N92 Presentation Submission Deadline Approaching + More

*Reminder— Submit Your Presentation for N92!* *Deadline for Presentations is Approaching — Sun. 08, Sept.* *We aim to highlight presentations throughout NANOG 92, focusing on IPv6.* *Specific talk topics that are always sought after: * - Network Automation - practical uses, how to get started

FYI - ARIN submission in response to FCC 22-90 on Secure Internet Routing

NANOGers - As noted earlier, the FCC is in the midst of a consultation right now regarding vulnerabilities threatening the security and integrity of the Border Gateway Protocol (BGP). Please note that ARIN did file comments on this docket, and they may found online here in our government engag

CFP: IEEE ICNP (Submission Deadline Just a Week Away)

. == Important dates Paper SubmissionMay 8, 2015, 7:59 PM EST (FIRM) Acceptance Notification June 30, 2015 Camera Ready VersionAug 15, 2015 == We invite papers with

Re: Call For Presentations RIPE 70, submission deadline 1 March 2015

> neutral facilitator. > > In addition to presentations selected in advance for the plenary, the > RIPE PC also offers several time slots for "lightning talks", which are > selected immediately before or during the conference. > > The following general requirements apply: &

Call For Presentations RIPE 70, submission deadline 1 March 2015

tning talks", which are selected immediately before or during the conference. The following general requirements apply: - Proposals for plenary session presentations, BoFs, panels, workshops and tutorials must be submitted for full consideration no later than 1 March 2015, using the meeting

Re: Transparent hijacking of SMTP submission...

> On Dec 1, 2014, at 5:25 AM, Livingood, Jason > wrote: > > On 11/29/14, 3:17 PM, "John Levine" wrote: > >> PS: I know enough technical people at Comcast that I would be >> extremely surprised if it were Comcast doing this. There's plenty not to >> like about the corporation, but the technic

Re: Transparent hijacking of SMTP submission...

There’s a big difference between illegal and civil liability for breech of contract. If I am paying someone for access to the internet, then I expect them not to modify, alter, rewrite, or otherwise interfere with my packets. If they do so, they may not have violated 47 USC 230, but they have

Re: Transparent hijacking of SMTP submission...

I suspect it isn’t comcast at all. I suspect it is the wifi operator and they happen to use comcast as an upstream. The RDNS points to the public address in front of the wifi. The proxy doing the rewriting is likely behind that. Owen > On Nov 29, 2014, at 10:46 AM, Christopher Morrow > wrote

Re: Transparent hijacking of SMTP submission...

There’s a big difference between illegal and civil liability for breech of contract. If I am paying someone for access to the internet, then I expect them not to modify, alter, rewrite, or otherwise interfere with my packets. If they do so, they may not have violated 47 USC 230, but they have c

Re: Transparent hijacking of SMTP submission...

On 11/29/14, 3:17 PM, "John Levine" wrote: >PS: I know enough technical people at Comcast that I would be >extremely surprised if it were Comcast doing this. There's plenty not to >like about the corporation, but the technical staff are quite competent. Thanks, John! I can tell folks here unequ

Re: Transparent hijacking of SMTP submission...

On 11/29/14, 12:26 PM, "Jean-Francois Mezei" wrote: >However, in the case of SMTP, due to the amount of spam, most ISPs break >"network neutrality" by blocking outbound port 25 for instance Whatever Net Neutrality may mean this week, it is usually intended to allow for reasonable network managem

Re: Transparent hijacking of SMTP submission...

n Sat, Nov 29, 2014 at 10:27 PM, joel jaeggli wrote: > The phenomena I reported was observed on a consumer cable service (not > my own). it is now no-longer in evidence with that same source ip. In > answer an intermediate observation, the cpe and the devices on it are > sufficiently well underst

Re: Transparent hijacking of SMTP submission...

On Sat, Nov 29, 2014 at 10:27 PM, joel jaeggli wrote: > On 11/29/14 6:32 PM, Christopher Morrow wrote: >> On Sat, Nov 29, 2014 at 3:09 PM, John Levine wrote: >>> In article >>> you >>> write: backing up a bit in the conversation, perhaps this is just in some regions of comcastlandia?

Re: Transparent hijacking of SMTP submission...

On 11/29/14 6:32 PM, Christopher Morrow wrote: > On Sat, Nov 29, 2014 at 3:09 PM, John Levine wrote: >> In article >> you >> write: >>> backing up a bit in the conversation, perhaps this is just in some >>> regions of comcastlandia? I don't see this in Northern Virginia... >> >> I don't see it

Re: Transparent hijacking of SMTP submission...

On Sat, Nov 29, 2014 at 3:09 PM, John Levine wrote: > In article > you > write: >>backing up a bit in the conversation, perhaps this is just in some >>regions of comcastlandia? I don't see this in Northern Virginia... > > I don't see it in New Jersey, either. > > Is this a direct connection, or

Re: Transparent hijacking of SMTP submission...

On Thu, 27 Nov 2014, joel jaeggli wrote: > I don't see this in my home market, but I do see it in someone else's... > I kind of expect this for port 25 but... > > J@mb-aye:~$telnet 147.28.0.81 587 > Trying 147.28.0.81... > Connected to nagasaki.bogus.com. > Escape character is '^]'. > 220 nagasak

Re: Transparent hijacking of SMTP submission...

The STARTTLS filter was merely a tool used to divert and tap the traffic. It is the latter which is over the line. randy, on a teensy non-computer On Nov 29, 2014, at 15:17, John Levine wrote: >> i think of it as an intentional traffic hijack. i would be talking to a >> lawyer. > > If the l

Re: Transparent hijacking of SMTP submission...

On 11/29/2014 14:09, John Levine wrote: In article you write: backing up a bit in the conversation, perhaps this is just in some regions of comcastlandia? I don't see this in Northern Virginia... I don't see it in New Jersey, either. Is this a direct connection, or a coffee shop sharing a c

Re: Transparent hijacking of SMTP submission...

>i think of it as an intentional traffic hijack. i would be talking to a >lawyer. If the lawyer says anything other than that 47 USC 230(c)(2)(A) provides broad immunity for ISP content filtering, even if the filters sometimes screw up, you need a new lawyer. Filtering STARTTLS on port 587 is pr

Re: Transparent hijacking of SMTP submission...

In article you write: >backing up a bit in the conversation, perhaps this is just in some >regions of comcastlandia? I don't see this in Northern Virginia... I don't see it in New Jersey, either. Is this a direct connection, or a coffee shop sharing a cable connection or something like that?

Re: Transparent hijacking of SMTP submission...

backing up a bit in the conversation, perhaps this is just in some regions of comcastlandia? I don't see this in Northern Virginia... $ openssl s_client -starttls smtp -connect my-mailserver.net:587 CONNECTED(0003) depth=0 description = kVjtrCL8rUdvd00q, C = US, CN = my-mailserver.net, emailA

Re: Transparent hijacking of SMTP submission...

On 14-11-29 11:07, Sander Steffann wrote: > I am so glad that our Dutch net neutrality laws state that "providers of > Internet access services may not hinder or delay any services or applications > on the Internet" (unless [...], but those exceptions make sense) However, in the case of SMTP,

Re: Transparent hijacking of SMTP submission...

Op 29 nov. 2014, om 19:37 heeft Randy Bush het volgende geschreven: > i think of it as an intentional traffic hijack. i would be talking to a > lawyer. > > randy, who plans to test next time he is behind comcast I am so glad that our Dutch net neutrality laws state that "providers of Internet

Re: Transparent hijacking of SMTP submission...

ARTTLS verb from > > the > > IPv4 port 587 SMTP submission connection between you and a third > > party? > > Yup; that's what he's saying. This was in the technical press earlier this > week -- or the end of last. > Hi Jay, Seems to me that if an ISP is

Re: Transparent hijacking of SMTP submission...

> I don't see this in my home market, but I do see it in someone else's... > I kind of expect this for port 25 but... > > J@mb-aye:~$telnet 147.28.0.81 587 > Trying 147.28.0.81... > Connected to nagasaki.bogus.com. > Escape character is '^]'. > 220 nagasaki.bogus.com ESMTP Sendmail 8.14.9/8.14.9;

Re: Transparent hijacking of SMTP submission...

- Original Message - > From: "William Herrin" > I'm not sure I follow your complaint here. Are you saying that Comcast > or a > Comcast customer in Washington state stripped the STARTTLS verb from > the > IPv4 port 587 SMTP submission connection between

Re: Transparent hijacking of SMTP submission...

aying that Comcast > or a > Comcast customer in Washington state stripped the STARTTLS verb from > the > IPv4 port 587 SMTP submission connection between you and a third > party? Yup; that's what he's saying. This was in the technical press earlier this week -- or the e

Re: Transparent hijacking of SMTP submission...

Oh it depends on the numbers. Just how many legitimate smtp submission attempts do you get from say an access point at Joes diner in nowhere, OH? Versus just how many password cracking and malware relay attempts across how many of your users, from an unpatched xp box the guy is using for a

Re: Transparent hijacking of SMTP submission...

No. He is a comcast customer. And some third party wifi access point blocked his smtp submission over TLS by setting up an asa device to inspect 587 as well. On Nov 28, 2014 6:16 AM, "William Herrin" wrote: > On Thu, Nov 27, 2014 at 2:54 PM, joel jaeggli wrote: > > I don&#x

Re: Transparent hijacking of SMTP submission...

k on my ability to use encryption > which seems to be in pretty poor taste frankly. Hi Joel, I'm not sure I follow your complaint here. Are you saying that Comcast or a Comcast customer in Washington state stripped the STARTTLS verb from the IPv4 port 587 SMTP submission connection bet

Re: Transparent hijacking of SMTP submission...

he block the compromised credentials? The whole point of submission is to authenticate the submitter and to be able to trace spam back to the submitter and deal with the issue at that level of granuality. Blocking at that level also stop the credentials being used from anywhere. scalpel vs chainsaw.

Re: Transparent hijacking of SMTP submission...

no reason for a ISP / hotspot to inspect > submission traffic. The "stopping spam" argument doesn't wash with > submission. > > Mark > > In message <54778167.7080...@bogus.com>, joel jaeggli writes: > > > > I don't see this in my home market, bu

Re: Transparent hijacking of SMTP submission...

Which is why your MTA should always be setup to require the use of STARTTLS. Additionally the CERT presented should also match the name of the server. There is absolutely no reason for a ISP / hotspot to inspect submission traffic. The "stopping spam" argument doesn't wash

Transparent hijacking of SMTP submission...

I don't see this in my home market, but I do see it in someone else's... I kind of expect this for port 25 but... J@mb-aye:~$telnet 147.28.0.81 587 Trying 147.28.0.81... Connected to nagasaki.bogus.com. Escape character is '^]'. 220 nagasaki.bogus.com ESMTP Sendmail 8.14.9/8.14.9; Thu, 27 Nov 2014

NPSec 2014: Call for Papers (Submission Deadline Extended: July 17)

CALL FOR PAPERS Ninth Workshop on Secure Network Protocols (NPSec 2014) Raleigh, North Carolina, USA October 21, 2014 In conjunction with the 22nd IEEE International Conference on Network Protocols (ICNP 2014) Web page: http://netsec.cs.uoregon.edu/npsec2014 Important Dates Submission

NPSec 2014: Call for Papers (Submission Deadline: July 10)

CALL FOR PAPERS Ninth Workshop on Secure Network Protocols (NPSec 2014) Raleigh, North Carolina, USA October 21, 2014 In conjunction with the 22nd IEEE International Conference on Network Protocols (ICNP 2014) Web page: http://netsec.cs.uoregon.edu/npsec2014 Important dates Submission

Submission

I thank you for all the ideas that we get to exploit from this site...

Re: Mail Submission Protocol

Happily Microsoft have fixed their smtps stupidity, so you only need to support it on the server if you need to support users running old versions of Outlook etc. There was never anything particularly wrong with smtps, apart from a dogma in the IETF that it is architecturally wrong. The con

Re: Mail Submission Protocol

Raoul Bhatia [IPAX] wrote: > i recently had the problem that an lotus notes server insisted on sending emails to one of our clients via port 465. so having mandatory authentication there actually broke delivery for an exchange sender. Leave it "broken" for the other end that is. Only way to fo

Re: Mail Submission Protocol

On 4/21/2010 8:16 PM, Suresh Ramasubramanian wrote: The MAAWG BCPs have far more available than one of the worst maintained blacklists that has ever been in existence. For example: d/ -- Dave Crocker Brandenburg

Re: Mail Submission Protocol

. This meant they could not support standard Message Submission on port 587. Therefore you should treat smtps (TLS-on-connect on port 465) as the special Microsoft version of RFC 4409 message submission. That is, treat the protocols exactly the same wrt authentication, authorization, firewalls, address

Re: Mail Submission Protocol

On 22 Apr 2010, at 00:07, Franck Martin wrote: Consider also smtps port which should be treated like smtp port and not like submission port, or simply do not listen on smtps as TLS is available on smtp port via esmtp. Er, no. TLS-on-connect aka smtps (as opposed to STARTTLS) is only used

Re: Mail Submission Protocol

"Alex Kamiru" > Cc: nanog@nanog.org > Sent: Thursday, 22 April, 2010 1:35:56 PM > Subject: Re: Mail Submission Protocol > > Log and monitor all that you can. And watch for a large number of IPs > logging into an account over a day (over a set limit - even across > cou

Re: Mail Submission Protocol

do something. The main issue, it not to know which machines are hijacked, but to support these machines. - Original Message - From: "Suresh Ramasubramanian" To: "Alex Kamiru" Cc: nanog@nanog.org Sent: Thursday, 22 April, 2010 1:35:56 PM Subject: Re: Mail Submissi

Re: Mail Submission Protocol

Log and monitor all that you can. And watch for a large number of IPs logging into an account over a day (over a set limit - even across country - that takes into account "home - blackberry - airport lounge - airport lounge in another country - hotel - RIPE meeting venue" type scenarios). And esp

Re: Mail Submission Protocol

Consider also smtps port which should be treated like smtp port and not like submission port, or simply do not listen on smtps as TLS is available on smtp port via esmtp. A lot of providers are now blocking smtp traffic from dynamic/residential IPs, and all clients support to enter submission

Re: Mail Submission Protocol

On 4/21/2010 6:49 AM, Claudio Lapidus wrote: So we are considering ways to further filter this traffic. We are evaluating implementation of MSA through port 587. RFC 5068, Email Submission Operations: Access and Accountability Requirements, is a BCP. It specifies authenticated port 587

Re: Mail Submission Protocol

ort 465 for this), setting this up with Message Submission for Mail (as described in RFC 4409) and STARTTLS will likely give your customers a more joyful experience thanks to reasonable defaults in most modern email clients. jakob

Re: Mail Submission Protocol

On Wed, Apr 21, 2010 at 10:49:07AM -0300, Claudio Lapidus wrote: > At our ISP operation, we are seeing increasing levels of traffic in our > outgoing MTA's, presumably due to spammers abusing some of our subscribers' > accounts. [snip] A discussion on this topic is happening on spam-l at the mome

RE: Mail Submission Protocol

pammers hijacking local users email clients -Mike -Original Message- From: Claudio Lapidus [mailto:clapi...@gmail.com] Sent: Wednesday, April 21, 2010 9:49 AM To: nanog@nanog.org Subject: Mail Submission Protocol Hello all, At our ISP operation, we are seeing increasing levels of

Re: Mail Submission Protocol

l to them and block them from sending any further email (with exception to support-staff for example). > -Mike > > -Original Message- > From: Claudio Lapidus [mailto:clapi...@gmail.com] > Sent: Wednesday, April 21, 2010 9:49 AM > To: nanog@nanog.org > Subject: Mail S

Re: Mail Submission Protocol

On Wed, Apr 21, 2010 at 10:49:07AM -0300, Claudio Lapidus wrote: > Hello all, > Hello Claudio, > At our ISP operation, we are seeing increasing levels of traffic in our > outgoing MTA's, presumably due to spammers abusing some of our subscribers' > accounts. In fact, we are seeing connections fr

Re: Mail Submission Protocol

On Apr 21, 2010, at 9:57 AM, Dan White wrote: > On 21/04/10 10:49 -0300, Claudio Lapidus wrote: >> Hello all, >> >> At our ISP operation, we are seeing increasing levels of traffic in our >> outgoing MTA's, presumably due to spammers abusing some of our subscribers' >> accounts. In fact, we are

RE: Mail Submission Protocol

stop spammers if they are hijacking the users local email client settings. -Mike -Original Message- From: Claudio Lapidus [mailto:clapi...@gmail.com] Sent: Wednesday, April 21, 2010 9:49 AM To: nanog@nanog.org Subject: Mail Submission Protocol Hello all, At our ISP operation, we are s

Re: Mail Submission Protocol

On 21/04/10 10:49 -0300, Claudio Lapidus wrote: Hello all, At our ISP operation, we are seeing increasing levels of traffic in our outgoing MTA's, presumably due to spammers abusing some of our subscribers' accounts. In fact, we are seeing connections from IPs outside of our network as many as t

Mail Submission Protocol

Hello all, At our ISP operation, we are seeing increasing levels of traffic in our outgoing MTA's, presumably due to spammers abusing some of our subscribers' accounts. In fact, we are seeing connections from IPs outside of our network as many as ten times of that from inside IPs. Probably all of

Draft paper submission deadline is extended: ISP-10

Draft paper submission deadline is extended: ISP-10 The 2010 International Conference on Information Security and Privacy (ISP-10) (website: http://www.PromoteResearch.org<http://www.promoteresearch.org/>) will be held during 12-14 of July 2010 in Orlando, FL, USA. ISP is an important ev

NANOG44 lightning talk -- submission open

NANOG44 is fast approaching and I hope to see many of you in LA this weekend and next week. As many of you know, Lightning talks are an important part of NANOG. They are short talks, often topical or late-breaking, accepted just prior to or at the conference. Total time is 10 minutes, including

NANOG 42 Lightning Talk submission reminder...

Greetings, Lightning talk submission remains open until Tuesday June 3rd. Submissions can be made on the NANOG PC website by logging in as or creating a speaker account: http://www.nanogpc.org A lightning talk is a very short presentation or speech by any attendee on any topic relevant to

NANOG 42 Lightning Talk submission reminder...

Greetings, Lightning talk submission remains open until Tuesday Feb 19th. Submissions can be made here: http://www.nanogpc.org/lightning/ A lightning talk is a very short presentation or speech by any attendee on any topic relevant to the NANOG audience. These are limited to ten minutes