Skip to Content.
Sympa Menu

netsec-sig - Re: [Security-WG] Security group highlights - December 2018

Subject: Internet2 Network Security SIG

List archive

Re: [Security-WG] Security group highlights - December 2018


Chronological Thread 
  • From: Michael H Lambert <>
  • To:
  • Subject: Re: [Security-WG] Security group highlights - December 2018
  • Date: Mon, 7 Jan 2019 11:58:05 -0500
  • Dkim-filter: OpenDKIM Filter v2.11.0 mailer2.psc.edu x07Gw8ft013297
  • Ironport-phdr: 9a23:eoE64hZR/IXx3SQLxaAN6tb/LSx+4OfEezUN459isYplN5qZr8+zbnLW6fgltlLVR4KTs6sC17KG9fi4EUU7or+5+EgYd5JNUxJXwe43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6arXK99yMdFQviPgRpOOv1BpTSj8Oq3Oyu5pHfeQpFiCa+bL9oMBm6sRjau9ULj4dlNqs/0AbCrGFSe+RRy2NoJFaTkAj568yt4pNt8Dletuw4+cJYXqr0Y6o3TbpDDDQ7KG81/9HktQPCTQSU+HQRVHgdnwdSDAjE6BH6WYrxsjf/u+Fg1iSWIdH6QLYpUjmk8qxlSgLniD0fOjA582/YlsN/gqxGrh2juRJ/zYnabZqaNPZie6PQZ9MaSXZDU8tXSidPApm8b4wKD+cZOuhYrpXyp1sUohSgAQmnGeHhwSJOiHDs2K01yPouERva3Ac9GN8OtG7brNDuO6gMS+C10LLFzS3Yb/xKwzvy9pXHcg04rPyKQLl+f83RyUw1GAPEiFWdsZDlPzOL2eQXrWeb4OtgVfmzi2E5sQF9uCSgxsA2honUhYIZ0kzE9Ct4wIYpOd23VlR7bcS4H5tXsiGWL412Q8MnQ25ytyY20KEJuZm+fCUM1Z8pxAbfZuSZf4SU/h7vSeOcLDdmi39mfb+zmRO//Eehx+D5U8S50UxFojJYntXStX0BzQHf58uZRvdn40us2CqD2xrN5u1ZI005k7fQJYQ7zb4qjJUTtFzOHi/ol0Xyi6+bbkAk9fKp6+TjfLrmvIGQO5VsigHlLqsigNKwDvklMgQWXmib//qz1KH78EHnXLlGkuA6n6zZvZ/EJskWo7C1Dgpa34si7huyCjar384AkXkCNl1FeRaHj4bzO1HJJfD1FfO/jE6pkDhw2f/GJKHhD47VLnjYjLjtZ6hy5FNByAYr19BQ+4pUCq0dIPL0QkLxr8LXAQMkMwyuwubnFNV82poQWGKAGaKZNKLSsUSU5uI0PeWAfo4VuDDhK/c7/f7ui2E2mUMDcaWzw5QYdW24TbxaJBCCbHHxmNYdACIVsSI/SvDnkluPTWQVanqvDIwm4TRuLYOtDY7OQsiNyJiI2S22BIEeMmRPD1qBC2vAb56PHfoAdXTBcYdajjUYWO35GMca3ha0uVqixg==

I fully agree with blocking RFC1918 addresses. There are lots of other
"static" bogon ranges, too, in both modern and legacy IP. These include
documentation and IANA-reserved addresses. How aggressive should Internet2
(or connectors) be in blocking these in addition to RFC1918?

Michael

> On 7 Jan 2019, at 11:43, Brad Fleming
> <>
> wrote:
>
> I’m assuming RFC1918 IPs as the source, correct? Regardless of source or
> destination address I’m good with it. We shouldn’t be leaking that junk, if
> we are something is broken, and I don’t expect Internet2 or the greater
> community to deal with our failures. A publicly viewable counter on the
> firewall filter term could be useful; I could make one of our junior
> network team check the I2 counter every month to verify we don’t have an
> internal issue. I’d be fine if that instrumentation wasn’t added until
> later if I2 staff would like to move quickly on deploying filters but also
> want to gather more input from the community on exposing FW filter counters
> in this manner.
> --
> Brad Fleming
> Assistant Director for Technology
> Kansas Research and Education Network
>
>> On Jan 7, 2019, at 10:13 AM, Adair Thaxton
>> <>
>> wrote:
>>
>> I trust everyone had a nice break, and hasn't been driven up the wall by
>> bored children yet. Our three-year-old reached the "why?" stage just in
>> time for break, so if you're still sane, I envy you!
>>
>>
>> - Internet2 is considering blocking all RFC1918 space at ingress links.
>> We do not expect this to affect cloud tunnel traffic, or any legitimate
>> traffic. However, we all know the pitfalls of that last statement,
>> especially on our networks! We plan to start by logging RFC1918 traffic
>> only, and then move to blocking it. We also plan to offer opt-outs for
>> customers who need them. We would welcome your input on this, for our
>> benefit as well as for the benefit of other customers.
>>
>>
>> - Check your routing tables!
>> https://twitter.com/InternetIntel/status/1080466509292621829
>>
>>
>> - Hat tip to researchers at the University of Maryland!
>> https://www.theregister.co.uk/2019/01/03/recaptcha_voice_challenge/
>>
>>
>> - A lot of it, as it turns out.
>> http://nymag.com/intelligencer/2018/12/how-much-of-the-internet-is-fake.html
>>
>>
>> Happy new year, everybody!
>>
>> Adair
>

Attachment: signature.asc
Description: Message signed with OpenPGP




Archive powered by MHonArc 2.6.19.

Top of Page