On Aug 15, 2012, at 1:52 PM, Randy Bush wrote:
>> It also sounds like RIPE did a big screw you to the Dutch police for
>> trying to interfere.
>
> no, they caved.
>
No, they did not "cave." Court orders through the Dutch courts are integrated
in their processes. It was coordinated with RIPE
On 16/08/2012 01:07, Randy Bush wrote:
> ripe caved at the time. yes it was a yank court order propagated as a
> dutch police order. in ljubljana, ncc staff said that they regretted
> caving, had not really needed to do so, it was a mistake that they would
> not repeat. present company excluded,
> However, for network sanitation purposes, I'll admit some surprise
> that the DNSchanger blocks have been reused so quickly.
i conject
sets a precedent for quick grab and sell, well rent. those dnschanger
folk were bad guys, so no one should have sympathy for them. first they
came for ... [h
On Aug 15, 2012, at 5:59 PM, Nick Hilliard wrote:
> Approx 2 months later after taking legal advice, the NCC formed the view
> that the police and the prosecutor had no legal basis for making the
> request and they consequently unlocked the objects.
With the end result that someone gets some rea
ripe caved at the time. yes it was a yank court order propagated as a
dutch police order. in ljubljana, ncc staff said that they regretted
caving, had not really needed to do so, it was a mistake that they would
not repeat. present company excluded, we all make mistakes.
randy
On 15/08/2012 22:34, Randy Bush wrote:
> at the time, ripe caved to the court order. took some weeks before they
> woke up. now a lot of noise, lawyers, and whitewash.
whoa, wait up there, you cocky youngster. It wasn't a court order; it was
a police order consequent to a request for internatio
Gotcha
On Wed, Aug 15, 2012 at 4:34 PM, Randy Bush wrote:
> > Caved? How so?
>
> at the time, ripe caved to the court order. took some weeks before they
> woke up. now a lot of noise, lawyers, and whitewash.
>
> randy
>
> Caved? How so?
at the time, ripe caved to the court order. took some weeks before they
woke up. now a lot of noise, lawyers, and whitewash.
randy
Caved? How so? It looks like RIPE is ignoring the court order to keep the
blocks locked. Unless i am misunderstanding it.
On Wed, Aug 15, 2012 at 3:52 PM, Randy Bush wrote:
> > It also sounds like RIPE did a big screw you to the Dutch police for
> > trying to interfere.
>
> no, they caved.
>
> It also sounds like RIPE did a big screw you to the Dutch police for
> trying to interfere.
no, they caved.
On Wed, 15 Aug 2012 11:51:32 -0400, Randy Whitney said:
> Perhaps it should not have been re-allocated at all, rather than cause
> the unsuspecting allocatee trouble they would not have seen from
> clean(er) space.
"unsuspecting"??!?
You want a clean prefix, get some IPv6 space instead. Anybody
On 8/15/12 10:24 AM, Leo Bicknell wrote:
In a message written on Wed, Aug 15, 2012 at 08:01:15AM -0700, joel jaeggli
wrote:
Remediation of whatever wrong with a given prefix is an active activity,
it's not likely to go away unless the prefix is advertised.
Actually, that's not true on two fron
In a message written on Wed, Aug 15, 2012 at 08:01:15AM -0700, joel jaeggli
wrote:
> Remediation of whatever wrong with a given prefix is an active activity,
> it's not likely to go away unless the prefix is advertised.
Actually, that's not true on two fronts.
From a business relationship front
On 8/15/2012 11:36 AM, TJ wrote:
On Wed, Aug 15, 2012 at 9:55 AM, Leo Bicknell wrote:
In a message written on Wed, Aug 15, 2012 at 10:46:52AM +0100, Stephen
Wilcox wrote:
https://www.ripe.net/internet-coordination/news/clarification-on-reallocated-ipv4-address-space-related-to-dutch-police-
On Wed, Aug 15, 2012 at 9:55 AM, Leo Bicknell wrote:
> In a message written on Wed, Aug 15, 2012 at 10:46:52AM +0100, Stephen
> Wilcox wrote:
> >
> https://www.ripe.net/internet-coordination/news/clarification-on-reallocated-ipv4-address-space-related-to-dutch-police-order
>
> From the article:
>
On 8/15/12 6:55 AM, Leo Bicknell wrote:
While I understand that in the face of IPv4 exhaustion long quarantine
periods are probably no longer a good idea, I think 6 weeks is
shockingly short. I also think to blanket apply the quarantine is
a little short sighted, there are cases that need a long
In a message written on Wed, Aug 15, 2012 at 10:46:52AM +0100, Stephen Wilcox
wrote:
> https://www.ripe.net/internet-coordination/news/clarification-on-reallocated-ipv4-address-space-related-to-dutch-police-order
From the article:
] The address space was quarantined for six weeks before being re
>From the little blurb on the RIPE site, it sounds like the Dutch police are
making threats (taking over administration) that they can't legally keep.
It also sounds like RIPE did a big screw you to the Dutch police for
trying to interfere.
-Grant
On Wed, Aug 15, 2012 at 4:46 AM, Stephen Wilcox
FYI RIPE reallocated these blocks. Whilst I understand they didn't want the
court order, this seems a bit silly, doesn't that now make the machines
residing in these blocks special - even if the owners arent miscreants, it
makes them a viable target.
https://www.ripe.net/internet-coordination/news
On Jul 7, 2012, at 10:31 AM, Jay Ashworth wrote:
> - Original Message -
>> From: "Seth Mattinen"
>
>>> On Fri, 06 Jul 2012 13:20:55 -0400, Andrew Fried said:
The dns-ok.us site is getting crushed from all the sudden media
interest.
>>>
>>> One wonders why it's so hard to get
- Original Message -
> From: "Seth Mattinen"
> > On Fri, 06 Jul 2012 13:20:55 -0400, Andrew Fried said:
> >> The dns-ok.us site is getting crushed from all the sudden media
> >> interest.
> >
> > One wonders why it's so hard to get the media interested when it
> > would be *helpful*. DNS
The subnets will probably be held until the conclusion of the criminal
trials. After that, the addresses may be held back from assignment for
a while (e.g. a year), but eventually they'll get reassigned.
Andrew Fried
andrew.fr...@gmail.com
On 7/6/12 4:45 PM, Roy wrote:
> On 7/6/2012 1:15 PM, An
>
> We've been doing this for subscribers (including free community ones)
> since we got the sinkhole IPs from Andrew @ SIE/MAAWG.
>
At least now, the the ranges are publicly outlined in
http://www.fbi.gov/news/stories/2011/november/malware_110911/DNS-changer-malware.pdf
85.255.112.0 through 85.2
; To: 'nanog@nanog.org'
> Subject: RE: DNS Changer items
>
> We verified one a while back, who had already had the problem fixed
when
> the FBI sent us the physical mail. Concidering number of internet
customers
> in the US vs our internet customers with known number of US subsri
On 7/6/2012 1:15 PM, Andrew Fried wrote:
Cameron,
That idea had been brought up. Also discussed was short durations of
random blackouts of dns resolution to impress upon the infected users
that they needed to take action. Unfortunately, taking either of those
actions would have exceeded the au
think having the ISC DNS changer sinkhole servers return the DCWG
> check page IP for all queries would be a good final act.
>
>> -Original Message-
>> From: Andrew Fried [mailto:andrew.fr...@gmail.com]
>> Sent: Friday, July 06, 2012 11:16 AM
>> To: Cameron
> -Original Message-
> From: valdis.kletni...@vt.edu [mailto:valdis.kletni...@vt.edu]
> Sent: Friday, July 06, 2012 11:07 AM
> To: Cameron Byrne
> Cc: nanog@nanog.org
> Subject: Re: DNS Changer items
>
> On Fri, 06 Jul 2012 10:52:56 -0700, Cameron Byrne sa
g.org
> Subject: Re: DNS Changer items
>
> The DNS redirection began on November 8, 2011. The servers were
> instrumented to capture a very small portion of the dns data (source
ip and
> port only) so that reports of infected users could be sent to the ISPs
via
> reportin
On 7/6/2012 11:06 AM, valdis.kletni...@vt.edu wrote:
On Fri, 06 Jul 2012 10:52:56 -0700, Cameron Byrne said:
So insteading of turning the servers off, would it not have been helpful to
have the servers return a "captive portal" type of reponse
Not all DNS lookups are for HTTP.
If you turn the
The DNS redirection began on November 8, 2011. The servers were
instrumented to capture a very small portion of the dns data (source ip
and port only) so that reports of infected users could be sent to the
ISPs via reporting organizations like Shadowserver.
Some ISPs did create walled gardens. S
From: Merike Kaeo [mailto:k...@merike.com]
> Sent: Friday, July 06, 2012 1:06 PM
> To: Cameron Byrne
> Cc: nanog@nanog.org
> Subject: Re: DNS Changer items
>
>
> The ISPs who have been proactive in mitigating and
> redirecting have been/are doing this. (global reach here)
>
&g
On Fri, 06 Jul 2012 10:52:56 -0700, Cameron Byrne said:
> So insteading of turning the servers off, would it not have been helpful to
> have the servers return a "captive portal" type of reponse
Not all DNS lookups are for HTTP.
pgpBaEoKfFXQ1.pgp
Description: PGP signature
The ISPs who have been proactive in mitigating and redirecting have been/are
doing this. (global reach here)
The court ordered DNS servers have been up since Nov 9th and lots of outreach
donethe intent was a
graceful ramp down. Sadly, the state of folks helping with overall malware
cleanu
On 7/6/2012 10:44 AM, valdis.kletni...@vt.edu wrote:
On Fri, 06 Jul 2012 13:20:55 -0400, Andrew Fried said:
The dns-ok.us site is getting crushed from all the sudden media
interest.
One wonders why it's so hard to get the media interested when it
would be *helpful*. DNS Changer gets traction l
So insteading of turning the servers off, would it not have been helpful to
have the servers return a "captive portal" type of reponse saying "hey,
since you use this server, you are broken, go here to get fixed"
Seems that would have been a more graceful ramp down.
CB
On 7/6/12 10:44 AM, valdis.kletni...@vt.edu wrote:
> On Fri, 06 Jul 2012 13:20:55 -0400, Andrew Fried said:
>> The dns-ok.us site is getting crushed from all the sudden media
>> interest.
>
> One wonders why it's so hard to get the media interested when it
> would be *helpful*. DNS Changer gets t
On Fri, 06 Jul 2012 13:20:55 -0400, Andrew Fried said:
> The dns-ok.us site is getting crushed from all the sudden media
> interest.
One wonders why it's so hard to get the media interested when it
would be *helpful*. DNS Changer gets traction like 3 days before the
drop dead date, IPv6 gets on t
Jared Mauch wrote:
>
> On Jul 6, 2012, at 12:34 PM, Eric J Esslinger wrote:
>
> > A) The DNS changer working group site http://www.dns-ok.us seems to be
> > down for the clean people anyway. (Down for everyone agrees with me).
>
> Works via IPv6. (I suspect all the media attention you referenced
The dns-ok.us site is getting crushed from all the sudden media
interest. We're trying to tweak it to handle the 50,000 or so
simultaneous connections.
Andy
Andrew Fried
andrew.fr...@gmail.com
On 7/6/12 12:34 PM, Eric J Esslinger wrote:
> A) The DNS changer working group site http://www.dns-ok
On Jul 6, 2012, at 12:34 PM, Eric J Esslinger wrote:
> A) The DNS changer working group site http://www.dns-ok.us seems to be down
> for the clean people anyway. (Down for everyone agrees with me).
Works via IPv6. (I suspect all the media attention you referenced may be
causing some load issu
A) The DNS changer working group site http://www.dns-ok.us seems to be down for
the clean people anyway. (Down for everyone agrees with me).
B) Fox, CNN, and MSNBC have apparantly all run stories in the last couple of
hours that essentially ended with 'Call your ISP if you have any questions'
(g
41 matches
Mail list logo
