Re: New hijacking - Done via via good old-fashioned Identity Theft
> From nanog-bounces+bonomi=mail.r-bonomi@nanog.org Thu Oct 7 23:37:29 > 2010 > Date: Fri, 08 Oct 2010 15:38:12 +1100 > From: Ben McGinnes > To: Leen Besselink > Subject: Re: New hijacking - Done via via good old-fashioned Identity Theft > Cc: nanog@nanog.org > > This is an OpenPGP/MIME signed message (RFC 2440 and 3156) > --enigE085D76E6AF9BB6CCE824E1F > Content-Type: text/plain; charset=UTF-8 > Content-Transfer-Encoding: quoted-printable > > On 8/10/10 10:00 AM, Leen Besselink wrote: > >=20 > > k...@domain.tld for when you have a personal domain > > key-u...@domain.tld for when you have a server which understand address= > > > extensions > > Actually I think it's user+...@domain.tld for the second one. At least > that's what I've seen for Postfix. Not so sure about other MTAs. SendmMail 'invented' the 'plussed' extenstion to an address. Other MTAs mimic SendMail's behavior The '+key' is ignored for purposes of selecting the delivery mailbox username+anything gets handed to the LDA for final delivery to mailbox 'username',, _with_ the 'plus part' (i.e. 'anything, from above) available as an extra parameter. To selectively accept/discard on the plussed portion of the address, you either do it in th LDA (procmail, for example, makes this really easy), or you have to run a 'milter' that knows which plussed parts are valid for which users. For a mailserver that does -not- understand 'plussed' addresses, you can usually fake it out by putting the key as an extra elemnt of the host-name. e.g. u...@key.some.dom.ain.tld. AFAIK eveery MTA accepts mail with a more-specific name than a name it has been explicitly told to accept (either for local delivry, or for forwarding) mail for.
Re: New hijacking - Done via via good old-fashioned Identity Theft
> On 10/07/2010 04:16 PM, Sven Olaf Kamphuis wrote:
> > you just give contacts for the passwords with which you have received
> > a new one.
>
> Hi Sven/others,
>
> This very much sounds like TMDA:
>
> http://tmda.net/
> http://en.wikipedia.org/wiki/Tagged_Message_Delivery_Agent
>
> Where by each person that needs to contact you, you give a unique e-mail
> address.
>
> So you give out k...@domain.tld to user1 and k...@domain.tld to user2.
That's a good start, but for general use, if I'm handing out an
address like "s...@jgreco.net" to Sven, and "l...@jgreco.net" to Leen,
the real problem here is predictability. If Sven is a bad guy, he
can cause trouble by guessing that I'd use "l...@jgreco.net" for Leen
and proceed to pass that address out to spammers, making Leen look like
a bad guy.
That particular problem is reduced by generating random tokens for the
LHS, however, doing so introduces new problems, such as the fact that
"23ycs7ia877...@jgreco.net" is no longer obviously associated with Sven.
I've been very successfully using a much better tagging system here.
Take a user-specified identifier, such as, say, "sven".
You run this through a one-way crypto function, such as MD5:
md5=`echo "${1}/SomeMagicSecret" | md5`
f8=`echo "${md5}" | sed "s:^\(\).*:\1:"`
echo "$...@${f8}.demo.jgreco.net"
This results in something like
na...@e6ecd2ea.demo.jgreco.net
Now this has a bunch of interesting properties.
1) You make *.demo.jgreco.net a DNS wildcard zone that is rewritten to
your actual mailbox address.
If and when a problematic address is issued, you can add at the DNS
level an MX (or whatever nasty you prefer) for the particular domain
name that's troubling you; for example, set e6ecd2ea.demo.jgreco.net
to NS from 127.0.0.1. Never even touches the mail server. Of course
MTA or procmail deny works too.
2) By using a separate zone, it makes it trivial to configure your mail
system so that these addresses blow completely by any normal spam
filtering; the problem of false positives for things like transactional
e-mail that spam filters often find "spammy" vanishes completely.
3) You need not keep a database of valid tokens; you can simply re-validate
the LHS in Procmail. This means that you can do things like write a
mobile app or web app that doesn't have to have access to your mail
server's innards. The primary downside is that you need some way to
compute the crypto-signed bit.
4) You can keep a database of issued tokens along with when and why they
were issued.
5) If you make it a habit of using a LHS that's descriptive, it's hard
for a sender to argue that the tag was not assigned to them. It's
particularly entertaining for things like e-pending because it will
reveal which companies you will no longer choose to do business with.
This turns out to be very powerful and very flexible. It can be extended
to include functionality such as single-use addresses or limited-age
addresses, etc. The big trick is to leverage the e-mail address field
itself rather than trying to add a password or something like that in the
body.
... JG
--
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.
Re: P2P link over STM-1
In addition, you can use either PPP or HDLC as L2 over POS. On Fri, Oct 8, 2010 at 2:05 AM, Per Carlson wrote: > If it's a full STM-1, your client might be thinking of POS (packet over > sonet/sdh). This is (were) a very common high bandwidth technology some > years ago. > > At least the 7200 do have cheap POS interfaces. > -- > Pelle > (sorry about the top-posting, I'm on a mobile device) > -- -- = Carlos M. Martinez-Cagnazzo http://cagnazzo.name =
Weekly Routing Table Report
This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. The posting is sent to APOPS, NANOG, AfNOG, AusNOG, SANOG, PacNOG, LacNOG, CaribNOG and the RIPE Routing Working Group. Daily listings are sent to bgp-st...@lists.apnic.net For historical data, please see http://thyme.apnic.net. If you have any comments please contact Philip Smith . Routing Table Report 04:00 +10GMT Sat 09 Oct, 2010 Report Website: http://thyme.apnic.net Detailed Analysis: http://thyme.apnic.net/current/ Analysis Summary BGP routing table entries examined: 332924 Prefixes after maximum aggregation: 152886 Deaggregation factor: 2.18 Unique aggregates announced to Internet: 163608 Total ASes present in the Internet Routing Table: 34937 Prefixes per ASN: 9.53 Origin-only ASes present in the Internet Routing Table: 30306 Origin ASes announcing only one prefix: 14711 Transit ASes present in the Internet Routing Table:4631 Transit-only ASes present in the Internet Routing Table:102 Average AS path length visible in the Internet Routing Table: 3.6 Max AS path length visible: 24 Max AS path prepend of ASN (41664) 21 Prefixes from unregistered ASNs in the Routing Table: 3825 Unregistered ASNs in the Routing Table:1691 Number of 32-bit ASNs allocated by the RIRs:809 Prefixes from 32-bit ASNs in the Routing Table:1141 Special use prefixes present in the Routing Table:0 Prefixes being announced from unallocated address space:217 Number of addresses announced to Internet: 2278375680 Equivalent to 135 /8s, 205 /16s and 65 /24s Percentage of available address space announced: 61.5 Percentage of allocated address space announced: 65.6 Percentage of available address space allocated: 93.7 Percentage of address space in use by end-sites: 85.1 Total number of prefixes smaller than registry allocations: 136876 APNIC Region Analysis Summary - Prefixes being announced by APNIC Region ASes:81350 Total APNIC prefixes after maximum aggregation: 27868 APNIC Deaggregation factor:2.92 Prefixes being announced from the APNIC address blocks: 78281 Unique aggregates announced from the APNIC address blocks:34323 APNIC Region origin ASes present in the Internet Routing Table:4200 APNIC Prefixes per ASN: 18.64 APNIC Region origin ASes announcing only one prefix: 1172 APNIC Region transit ASes present in the Internet Routing Table:647 Average APNIC Region AS path length visible:3.7 Max APNIC Region AS path length visible: 16 Number of APNIC addresses announced to Internet: 551177312 Equivalent to 32 /8s, 218 /16s and 76 /24s Percentage of available APNIC address space announced: 78.2 APNIC AS Blocks4608-4864, 7467-7722, 9216-10239, 17408-18431 (pre-ERX allocations) 23552-24575, 37888-38911, 45056-46079 55296-56319, 131072-132095 APNIC Address Blocks 1/8, 14/8, 27/8, 43/8, 49/8, 58/8, 59/8, 60/8, 61/8, 101/8, 110/8, 111/8, 112/8, 113/8, 114/8, 115/8, 116/8, 117/8, 118/8, 119/8, 120/8, 121/8, 122/8, 123/8, 124/8, 125/8, 126/8, 133/8, 175/8, 180/8, 182/8, 183/8, 202/8, 203/8, 210/8, 211/8, 218/8, 219/8, 220/8, 221/8, 222/8, 223/8, ARIN Region Analysis Summary Prefixes being announced by ARIN Region ASes:135954 Total ARIN prefixes after maximum aggregation:70173 ARIN Deaggregation factor: 1.94 Prefixes being announced from the ARIN address blocks: 108553 Unique aggregates announced from the ARIN address blocks: 43351 ARIN Region origin ASes present in the Internet Routing Table:13936 ARIN Prefixes per ASN: 7.79 ARIN Region origin ASes announcing only one prefix:5326 ARIN Region transit ASes present in the Internet Routing Table:1381 Average ARIN Region AS path length visible: 3.4 Max ARIN Region AS path length visible: 22 Number of ARIN addr
BGP Update Report
BGP Update Report Interval: 30-Sep-10 -to- 07-Oct-10 (7 days) Observation Point: BGP Peering with AS131072 TOP 20 Unstable Origin AS Rank ASNUpds % Upds/PfxAS-Name 1 - AS815123388 1.5% 9.1 -- Uninet S.A. de C.V. 2 - AS346423141 1.5% 525.9 -- ASC-NET - Alabama Supercomputer Network 3 - AS32528 17215 1.1%2151.9 -- ABBOTT Abbot Labs 4 - AS845215644 1.0% 11.0 -- TE-AS TE-AS 5 - AS35931 15579 1.0%2596.5 -- ARCHIPELAGO - ARCHIPELAGO HOLDINGS INC 6 - AS553613583 0.9% 122.4 -- Internet-Egypt 7 - AS23216 10747 0.7% 41.8 -- MEGADATOS S.A. 8 - AS381610130 0.7% 20.8 -- COLOMBIA TELECOMUNICACIONES S.A. ESP 9 - AS4771 9846 0.6% 27.7 -- NZTELECOM Netgate 10 - AS333639712 0.6% 7.1 -- BHN-TAMPA - BRIGHT HOUSE NETWORKS, LLC 11 - AS9829 9611 0.6% 11.7 -- BSNL-NIB National Internet Backbone 12 - AS5778 9117 0.6% 52.4 -- EMBARQ-RCMT - Embarq Corporation 13 - AS4323 9027 0.6% 2.0 -- TWTC - tw telecom holdings, inc. 14 - AS5800 8824 0.6% 43.7 -- DNIC-ASBLK-05800-06055 - DoD Network Information Center 15 - AS118308556 0.6% 19.8 -- Instituto Costarricense de Electricidad y Telecom. 16 - AS285738483 0.6% 7.1 -- NET Servicos de Comunicao S.A. 17 - AS2764 8301 0.5% 22.4 -- AAPT AAPT Limited 18 - AS454647811 0.5% 260.4 -- NEXTWEB-AS-AP Room 201, TGU Bldg 19 - AS277387674 0.5% 36.7 -- Ecuadortelecom S.A. 20 - AS455956750 0.4% 17.7 -- PKTELECOM-AS-PK Pakistan Telecom Company Limited TOP 20 Unstable Origin AS (Updates per announced prefix) Rank ASNUpds % Upds/PfxAS-Name 1 - AS35931 15579 1.0%2596.5 -- ARCHIPELAGO - ARCHIPELAGO HOLDINGS INC 2 - AS32528 17215 1.1%2151.9 -- ABBOTT Abbot Labs 3 - AS456066274 0.4%1254.8 -- 101GLOBAL-AS-AP 101 Global Co.,Ltd. 4 - AS227533478 0.2% 869.5 -- REDHAT-STUTTGART REDHAT Stuttgart 5 - AS442285270 0.3% 658.8 -- DATA-AS DATA CoLTD 6 - AS210176561 0.4% 656.1 -- VSI-AS VSI AS 7 - AS5311 648 0.0% 648.0 -- DNIC-ASBLK-05120-05376 - DoD Network Information Center 8 - AS138131239 0.1% 619.5 -- BROADSOFT-INC-NORTH-AMERICA - BroadSoft, Inc. 9 - AS24035 566 0.0% 566.0 -- MOFA-AS-VN Ministry of Foreign Affairs of Vietnam - MOFA 10 - AS346423141 1.5% 525.9 -- ASC-NET - Alabama Supercomputer Network 11 - AS11613 518 0.0% 518.0 -- U-SAVE - U-Save Auto Rental of America, Inc. 12 - AS181632053 0.1% 513.2 -- JINJU18163-AS-KR jinju national university 13 - AS29544 644 0.0% 322.0 -- MAURITEL-AS 14 - AS27771 614 0.0% 307.0 -- Instituto Venezolano de Investigaciones Cientificas 15 - AS43634 290 0.0% 290.0 -- YALTA-RS-AS Yalta Radio Systems 16 - AS455981396 0.1% 279.2 -- BLUEMEDIACOM-PH Unit 503 5th Floor Net One Center 17 - AS180255796 0.4% 276.0 -- ACE-1-WIFI-AS-AP Ace-1 Wifi Network 18 - AS45292 274 0.0% 274.0 -- LIPI-AS-ID Lembaga Ilmu Pengetahuan Indonesia - LIPI 19 - AS454647811 0.5% 260.4 -- NEXTWEB-AS-AP Room 201, TGU Bldg 20 - AS27027 520 0.0% 260.0 -- ANBELL ASN-ANBELL TOP 20 Unstable Prefixes Rank Prefix Upds % Origin AS -- AS Name 1 - 129.66.0.0/17 11497 0.7% AS3464 -- ASC-NET - Alabama Supercomputer Network 2 - 129.66.128.0/17 11495 0.7% AS3464 -- ASC-NET - Alabama Supercomputer Network 3 - 63.211.68.0/2210143 0.6% AS35931 -- ARCHIPELAGO - ARCHIPELAGO HOLDINGS INC 4 - 130.36.34.0/24 8604 0.5% AS32528 -- ABBOTT Abbot Labs 5 - 130.36.35.0/24 8601 0.5% AS32528 -- ABBOTT Abbot Labs 6 - 201.134.18.0/246419 0.4% AS8151 -- Uninet S.A. de C.V. 7 - 190.65.228.0/226184 0.4% AS3816 -- COLOMBIA TELECOMUNICACIONES S.A. ESP 8 - 198.140.43.0/245349 0.3% AS35931 -- ARCHIPELAGO - ARCHIPELAGO HOLDINGS INC 9 - 216.126.136.0/22 3911 0.2% AS6316 -- AS-PAETEC-NET - PaeTec Communications, Inc. 10 - 41.238.176.0/233595 0.2% AS8452 -- TE-AS TE-AS 11 - 72.31.122.0/24 3541 0.2% AS13343 -- SCRR-13343 - Road Runner HoldCo LLC AS33363 -- BHN-TAMPA - BRIGHT HOUSE NETWORKS, LLC 12 - 66.187.234.0/243474 0.2% AS22753 -- REDHAT-STUTTGART REDHAT Stuttgart 13 - 95.32.192.0/18 3437 0.2% AS21017 -- VSI-AS VSI AS 14 - 206.184.16.0/243197 0.2% AS174 -- COGENT Cogent/PSI 15 - 95.32.128.0/18 3094 0.2% AS21017 -- VSI-AS VSI AS 16 - 216.118.245.0/24 2910 0.2% AS25747 -- VSC-SATELLITE-CO - VSC Satellite Co
The Cidr Report
This report has been generated at Fri Oct 8 21:11:50 2010 AEST.
The report analyses the BGP Routing Table of AS2.0 router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org for a current version of this report.
Recent Table History
Date PrefixesCIDR Agg
01-10-10337368 208491
02-10-10337924 208506
03-10-10337877 208789
04-10-10337819 208799
05-10-10337616 209221
06-10-10338174 209629
07-10-10338124 209707
08-10-10338202 209567
AS Summary
35577 Number of ASes in routing system
15168 Number of ASes announcing only one prefix
4486 Largest number of prefixes announced by an AS
AS4323 : TWTC - tw telecom holdings, inc.
96837376 Largest address span announced by an AS (/32s)
AS4134 : CHINANET-BACKBONE No.31,Jin-rong Street
Aggregation Summary
The algorithm used in this report proposes aggregation only
when there is a precise match using the AS path, so as
to preserve traffic transit policies. Aggregation is also
proposed across non-advertised address space ('holes').
--- 08Oct10 ---
ASnumNetsNow NetsAggr NetGain % Gain Description
Table 338232 209580 12865238.0% All ASes
AS6389 3774 282 349292.5% BELLSOUTH-NET-BLK -
BellSouth.net Inc.
AS4323 4486 1984 250255.8% TWTC - tw telecom holdings,
inc.
AS19262 1779 279 150084.3% VZGNI-TRANSIT - Verizon Online
LLC
AS4766 1865 525 134071.8% KIXS-AS-KR Korea Telecom
AS22773 1204 66 113894.5% ASN-CXA-ALL-CCI-22773-RDC -
Cox Communications Inc.
AS4755 1367 285 108279.2% TATACOMM-AS TATA
Communications formerly VSNL
is Leading ISP
AS17488 1360 308 105277.4% HATHWAY-NET-AP Hathway IP Over
Cable Internet
AS5668 1063 93 97091.3% AS-5668 - CenturyTel Internet
Holdings, Inc.
AS10620 1333 376 95771.8% Telmex Colombia S.A.
AS6478 1368 427 94168.8% ATT-INTERNET3 - AT&T Services,
Inc.
AS18566 1058 175 88383.5% COVAD - Covad Communications
Co.
AS1785 1794 1012 78243.6% AS-PAETEC-NET - PaeTec
Communications, Inc.
AS7545 1418 696 72250.9% TPG-INTERNET-AP TPG Internet
Pty Ltd
AS7303 799 101 69887.4% Telecom Argentina S.A.
AS8452 1046 371 67564.5% TE-AS TE-AS
AS8151 1342 690 65248.6% Uninet S.A. de C.V.
AS33363 1376 736 64046.5% BHN-TAMPA - BRIGHT HOUSE
NETWORKS, LLC
AS18101 885 249 63671.9% RELIANCE-COMMUNICATIONS-IN
Reliance Communications
Ltd.DAKC MUMBAI
AS4808 936 303 63367.6% CHINA169-BJ CNCGROUP IP
network China169 Beijing
Province Network
AS28573 1175 604 57148.6% NET Servicos de Comunicao S.A.
AS7552 650 120 53081.5% VIETEL-AS-AP Vietel
Corporation
AS4780 707 182 52574.3% SEEDNET Digital United Inc.
AS7018 1470 945 52535.7% ATT-INTERNET4 - AT&T Services,
Inc.
AS17676 606 82 52486.5% GIGAINFRA Softbank BB Corp.
AS24560 1045 523 52250.0% AIRTELBROADBAND-AS-AP Bharti
Airtel Ltd., Telemedia
Services
AS9443 575 75 50087.0% INTERNETPRIMUS-AS-AP Primus
Telecommunications
AS7011 1156 668 48842.2% FRONTIER-AND-CITIZENS -
Frontier Communications of
America, Inc.
AS22047 558 82 47685.3% VTR BANDA ANCHA S.A.
AS4804 665 205 46069.2% MPX-AS Microplex PTY LTD
AS36992 651 196 45569.9
