Thanks for all the replies, Someone has contacted me
--
Tristram Cheer
Network Architect - Most problems are the result of previous
solutions...
Tel. 09 438 5472 Ext 803 | Mobile. 022 412 1985 | 53 Port Road,
Whangarei
tristram.cheer(a)ubergroup.co.nz <mailto:tristram.cheer(a)ubergroup.co.nz>
|www.ubergroup.co.nz <http://www.ubergroup.co.nz>
<http://ubergroup.co.nz/fb> <https://twitter.com/#!/ubergroupltd>
From: nznog-bounces(a)list.waikato.ac.nz
[mailto:nznog-bounces(a)list.waikato.ac.nz] On Behalf Of Tristram Cheer
Sent: Thursday, 9 February 2012 2:09 p.m.
To: nznog(a)list.waikato.ac.nz
Subject: [nznog] BotNet Researchers in NZ
Hi All,
We have a quarantined client server that is part of a botnet, We've got
the files it's using aswell as a HDD image. I thought I would post here
and see if there are any security folk in NZ that would like to take a
look at it, I've had a dig at the server and we have it's com's systems
etc etc.
Anyone who interested that's either an academic or security researcher
that would like to take a look at it is welcome to e-mail me offlist.
Cheers
--
Tristram Cheer
Network Architect - Most problems are the result of previous
solutions...
Tel. 09 438 5472 Ext 803 | Mobile. 022 412 1985 | 53 Port Road,
Whangarei
tristram.cheer(a)ubergroup.co.nz <mailto:tristram.cheer(a)ubergroup.co.nz>
|www.ubergroup.co.nz <http://www.ubergroup.co.nz>
<http://ubergroup.co.nz/fb> <https://twitter.com/#!/ubergroupltd>
Hi All,
We have a quarantined client server that is part of a botnet, We've got
the files it's using aswell as a HDD image. I thought I would post here
and see if there are any security folk in NZ that would like to take a
look at it, I've had a dig at the server and we have it's com's systems
etc etc.
Anyone who interested that's either an academic or security researcher
that would like to take a look at it is welcome to e-mail me offlist.
Cheers
--
Tristram Cheer
Network Architect - Most problems are the result of previous
solutions...
Tel. 09 438 5472 Ext 803 | Mobile. 022 412 1985 | 53 Port Road,
Whangarei
tristram.cheer(a)ubergroup.co.nz <mailto:tristram.cheer(a)ubergroup.co.nz>
|www.ubergroup.co.nz <http://www.ubergroup.co.nz>
<http://ubergroup.co.nz/fb> <https://twitter.com/#!/ubergroupltd>
To the technical community:
As previously reported on this mailing list
(http://list.waikato.ac.nz/pipermail/nznog/2011-December/018622.html),
the encoding of the .nz DNSKEY is not RFC compliant. Although the
majority of validators accept the key, we have recently become aware of
validation failures in products from one supplier. Therefore we have
decided to correct this issue now and then continue with DNSSEC
deployment for the second level zones.
Our plan, in broad terms, contains five steps:
1. Remove DS records for .nz from the root zone
2. Deploy patched software to the production servers
3. Resign the .nz zone
4. Confirm encoding is correct, including consultation with the supplier
5. Submit new DS records for .nz for inclusion in the root zone.
This is a low risk and straightforward procedure compared to the
alternative of performing a non-standard key rollover. The rollover
needed to accomplish the same result is unusual, has never been
attempted before and may carry unforeseen risks.
Our plan will be executed over the next two weeks and once it is
completed we will announce the DNSSEC deployment schedule for the second
level zones starting with geek.nz.
Kind Regards,
--
Sebastian Castro
DNS Specialist
.nz Registry Services (New Zealand Domain Name Registry Limited)
desk: +64 4 495 2337
mobile: +64 21 400535
Andy mentioned this in passing and now we're getting subscription requests...
> We not only propose - we've created:
>
> http://lists.citylink.co.nz/mailman/listinfo/nzix-route-announce
At this stage, we're limiting subscriptions to active NZIX participants.
If you subscribe from an address we don't immediately recognize we'll
probably reject the request and ask for further identifying details.
--
cheers, Sid
Dear Colleague,
This is to notify you that one or more objects in which you are
designated for notification have been modified in the NZRR routing
registry database.
These objects are used to configure the various NZIX route servers
(http://nzix.net/) so you can expect the relevant servers to be reloaded
in the near future. The reloading of the servers is staggered over a
period of time so that if you are peering with both servers at an
exchange, you can maintain at least one BGP session at all times and
consequently a full set of routes.
Diagnostic output:
------------------------------------------------------------
---
PREVIOUS OBJECT:
route-set: AS9560:RS-ROUTES6:AS24130
descr: Route set advertised to AS9560 by PipeNetworks - AS24130
mp-members: 2407:9000:0:0:0:0:0:0/32^32-64
admin-c: RPA1-NZRR
tech-c: RPA1-NZRR
notify: rpsl-admin(a)nzix.net
notify: nznog(a)list.waikato.ac.nz
notify: cdaniel(a)pipenetworks.com
mnt-by: MAINT-NZRR-NZ
changed: rpsl-admin(a)nzix.net 20120208
source: NZRR
REPLACED BY:
route-set: AS9560:RS-ROUTES6:AS24130
descr: Route set advertised to AS9560 by PIPE Networks Pty Ltd - AS24130
mp-members: 2403:3400:0:0:0:0:0:0/32^32-64,
2407:9000:0:0:0:0:0:0/32^32-64,
2406:C000:0:0:0:0:0:0/32^32-64,
2402:5C00:0:0:0:0:0:0/32^32-64,
2001:DF0:4F:0:0:0:0:0/48^48-64,
2404:4800:30:0:0:0:0:0/48^48-64,
2400:B800:0:0:0:0:0:0/32^32-64,
2406:E600:0:0:0:0:0:0/32^32-64,
2404:9C00:0:0:0:0:0:0/32^32-64,
2406:FA00:0:0:0:0:0:0/32^32-64,
2404:C600:0:0:0:0:0:0/32^32-64,
2407:A00:0:0:0:0:0:0/32^32-64,
2600:1415:2:0:0:0:0:0/48^48-64,
2404:8600:0:0:0:0:0:0/32^32-64,
2404:4800:30:0:0:0:0:0/48^48-64,
2401:1F00:0:0:0:0:0:0/32^32-64,
2403:A400:0:0:0:0:0:0/32^32-64,
2001:DF0:FE:0:0:0:0:0/48^48-64,
2401:B500:0:0:0:0:0:0/32^32-64,
2001:DF0:24A:0:0:0:0:0/48^48-64,
2402:8500:0:0:0:0:0:0/32^32-64,
2402:6900:0:0:0:0:0:0/32^32-64,
2405:4600:0:0:0:0:0:0/32^32-64
admin-c: RPA1-NZRR
tech-c: RPA1-NZRR
notify: rpsl-admin(a)nzix.net
notify: nznog(a)list.waikato.ac.nz
notify: cameron.daniel(a)pipenetworks.com
mnt-by: MAINT-NZRR-NZ
changed: rpsl-admin(a)nzix.net 20120209
source: NZRR
------------------------------------------------------------
