- NZNOG - lists.nznog.org

NZNOG International Speakers
by Richard Nelson 15 Dec '04

15 Dec '04

We are working as hard as possible to confirm the speakers for NZNOG, but it will still be some time till the complete programme is available. To help people who are deciding whether to come, here is the latest list of the planned international speakers. (Topics are still provisional.) Confirmed: Vijay Gill (AOL) "Big Fast Networks" Bill Woodcock (PCH) "INOC-DBA" Bill Norton (Equinix) "Peering" Joe Abley (ISC) "History of NZ Peering" Subject to final confirmation George Michaelson (APNIC) "Address Space Usage" Bill Manning (EP.net) "DNSSEC" Biographical details and talk abstracts will be added to the website as they become available. We also have a couple of extra tutorial streams to add. These will be advertised later today. People who have already registered for NZNOG will be given the opportunity to enroll for these. Richard Nelson WAND

2 1

SPF problems with nznog registration.
by Steve Phillips 15 Dec '04

15 Dec '04

um.. This message was created automatically by mail delivery software (Exim). A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: richardn(a)cs.waikato.ac.nz (generated from registration(a)nznog.org) SMTP error from remote mailer after MAIL FROM:<steve(a)focb.co.nz> SIZE=1986: host mail.cs.waikato.ac.nz [130.217.241.36]: 550 Please see http://spf.pobox.com/why.html?sender=steve%40focb.co.nz&ip=130.217.250.15&r… ------ This is a copy of the message, including all the headers. ------ Return-path: <steve(a)focb.co.nz> Received: from [64.246.60.77] (helo=wibble.focb.co.nz) by warlock.cs.waikato.ac.nz with smtp (Exim 3.35 #1 (Debian)) id 1CegkR-0005mq-00 for <registration(a)nznog.org>; Thu, 16 Dec 2004 10:31:51 +1300 Received: (qmail 10492 invoked by uid 501); 15 Dec 2004 21:31:49 -0000 Received: from localhost (sendmail-bs(a)127.0.0.1) by localhost with SMTP; 15 Dec 2004 21:31:49 -0000 Date: Wed, 15 Dec 2004 15:31:49 -0600 (CST) From: Steve Phillips <steve(a)focb.co.nz> To: registration(a)nznog.org Can you guys please fix your registration/mail system ? and someone really should be told that bouncing mail based on SPF records alone is a bad thing [tm] (sending here because I cant seem to mail them directly..) -- Steve.

4 4

RE: [nznog] SSH login attempts
by Philip D'Ath 14 Dec '04

14 Dec '04

No. Most of ours have come from (so far): 64.191.62.135 61.59.33.44 217.107.212.104 219.240.134.41 213.215.76.1 -----Original Message----- From: Chris Hodgetts [mailto:chris(a)archnetnz.com] Sent: Wednesday, 15 December 2004 9:40 a.m. To: nznog(a)list.waikato.ac.nz Subject: Re: [nznog] SSH login attempts Were the majority of attempts comming from: 210.0.192.40 Thats where I seem to be getting the majority of my attempts from. <snip>

2 1

RE: [nznog] Bedlam DL3
by Hamish Macewan 14 Dec '04

14 Dec '04

More scary than funny, the math I mean: "We've got well over 100,000 mailboxes in our email infrastructure, [deletia] he created several distribution lists. Each distribution list had about a quarter of the mailboxes in the company on it (so there were about 13,000 mailboxes on each list)." A quarter of 100,000 is ~13,000? But later: "Remember, there are 25,000 people on this mailing list." Later still: "First off, the original mail went to 13,000 users." Further: "For the sake of argument, let's assume that 10% of the recipients on each message (130) are on each server." 10% of 13,000 would be 1,300? Not in MS land it would seem. It would seem that Corporate blogs are either as garbled as Corporate email or they actually have no clue. Hamish. -----Original Message----- From: James J. Guidera [mailto:james(a)miracle.co.nz] Sent: Wednesday, 15 December 2004 8:52 a.m. To: nznog(a)list.waikato.ac.nz Subject: [nznog] Bedlam DL3 As a Wednesday morning laugh, Many people read the blog on msdn on Bedlam DL3? Bit of a laugh.... http://blogs.msdn.com/exchange/archive/2004/04/08/109626.aspx Cheers James

1 0

Re: [nznog] Bedlam DL3
by Lesley Walker 14 Dec '04

14 Dec '04

>Many people read the blog on msdn on Bedlam DL3? > >Bit of a laugh.... >http://blogs.msdn.com/exchange/archive/2004/04/08/109626.aspx Good to see them get a taste of their own medicine. I have no sympathy (for the company) whatsoever, they should have designed the MTA better. (Plenty of sympathy for the poor bastards who had to deal with it though) Lesley Walker Former Exchange admin

1 0

Re: [nznog] SSH login attempts
by Anton Smith 14 Dec '04

14 Dec '04

> Moving the ssh port to something else that 22 seems to help as well. > > -- > Juha Port knocking is an interesting method of protecting your machine. If you're a debian user apt-get install knockd - comes with a fairly simple configuration file as well. The only problem with this is generating the knock sequences, especially when you are out and about and on a foreign machine (can still be done using the venerable telnet for syn packets but netcat or nemesis would be better). Regards, Anton Smith

1 0

SSH login attempts
by Philip D'Ath 14 Dec '04

14 Dec '04

We are getting lots of requests at the moment trying to log into one of our box's via SSH. It happens in 20 minute bursts, with a new request being tried every 6s. After the 20 minutes it goes away for 8 hours. It appears to be a straight dictionary attack, with the attempts cycling though usernames like root, user, test, john, henry, george, frank, alan, adam, server, backup, account, master, sybase, oracle, web, data, webmaster, noc, cip51, cip52, cosmin, pamela, jane, adm, irc, apache, operator, mysql, www-data, matt, www, wwwrun, cyrus, horde, iceuser, rolo, patrick, nobody. It spends most of its time trying to login as root. The requests are mostly coming from Russia, with a couple of other IP's from other countries. The device they are attempting to log into is not advertised in anyway, so was probably picked up during a normal port scan. For the moment I've limited connections to the box for SSH to only be accepted over IPSec, so that's the end of the login attempts. I guess what I'm posting this for is to make sure everybody has a good password policy in place. Someone is actively trying to compromise accounts via SSH.

6 6

Bedlam DL3
by James J. Guidera 14 Dec '04

14 Dec '04

As a Wednesday morning laugh, Many people read the blog on msdn on Bedlam DL3? Bit of a laugh.... http://blogs.msdn.com/exchange/archive/2004/04/08/109626.aspx Cheers James

2 1

XML schema for interface configuration
by Cameron Kerr 12 Dec '04

12 Dec '04

Does anyone know of, or has found a useful XML language for modelling network interface configuration? I just need the basics, more precisely IPv4 interfaces. Manual and DHCP configuration (maybe also ZeroConf) Subnetmask Routes (static, but dynamic would be good also) IPv6 interfaces. ??? DNS configuration Other stuff? (tunnels, p-t-p interfaces, ...) I could model one myself, but I would much prefer input from something more time-proven. I don't need anything with a formal schema. -- Cameron Kerr cameron(a)humbledown.org; http://humbledown.org

2 1

NZNOG Registrations
by Richard Nelson 09 Dec '04

09 Dec '04

Registrations for next years NZNOG Conference are now being accepted at http://www.nznog.org. The conference is again being hosted by the WAND Network Research Group at the University of Waikato. Last year we had 125 registrations. The largest lecture theatre holds 140 so places are strictly limited. There is a tutorial/workshop day before the conference. Tutorials that we have confirmed are: APNIC - IRME LinkIT - Trango Wireless InternetNZ - Spam Handling Accomodation is available on campus. Some rooms (28) are available with Ethernet ports which will be allocated first come first served. All prices and details are available on the website. Late registrations (after January 14) will incur late fees. The main overseas speakers will be confirmed shortly... Richard Nelson WAND.

1 0