Re: IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

2018-03-01 Thread Harald Koch
On 1 March 2018 at 18:48, Mark Andrews wrote: > ULA provide stable internal addresses which survive changing ISP > for the average home user. Yeah this is pretty much what I'm doing. ULA for stable, internal addresses that I can put into the (internal) DNS: ISP prefixes for global routing. Renu

Re: IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

2018-03-01 Thread Mark Andrews
> On 2 Mar 2018, at 11:48 am, Matt Erculiani wrote: > > Not sure if this is the common thought, but if anyone has a network > which requires static IP assignments, they can probably justify a > request for a /48 from an RIR. After all, ARIN's requirement for an > end-user IPv6 block is, at mini

Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

2018-03-01 Thread Randy Bush
hyperbole. sad and embarrassing to say, but it’s just another damned day of the internet security rolling disaster. there will be more. there will be worse. and screaming wolf will only make folk inured (excuse the american idiom). randy

Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

2018-03-01 Thread Jippen
The problem here is that you're not being shot in the foot, you're moving a semi full of ammo and parking it in front of my building. Collateral damage from other people being lazy with their servers is a pain. Oh, and this was used to set a new high water mark for 'Biggest DDoS' against github. 1

dnswl.org contact

2018-03-01 Thread Randy Bush
anyone have contact with the dnswl.org folk? my calendar says that it is the time of year i owe them some money, and i can not seem to pay them. randy

Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

2018-03-01 Thread Randy Bush
> The defaults for Zimbra seem to be to listen everywhere all the time. > amidst all the hysterical pontification, i am having trouble finding any > release which has, by default, a port 11211 listener on any interface. sorry, i should have said "any operating system release" yes, you can inst

Re: IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

2018-03-01 Thread Mark Andrews
> On 2 Mar 2018, at 9:28 am, Owen DeLong wrote: > > >> On Mar 1, 2018, at 1:20 PM, Harald Koch wrote: >> >> On 1 March 2018 at 15:18, Owen DeLong > > wrote: >> Second, RFC-1918 doesn’t apply to IPv6 at all, and (fortunately) hardly >> anyone >> uses ULA (the IPv6 anal

Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

2018-03-01 Thread Royce Williams
On Thu, Mar 1, 2018 at 1:38 PM, Randy Bush wrote: > > > this is sort of why openbsd listens only on 127.0.0.1/::1 by default, > > right? it's the only sane choice for 'fresh out of the box' network > > daemons: "Yes, it's running, yes I can healthcheck it locally to prove > > it's running" > > ami

Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

2018-03-01 Thread Mike Hammett
The defaults for Zimbra seem to be to listen everywhere all the time. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Randy Bush" To: "Christopher Morrow" Cc: "North American Network Operators' Grou

Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

2018-03-01 Thread Christopher Morrow
On Thu, Mar 1, 2018 at 5:50 PM, Christopher Morrow wrote: > pre install of memcache on a (debianXXX) > $ cat /etc/debian_version 9.3 (cut/paste fail before click-submit) > Abort. > morrowc@build:~$ netstat -anA inet | grep LIST > tcp0 0 192.110.255.61:53 0.0.0.0:* > LISTEN

Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

2018-03-01 Thread Christopher Morrow
pre install of memcache on a (debianXXX) Abort. morrowc@build:~$ netstat -anA inet | grep LIST tcp0 0 192.110.255.61:53 0.0.0.0:* LISTEN tcp0 0 127.0.0.1:530.0.0.0:* LISTEN tcp0 0 0.0.0.0:22 0.0.0.0:

Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

2018-03-01 Thread Randy Bush
> this is sort of why openbsd listens only on 127.0.0.1/::1 by default, > right? it's the only sane choice for 'fresh out of the box' network > daemons: "Yes, it's running, yes I can healthcheck it locally to prove > it's running" amidst all the hysterical pontification, i am having trouble findin

Re: IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

2018-03-01 Thread Owen DeLong
> On Mar 1, 2018, at 1:20 PM, Harald Koch wrote: > > On 1 March 2018 at 15:18, Owen DeLong > wrote: > Second, RFC-1918 doesn’t apply to IPv6 at all, and (fortunately) hardly anyone > uses ULA (the IPv6 analogue to RFC-1918). > > Wait. What's the objection to ULA? Is it

IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

2018-03-01 Thread Harald Koch
On 1 March 2018 at 15:18, Owen DeLong wrote: > Second, RFC-1918 doesn’t apply to IPv6 at all, and (fortunately) hardly > anyone > uses ULA (the IPv6 analogue to RFC-1918). > Wait. What's the objection to ULA? Is it just that NAT is bad, or is there something new? -- Harald

Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

2018-03-01 Thread Christopher Morrow
On Thu, Mar 1, 2018 at 3:18 PM, Owen DeLong wrote: > I don’t agree that making RFC-1918 limitations a default in any daemon > makes any > sense whatsoever. > > First, there are plenty of LANs out there that don’t use RFC-1918. > > Second, RFC-1918 doesn’t apply to IPv6 at all, and (fortunately) h

Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

2018-03-01 Thread Owen DeLong
I don’t agree that making RFC-1918 limitations a default in any daemon makes any sense whatsoever. First, there are plenty of LANs out there that don’t use RFC-1918. Second, RFC-1918 doesn’t apply to IPv6 at all, and (fortunately) hardly anyone uses ULA (the IPv6 analogue to RFC-1918). I do agre

[NANOG-announce] Program Committee appointments

2018-03-01 Thread Ryan Donnelly
*Greetings, fellow NANOG enthusiasts,I’m pleased to announce that the board has appointed 11 individuals to the Program Committee. As always, making these appointments is an exercise in difficult choices; and these appointments were made especially challenging by this cycle’s 18 highly-qualified ap

Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

2018-03-01 Thread Eric Kuhnke
On the other side: VM/VPS providers have a template based image that they use for every type and subtype of operating system it's possible to auto-provision. For example Ubuntu Server Xenial AMD64 or Debian Jessie or Stretch AMD64. It's important that VM/VPS providers don't push fresh images that

ALTDB maintainer creation

2018-03-01 Thread Jacob Slater
Hello all, Any chance anyone has a contact for any of the ALTDB admins? I put in a maintainer creation request several months ago and haven't heard back. Working with an upstream who will only take ALTDB or LOAs and would like to avoid having to due LOAs in the future. Thanks all, Jacob Slater