nation's military cybercommand" etc. Seems like FUD to get viewers. 'The sky's going to fall and I can't tell you why or when, but I know it is. Trust me.' Where's the technical details so we can make an informed decision, rather than "it feels like..." scott _______________________________________________ swinog mailing list swinog(a)lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

2 1

Brocade MLXe: Random Linecard Reboot - anyone else?
by Fredy Kuenzler 18 Sep '16

18 Sep '16

Friday night we observed several Brocade MLXe linecards rebooting (several locations, i.e. Amsterdam, Frankfurt, Geneva), which caused network instability due to flapping iBGP etc. As of now we know that iWay and nine.ch suffered from similar issues in the same time window, and we believe that they use also Brocade MLXe. Tonight around 4 a.m. symptoms occurred again, on a lesser degree. nine.ch reports it too. For reference the tickets: http://www.init7.net/de/status/?ticket=10348 https://status.nine.ch/en/messages/544 https://www.iway.ch/iway/status/ Did anyone else observed similar symptoms? Since these routers operate in various locations and ASNs but are the same make/model I suppose it's a software security issue. Can malicious packets force a linecard reboot? Regards, -- Fredy Kuenzler Init7 (Switzerland) Ltd. St.-Georgen-Strasse 70 CH-8400 Winterthur Switzerland http://www.init7.net/

5 4

NDG Referendum
by Gregor Riepl 17 Sep '16

17 Sep '16

A little reminder to everyone who has not cast their vote yet: On September 25, the Swiss citizens will decide whether to accept or refuse the new NDG/LRens/LAIn/LSI/ISA (Nachrichtendienstgesetz/Loi fédérale sur le renseignement/Legge federale sulle attività informative/Lescha federala davart il servetsch d'infurmaziun/Intelligence Service Act): https://www.admin.ch/gov/en/start/documentation/votes/20160925/intelligence… Please don't forget to vote!

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

swinog