TeliaSonera IC Contacts

[Ammar Zuberi]

Hi all,

Does anyone have a contact for an account manager at TeliaSonera IC? We’ve sent 
at least 3 requests for a quote through their website over a month or so and 
haven’t got a single reply except for the automated “we’ve received your query” 
email.

We’re looking for IP transit in Amsterdam, NL.

Best Regards,

Ammar Zuberi
FastReturn, Inc




Email: am...@fastreturn.net

This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. If 
you have received it by mistake, please let us know by e-mail reply and delete 
it from your system; you may not copy this message or disclose its contents to 
anyone. Please note that any views or opinions presented in this email are 
solely those of the author and do not necessarily represent those of the 
company. Finally, the recipient should check this email and any attachments for 
the presence of viruses. The company accepts no liability for any damage caused 
by any virus transmitted by this email.

Re: TeliaSonera IC Contacts

[Sander Steffann]

Hi,

> Does anyone have a contact for an account manager at TeliaSonera IC? We’ve 
> sent at least 3 requests for a quote through their website over a month or so 
> and haven’t got a single reply except for the automated “we’ve received your 
> query” email.

And you still want to buy from them?!?
Sander

Re: Transparent hijacking of SMTP submission...

[Randy Bush]

> I don't see this in my home market, but I do see it in someone else's...
> I kind of expect this for port 25 but...
> 
> J@mb-aye:~$telnet 147.28.0.81 587
> Trying 147.28.0.81...
> Connected to nagasaki.bogus.com.
> Escape character is '^]'.
> 220 nagasaki.bogus.com ESMTP Sendmail 8.14.9/8.14.9; Thu, 27 Nov 2014
> 19:17:44 GMT
> ehlo bogus.com
> 250-nagasaki.bogus.com Hello XXX.wa.comcast.net
> [XXX.XXX.XXX.XXX], pleased to meet you
> 250 ENHANCEDSTATUSCODES
> 
> J@mb-aye:~$telnet 2001:418:1::81 587
> Trying 2001:418:1::81...
> Connected to nagasaki.bogus.com.
> Escape character is '^]'.
> 220 nagasaki.bogus.com ESMTP Sendmail 8.14.9/8.14.9; Thu, 27 Nov 2014
> 19:18:33 GMT
> ehlo bogus.com
> 250-nagasaki.bogus.com Hello
> [IPv6:2601:7:2380::::c1ae:7d73], pleased to meet you
> 250-ENHANCEDSTATUSCODES
> 250-PIPELINING
> 250-8BITMIME
> 250-SIZE
> 250-DSN
> 250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN
> 250-STARTTLS
> 250-DELIVERBY
> 250 HELP
> 
> that's essentially a downgrade attack on my ability to use encryption
> which seems to be in pretty poor taste frankly.

i think of it as an intentional traffic hijack.  i would be talking to a
lawyer.

randy, who plans to test next time he is behind comcast

Re: Transparent hijacking of SMTP submission...

[William Herrin]

On Thu, Nov 27, 2014 at 9:51 PM, Jay Ashworth  wrote:

> - Original Message -
> > From: "William Herrin" 
> > I'm not sure I follow your complaint here. Are you saying that Comcast
> > or a
> > Comcast customer in Washington state stripped the STARTTLS verb from
> > the
> > IPv4 port 587 SMTP submission connection between you and a third
> > party?
>
> Yup; that's what he's saying.  This was in the technical press earlier this
> week -- or the end of last.
>

Hi Jay,

Seems to me that if an ISP is altering the contents of its users' packets
(not just blocking them, altering them) then that ISP should be named and
shamed, if not worse. Unless the customer contracted for special account
type where that was a desired and intended feature, such behavior is
inexcusable.

If it's a customer of that ISP, on the other hand, then it's just the
normal idiocy and paranoia, no different than the retarded behavior by
amateur sysadmins that block all ICMP because they don't want to be pinged
(see PMTUD and its effects on TCP).

Anyway, I was curious which accusation was being leveled.

Regards,
Bill Herrin


-- 
William Herrin  her...@dirtside.com  b...@herrin.us
Owner, Dirtside Systems . Web: 
May I solve your unusual networking challenges?

Re: TeliaSonera IC Contacts

[Ammar Zuberi]

Hi Sander,

It's more of a "have to buy from them" as opposed to a "want to buy from them." 
I'd much prefer NTT, but they are nowhere near where we are unfortunately.

Ammar.

> On 29 Nov 2014, at 7:25 pm, Sander Steffann  wrote:
> 
> Hi,
> 
>> Does anyone have a contact for an account manager at TeliaSonera IC? We’ve 
>> sent at least 3 requests for a quote through their website over a month or 
>> so and haven’t got a single reply except for the automated “we’ve received 
>> your query” email.
> 
> And you still want to buy from them?!?
> Sander
> 

Re: Transparent hijacking of SMTP submission...

[Sander Steffann]

Op 29 nov. 2014, om 19:37 heeft Randy Bush  het volgende 
geschreven:
> i think of it as an intentional traffic hijack.  i would be talking to a
> lawyer.
> 
> randy, who plans to test next time he is behind comcast

I am so glad that our Dutch net neutrality laws state that "providers of 
Internet access services may not hinder or delay any services or applications 
on the Internet" (unless [...], but those exceptions make sense)

Cheers,
Sander

Re: TeliaSonera IC Contacts

[Sander Steffann]

Hi,

> It's more of a "have to buy from them" as opposed to a "want to buy from 
> them." I'd much prefer NTT, but they are nowhere near where we are 
> unfortunately.

You were talking about Amsterdam, right? There are plenty of transits you can 
buy from.

Cheers,
Sander

Re: Transparent hijacking of SMTP submission...

[Jean-Francois Mezei]

On 14-11-29 11:07, Sander Steffann wrote:

> I am so glad that our Dutch net neutrality laws state that "providers of 
> Internet access services may not hinder or delay any services or applications 
> on the Internet" (unless [...], but those exceptions make sense)


However, in the case of SMTP, due to the amount of spam, most ISPs break
"network neutrality" by blocking outbound port 25 for instance, and
their SMTP servers will block much incoming emails (spam).  However,
SMTP is a layer or two above the network. But blocking port 25 is at the
network level.

I have seen wi-fi systems where you ask to connect to 20.21.22.23 port
25, and you get connected to 50.51.52.53 port 25. (the ISPs own SMTP
server).  I would rather they just block it than redirect you without
warning to an SMTP server of their own where they can look and your
outbound email, pretend to acccept it, and never deliver it.

Re: Transparent hijacking of SMTP submission...

[Christopher Morrow]

backing up a bit in the conversation, perhaps this is just in some
regions of comcastlandia? I don't see this in Northern Virginia...

$ openssl s_client -starttls smtp  -connect my-mailserver.net:587
CONNECTED(0003)
depth=0 description = kVjtrCL8rUdvd00q, C = US, CN =
my-mailserver.net, emailAddress = my-emailaddrss.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 description = kVjtrCL8rUdvd00q, C = US, CN = my-mailsever.net,
emailAddress = my-emailaddress.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 description = kVjtrCL8rUdvd00q, C = US, CN =
my-mailserver.net, emailAddress = my-emailaddress.com
verify error:num=21:unable to verify the first certificate
verify return:1

...

Certificate chain
 0 
s:/description=kVjtrCL8rUdvd00q/C=US/CN=my-mailserver.net/emailAddress=y-emailaddress.com
   i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
Signing/CN=StartCom Class 1 Primary Intermediate Server CA

...

New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol  : TLSv1.2
Cipher: ECDHE-RSA-AES256-GCM-SHA384
Session-ID: FC3E47AF2A2A96BF6DE6E11F96B02A0C41A6542864271F2901F09594DE9A48FA
Session-ID-ctx:
Master-Key:
BE7FB76EF5C0A9BA507B175026F73E67080D6442201FDF28F536FA38197A9B1353D644EEAF8D0D264328F94B2EF5742C
Key-Arg   : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1417286582
Timeout   : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
250 DSN
ehlo me
250-my-mailserver.net
250-PIPELINING


On Sat, Nov 29, 2014 at 12:26 PM, Jean-Francois Mezei
 wrote:
> On 14-11-29 11:07, Sander Steffann wrote:
>
>> I am so glad that our Dutch net neutrality laws state that "providers of 
>> Internet access services may not hinder or delay any services or 
>> applications on the Internet" (unless [...], but those exceptions make sense)
>
>
> However, in the case of SMTP, due to the amount of spam, most ISPs break
> "network neutrality" by blocking outbound port 25 for instance, and
> their SMTP servers will block much incoming emails (spam).  However,
> SMTP is a layer or two above the network. But blocking port 25 is at the
> network level.
>
> I have seen wi-fi systems where you ask to connect to 20.21.22.23 port
> 25, and you get connected to 50.51.52.53 port 25. (the ISPs own SMTP
> server).  I would rather they just block it than redirect you without
> warning to an SMTP server of their own where they can look and your
> outbound email, pretend to acccept it, and never deliver it.
>
>
>

Re: Transparent hijacking of SMTP submission...

[John Levine]

In article  
you write:
>backing up a bit in the conversation, perhaps this is just in some
>regions of comcastlandia? I don't see this in Northern Virginia...

I don't see it in New Jersey, either.

Is this a direct connection, or a coffee shop sharing a cable connection or
something like that?

Re: Transparent hijacking of SMTP submission...

[John Levine]

>i think of it as an intentional traffic hijack.  i would be talking to a
>lawyer.

If the lawyer says anything other than that 47 USC 230(c)(2)(A)
provides broad immunity for ISP content filtering, even if the filters
sometimes screw up, you need a new lawyer.

Filtering STARTTLS on port 587 is pretty stupid, but not everything
that's stupid is illegal.

R's,
John

PS: I know enough technical people at Comcast that I would be
extremely surprised if it were Comcast doing this.  There's plenty not
to like about the corporation, but the technical staff are quite
competent.

Re: Transparent hijacking of SMTP submission...

[Larry Sheldon]

On 11/29/2014 14:09, John Levine wrote:

In article  
you write:

backing up a bit in the conversation, perhaps this is just in some
regions of comcastlandia? I don't see this in Northern Virginia...


I don't see it in New Jersey, either.

Is this a direct connection, or a coffee shop sharing a cable connection or
something like that?


I am a little confused but have note yet had time and interest at the 
same time to back through the thread


I thought when it started that the complaint was somebody using a public 
wiffy had been victimized by something I read about recently (and 
thought it was here that I had red it) where somebody sets up a 
fraudulent server on the wiffy that advertises a false-flag email 
"server" that strips out the security stuff and then sends the traffic 
to an accomplice-site that eventually gets the stripped traffic to its 
original destination.



--
The unique Characteristics of System Administrators:

The fact that they are infallible; and,

The fact that they learn from their mistakes.


Quis custodiet ipsos custodes

Re: Transparent hijacking of SMTP submission...

[Randy Bush]

The STARTTLS filter was merely a tool used to divert and tap the traffic. It is 
the latter which is over the line. 

randy, on a teensy non-computer

On Nov 29, 2014, at 15:17, John Levine  wrote:

>> i think of it as an intentional traffic hijack.  i would be talking to a
>> lawyer.
> 
> If the lawyer says anything other than that 47 USC 230(c)(2)(A)
> provides broad immunity for ISP content filtering, even if the filters
> sometimes screw up, you need a new lawyer.
> 
> Filtering STARTTLS on port 587 is pretty stupid, but not everything
> that's stupid is illegal.
> 
> R's,
> John
> 
> PS: I know enough technical people at Comcast that I would be
> extremely surprised if it were Comcast doing this.  There's plenty not
> to like about the corporation, but the technical staff are quite
> competent.

Re: Transparent hijacking of SMTP submission...

[Marcin Cieslak]

On Thu, 27 Nov 2014, joel jaeggli wrote:

> I don't see this in my home market, but I do see it in someone else's...
> I kind of expect this for port 25 but...
> 
> J@mb-aye:~$telnet 147.28.0.81 587
> Trying 147.28.0.81...
> Connected to nagasaki.bogus.com.
> Escape character is '^]'.
> 220 nagasaki.bogus.com ESMTP Sendmail 8.14.9/8.14.9; Thu, 27 Nov 2014
> 19:17:44 GMT
> ehlo bogus.com
> 250-nagasaki.bogus.com Hello XXX.wa.comcast.net
> [XXX.XXX.XXX.XXX], pleased to meet you
> 250 ENHANCEDSTATUSCODES

Seen some anti-virus software (on Windows) doing this.
You might not be running Windows though. Some home
router with some "security improvement" ?

//Marcin

Re: Phasing out of copper

[Måns Nilsson]

Subject: Phasing out of copper Date: Fri, Nov 28, 2014 at 10:46:03AM -0500 
Quoting Jean-Francois Mezei (jfmezei_na...@vaxination.ca):
> Currently in the midst of a CRTC policy hearing in Canada on future of
> competition in ISPs.
> 
> Incumbents claim they have no plans to retire their copper plant after
> deploying FTTP/FTTH.  (strategically to convince regulator that keeping
> ISPs on copper is fine and no need to let them access FTTP).

Maintaining copper plant is expensive. It will be retired as soon as
buy-in on FTTH is high enough. Telia Sonera is doing it in Sweden,
so the trend is global. (OTOH, in Sweden, young people moving out from
their parents, if they can find somewhere to rent, usually only get a
fixed connection for Internet access. Telephony is all mobile.)

-- 
Måns Nilsson primary/secondary/besserwisser/machina
MN-1334-RIPE +46 705 989668
Four thousand different MAGNATES, MOGULS & NABOBS are romping in my
gothic solarium!!


signature.asc
Description: Digital signature

Re: Phasing out of copper

[Cameron Daniel]

On 2014-11-30 9:19 am, Måns Nilsson wrote:

Maintaining copper plant is expensive. It will be retired as soon as
buy-in on FTTH is high enough. Telia Sonera is doing it in Sweden,
so the trend is global. (OTOH, in Sweden, young people moving out from
their parents, if they can find somewhere to rent, usually only get a
fixed connection for Internet access. Telephony is all mobile.)


This is pretty common in other countries as well. At a $JOB-1 in 
Australia all our residential DSL services were provided over ULLs and 
came with a dial tone provided by us but only a tiny fraction of active 
lines ever made or received a call.

Re: Transparent hijacking of SMTP submission...

[Christopher Morrow]

On Sat, Nov 29, 2014 at 3:09 PM, John Levine  wrote:
> In article 
>  you 
> write:
>>backing up a bit in the conversation, perhaps this is just in some
>>regions of comcastlandia? I don't see this in Northern Virginia...
>
> I don't see it in New Jersey, either.
>
> Is this a direct connection, or a coffee shop sharing a cable connection or
> something like that?

my test was a home consumer cable link, not business grade and not
shared (more than cable is).

Re: Transparent hijacking of SMTP submission...

[joel jaeggli]

On 11/29/14 6:32 PM, Christopher Morrow wrote:
> On Sat, Nov 29, 2014 at 3:09 PM, John Levine  wrote:
>> In article 
>>  you 
>> write:
>>> backing up a bit in the conversation, perhaps this is just in some
>>> regions of comcastlandia? I don't see this in Northern Virginia...
>>
>> I don't see it in New Jersey, either.
>>
>> Is this a direct connection, or a coffee shop sharing a cable connection or
>> something like that?
> 
> my test was a home consumer cable link, not business grade and not
> shared (more than cable is).

The phenomena I reported was observed on a consumer cable service (not
my own). it is now no-longer in evidence with that same source ip. In
answer an intermediate observation, the cpe and the devices on it are
sufficiently well understood now to rule them out.

from the mail servers vantage point...

Nov 27 x nagasaki sm-mta[5698]: NOQUEUE: tcpwrappers
((reverse).wa.comcast.net, (ip) ) rejection

given that the client gives up because it can't startssl and therefore
won't attempt to auth.

whereas a successful attempt with the same source ip is:

Nov 26 x nagasaki sm-mta[397]: STARTTLS=server,
relay=c-(reverse).wa.comcast.net [(ip)], version=TLSv1/SSLv3,
verify=NOT, cipher=DHE-RSA-AES128-SHA, bits=128/128



signature.asc
Description: OpenPGP digital signature

Re: Transparent hijacking of SMTP submission...

[Christopher Morrow]

On Sat, Nov 29, 2014 at 10:27 PM, joel jaeggli  wrote:
> On 11/29/14 6:32 PM, Christopher Morrow wrote:
>> On Sat, Nov 29, 2014 at 3:09 PM, John Levine  wrote:
>>> In article 
>>>  you 
>>> write:
 backing up a bit in the conversation, perhaps this is just in some
 regions of comcastlandia? I don't see this in Northern Virginia...
>>>
>>> I don't see it in New Jersey, either.
>>>
>>> Is this a direct connection, or a coffee shop sharing a cable connection or
>>> something like that?
>>
>> my test was a home consumer cable link, not business grade and not
>> shared (more than cable is).
>
> The phenomena I reported was observed on a consumer cable service (not
> my own). it is now no-longer in evidence with that same source ip. In
> answer an intermediate observation, the cpe and the devices on it are
> sufficiently well understood now to rule them out.

ah, phew.

>
> from the mail servers vantage point...
>
> Nov 27 x nagasaki sm-mta[5698]: NOQUEUE: tcpwrappers
> ((reverse).wa.comcast.net, (ip) ) rejection
>

super odd, and telling.

> given that the client gives up because it can't startssl and therefore
> won't attempt to auth.
>
> whereas a successful attempt with the same source ip is:
>
> Nov 26 x nagasaki sm-mta[397]: STARTTLS=server,
> relay=c-(reverse).wa.comcast.net [(ip)], version=TLSv1/SSLv3,
> verify=NOT, cipher=DHE-RSA-AES128-SHA, bits=128/128
>

perhaps comcast (technician) was trying to do the 'right thing' here
and mistook 'but someone is operating a mailserver that the trust' vs
'spammer' from the situation with TLS being 'a good thing' and 'please
do not subvert my tls, yo!'

glad to see this returned to expected flows.

Phasing out of telco TDM Backbones (was: Phasing out of copper)

[Jay Ashworth]

- Original Message -
> From: "Måns Nilsson" 

> Maintaining copper plant is expensive. It will be retired as soon as
> buy-in on FTTH is high enough. Telia Sonera is doing it in Sweden,
> so the trend is global. (OTOH, in Sweden, young people moving out from
> their parents, if they can find somewhere to rent, usually only get a
> fixed connection for Internet access. Telephony is all mobile.)

Absolutely: maintaining analog copper last-mile is expensive.

But let us not conflate being ok with telcos replacing analog copper last-mile
with being ok with telcos replacing PCM with VoIP, especially in trunking
applications, and *especially* using non-dedicated backbones, as these are the
directions the RBOCs appear to be going in, and those are much less acceptable
ideas than the former.

Cheers,
-- jra
-- 
Jay R. Ashworth  Baylink   j...@baylink.com
Designer The Things I Think   RFC 2100
Ashworth & Associates   http://www.bcp38.info  2000 Land Rover DII
St Petersburg FL USA  BCP38: Ask For It By Name!   +1 727 647 1274

RE: Phasing out of telco TDM Backbones (was: Phasing out of copper)

[Nathan Anderson]

On Saturday, November 29, 2014 9:10 PM, Jay Ashworth <> wrote:

> But let us not conflate being ok with telcos replacing analog copper
> last-mile with being ok with telcos replacing PCM with VoIP, especially
> in trunking applications, ... [snip]

Let's also not conflate audio codecs with L2.  "PCM" and "VoIP" are not 
mutually-exclusive things by any stretch.

-- 
Nathan Anderson
First Step Internet, LLC
nath...@fsr.com

Re: Phasing out of telco TDM Backbones (was: Phasing out of copper)

[Jay Ashworth]

- Original Message -
> From: "Nathan Anderson" 

kbones (was: Phasing out of copper)
> On Saturday, November 29, 2014 9:10 PM, Jay Ashworth <> wrote:
> > But let us not conflate being ok with telcos replacing analog copper
> > last-mile with being ok with telcos replacing PCM with VoIP,
> > especially
> > in trunking applications, ... [snip]
> 
> Let's also not conflate audio codecs with L2. "PCM" and "VoIP" are not
> mutually-exclusive things by any stretch.

Oh, sure.  But my point is this:

How many Erlangs can you fit through that clear-channel T-3?

There's man-centuries of engineering in the design of the TDM backbone,
and the people making the decisions about abandoning that design weren't
even alive, in some cases, when that work was done, and don't know what
"Notes On The Networks" is.

Cheers,
-- jr 'I can lay hands on my copy in 60 seconds' a
-- 
Jay R. Ashworth  Baylink   j...@baylink.com
Designer The Things I Think   RFC 2100
Ashworth & Associates   http://www.bcp38.info  2000 Land Rover DII
St Petersburg FL USA  BCP38: Ask For It By Name!   +1 727 647 1274

Re: TeliaSonera IC Contacts

[Alistair Mackenzie]

I'd be inclined to not buy from them if they are not replying to sales
emails.

You've got to ask what their NOC will be like once you are a customer...

On 29 November 2014 at 16:08, Sander Steffann  wrote:

> Hi,
>
> > It's more of a "have to buy from them" as opposed to a "want to buy from
> them." I'd much prefer NTT, but they are nowhere near where we are
> unfortunately.
>
> You were talking about Amsterdam, right? There are plenty of transits you
> can buy from.
>
> Cheers,
> Sander
>
>

Re: Phasing out of telco TDM Backbones (was: Phasing out of copper)

[Antonio Querubin]

On Sun, 30 Nov 2014, Jay Ashworth wrote:


Oh, sure.  But my point is this:

How many Erlangs can you fit through that clear-channel T-3?


Personally I find the use of Erlangs in a packet-switched environment 
somewhat irrelevant.  What has been more useful me in capacity planning 
and staying out of trouble has been statistical bandwidth peak usage data.


Antonio Querubin
e-mail:  t...@lavanauts.org
xmpp:  antonioqueru...@gmail.com