<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:12pt"><div class="" style=""><span class="" style="">Service providers who've used RFC1918s internally might be getting blocking for free ...</span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; background-color: transparent; font-style: normal;" class=""><span class="" style=""><br class="" style=""></span></div><div style="background-color: transparent;" class=""><span class="" style="">"Issues with Private IP Addressing in the Internet"</span></div><div style="background-color: transparent;" class=""><span class="" style="">http://tools.ietf.org/html/rfc6752<br style="color: rgb(0, 0, 0); font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 16px;
font-style: normal;" class=""><br></span></div><div class="" style=""><br class="" style=""></div><blockquote style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; margin-top: 5px; padding-left: 5px;" class=""> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 12pt;" class=""> <div style="font-family: times new roman, new york, times, serif; font-size: 12pt;" class=""> <div dir="ltr" class="" style=""> <hr size="1" class="" style=""> <font size="2" face="Arial" class="" style=""> <b class="" style=""><span style="font-weight:bold;" class="">From:</span></b> Luca Salvatore <luca@digitalocean.com><br class="" style=""> <b class="" style=""><span style="font-weight: bold;" class="">To:</span></b> "ausnog@lists.ausnog.net" <ausnog@lists.ausnog.net> <br class="" style=""> <b class="" style=""><span style="font-weight: bold;" class="">Sent:</span></b> Wednesday, 21 May
2014 9:05 AM<br class="" style=""> <b class="" style=""><span style="font-weight: bold;" class="">Subject:</span></b> Re: [AusNOG] network security Question<br class="" style=""> </font> </div> <div class="" style=""><br class="" style=""><div id="yiv9570801739" class="" style=""><div class="" style=""><div dir="ltr" class="" style="">There's a special place in Hell reserved for people (especially providers) who block ICMP ;-)</div><div class="" style=""><br clear="none" class="" style=""><br clear="none" class="" style=""><div class="" id="yiv9570801739yqt26927" style=""><div class="" style="">On Tue, May 20, 2014 at 9:13 PM, Damien Gardner Jnr <span dir="ltr" class="" style=""><<a rel="nofollow" shape="rect" ymailto="mailto:rendrag@rendrag.net" target="_blank" href="mailto:rendrag@rendrag.net" class="" style="">rendrag@rendrag.net</a>></span> wrote:<br clear="none" class="" style="">
<blockquote class="" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Pen-test scenario? It used to be the shits-and-giggles pastime at the Canberra 2600 meets, seeing how many networks could be dropped off in the same 1-hour block because they auto-blackholed <a rel="nofollow" shape="rect" target="_blank" href="http://uneeda.telstra.net/" class="" style="">uneeda.telstra.net</a>, their upstream gateway, their providers BGP IP, etc etc :-p<br clear="none" class="" style="">
<br clear="none" class="" style="">
Automatic blackholing based anything but full connection TCP is a pretty dumb idea mmmkay :)<br clear="none" class="" style="">
<span class="" style=""><font color="#888888" class="" style=""><br clear="none" class="" style="">
—DG<br clear="none" class="" style="">
</font></span><div class="" style=""><div class="" style=""><br clear="none" class="" style="">
<br clear="none" class="" style="">
On 20 May 2014, at 8:54 pm, Shain Singh <<a rel="nofollow" shape="rect" ymailto="mailto:shain.singh@gmail.com" target="_blank" href="mailto:shain.singh@gmail.com" class="" style="">shain.singh@gmail.com</a>> wrote:<br clear="none" class="" style="">
<br clear="none" class="" style="">
> Blocking arbitrary blocks is fraught with danger...<br clear="none" class="" style="">
><br clear="none" class="" style="">
>><br clear="none" class="" style="">
>> With regards to arbitrarily blocking whole country netblocks; sure, some<br clear="none" class="" style="">
>> people do it. Having your IDS/IPS temporarily block trouble addresses is<br clear="none" class="" style="">
>> probably a better solution if you want to go down that path, though.<br clear="none" class="" style="">
>><br clear="none" class="" style="">
><br clear="none" class="" style="">
> Common pen-test scenario for if you have an IDS/IPS setup to<br clear="none" class="" style="">
> temporarily block based on attack signatures is to make your attacks<br clear="none" class="" style="">
> look like they originate from root DNS servers.<br clear="none" class="" style="">
><br clear="none" class="" style="">
><br clear="none" class="" style="">
> --<br clear="none" class="" style="">
> Shaineel Singh<br clear="none" class="" style="">
> e: <a rel="nofollow" shape="rect" ymailto="mailto:shain.singh@gmail.com" target="_blank" href="mailto:shain.singh@gmail.com" class="" style="">shain.singh@gmail.com</a><br clear="none" class="" style="">
> p: <a rel="nofollow" shape="rect" class="" style="" href="">+61 422 921 951</a><br clear="none" class="" style="">
> w: <a rel="nofollow" shape="rect" target="_blank" href="http://buffet.shainsingh.com/" class="" style="">http://buffet.shainsingh.com</a><br clear="none" class="" style="">
><br clear="none" class="" style="">
> --<br clear="none" class="" style="">
> "Too many have dispensed with generosity to practice charity" - Albert Camus<br clear="none" class="" style="">
> _______________________________________________<br clear="none" class="" style="">
> AusNOG mailing list<br clear="none" class="" style="">
> <a rel="nofollow" shape="rect" ymailto="mailto:AusNOG@lists.ausnog.net" target="_blank" href="mailto:AusNOG@lists.ausnog.net" class="" style="">AusNOG@lists.ausnog.net</a><br clear="none" class="" style="">
> <a rel="nofollow" shape="rect" target="_blank" href="http://lists.ausnog.net/mailman/listinfo/ausnog" class="" style="">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br clear="none" class="" style="">
<br clear="none" class="" style="">
_______________________________________________<br clear="none" class="" style="">
AusNOG mailing list<br clear="none" class="" style="">
<a rel="nofollow" shape="rect" ymailto="mailto:AusNOG@lists.ausnog.net" target="_blank" href="mailto:AusNOG@lists.ausnog.net" class="" style="">AusNOG@lists.ausnog.net</a><br clear="none" class="" style="">
<a rel="nofollow" shape="rect" target="_blank" href="http://lists.ausnog.net/mailman/listinfo/ausnog" class="" style="">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br clear="none" class="" style="">
</div></div></blockquote></div></div><br clear="none" class="" style=""><br clear="all" class="" style=""><div class="" style=""><br clear="none" class="" style=""></div>-- <br clear="none" class="" style=""><div dir="ltr" class="" style="">Luca Salvatore<div class="" style="">Network Engineer</div><div class="" style="">DigitalOcean</div><div class="" style="">AUS: +61 414 700 383</div><div class="" style="">USA: +1 (347) 305-4030</div></div>
</div></div></div><br class="" style=""><div class="" id="yqt30952" style="">_______________________________________________<br clear="none" class="" style="">AusNOG mailing list<br clear="none" class="" style=""><a shape="rect" ymailto="mailto:AusNOG@lists.ausnog.net" href="mailto:AusNOG@lists.ausnog.net" class="" style="">AusNOG@lists.ausnog.net</a><br clear="none" class="" style=""><a shape="rect" href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank" class="" style="">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br clear="none" class="" style=""></div><br class="" style=""><br class="" style=""></div> </div> </div> </blockquote><div></div> </div></body></html>