INNOG September 2020

innog@innog.net

8 participants
14 discussions

by Swapneel Patnekar

Hello! There has been a huge uptick of the Mozi botnet[1] from Indian networks(major chunk from a single network) in the past one week. Based on prior information about Mozi and what I have seen at first glance, it appears to have primarily targeted CPE's with default login/weak credentials, but there could be more. Some of the affected CPE's along with mitigation outlined by Netlab 360 [2] [1]: https://www.darkreading.com/iot/new-malware-family-assembles-iot-botnet--/d… [2]: https://blog.netlab.360.com/mozi-another-botnet-using-dht/ -- Best, Swapneel https://brainattic.in/blog

1 year, 3 months

Fwd: [pacnog] Lawful Intercept with OpenLI

by Srinivas (Sunny) Chendi

FYI -Sunny -------- Forwarded Message -------- Subject: [pacnog] Lawful Intercept with OpenLI Date: Tue, 29 Sep 2020 10:49:28 +1300 From: Shane Alcock <shane.alcock(a)waikato.ac.nz> To: pacnog(a)pacnog.org Hi all, My name is Shane Alcock and I am a research programmer with the WAND Network Research Group at the University of Waikato in New Zealand. Over the past three years, we have been working with network operators in New Zealand to develop an open-source software implementation of the ETSI standards for Lawful Interception, giving operators a viable low-cost alternative for meeting their government-mandated lawful interception obligations. This project, OpenLI, has been very successful and there are now a number of operators in New Zealand who are using our system in production. You can read more about the OpenLI project at https://blog.apnic.net/2020/03/31/open-source-solution-enables-operators-to… <https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fblog.apni…> Recently, we were awarded funding from ISIF Asia to perform any work necessary to ensure that OpenLI is a suitable option for operators in other countries within the Asia Pacific region. This work will require us to collaborate with operators, with the aim of delivering successful OpenLI deployments that satisfy the Law Enforcement Agencies (LEAs) in the countries where those operators are running their networks. The funding will allow us to dedicate developer resources to assist with those deployments: either by writing code to add new features, training operators in the use of OpenLI or providing support and troubleshooting assistance. If there are any operators on this list who are interested in OpenLI and would like our assistance to attempt an OpenLI deployment on your network, please contact me off-list for more information. Thanks, Shane

1 year, 3 months

RPKI ROA updates, workshop and more!

by Anurag Bhatia

Hello everyone, As I mentioned previously - We have been tracking RPKI ROA deployment across Asia with a focus on India. In around two months Indian signed prefixes have jumped from 12% to 25%. Today was a major milestone with 25% because now we are 1% above the global average. :) [image: Screenshot 2020-09-17 at 5.25.32 AM.png] Latest graph: https://graphs.muc.anuragbhatia.com/d/DPIj_47Mk/rpki?viewPanel=10&orgId=1&f… [image: Screenshot 2020-09-17 at 5.27.03 AM.png] https://graphs.muc.anuragbhatia.com/d/DPIj_47Mk/rpki?orgId=1&from=159455106… On absolute number 10590 out of 43173 Indian prefixes have a valid covering ROA. 10,590 is highest in Asia (2nd highest is Taiwan at around 7000) as an absolute number but it is just 25% of the table and hence we need to put more effort in getting the Indian table signed with a valid ROA. Workshop to promote RPKI As time and discussions proceeded many of like-minded folks came together to further help with the push for ROA. Some of us volunteers are working closely with IRINN, APNIC and ISPAI to help and have planned for a monthly 90 min workshop with ISPs covering RPKI in detail. Please consider joining the workshop to learn about RPKI, understand ROAs as well as understand how to put RPKI validator in your network. The first workshop is scheduled for 25th Sept 2020 and you can fill the form available here to attend that online - https://forms.gle/iMtd7oFCwJnwt6xp9 Thanks. -- Anurag Bhatia anuragbhatia.com

1 year, 3 months

Re: TCL network issue

by Parthesh Kumar

Yes still getting packet drop issue. Regards, Parthesh Kumar Sr. Manager - Technical | Fusionnet Web Services Pvt. Ltd. Level-2, ATS Tower, Plot No. 16, Sector 135, Noida – 201301, U.P, India. M: +91 8588877976 T: +91 120 5146006 W: www.fusionnet.in<http://www.fusionnet.in/> From: Kiran Kumar Boddeda <me(a)bbkk.in> Sent: 18 September 2020 17:23 To: Parthesh Kumar <parthesh.kumar(a)fusionnet.in> Subject: Re: [INNOG] TCL network issue Packet drops are being observed on few IP Still digging , do you have any such things ? ---- On Fri, 18 Sep 2020 17:16:33 +0530 parthesh.kumar(a)fusionnet.in<mailto:parthesh.kumar@fusionnet.in> wrote ---- Hello, Anyone facing issues with TCL network today ? Regards, Parthesh Kumar _______________________________________________ INNOG mailing list -- innog(a)innog.net<mailto:innog@innog.net> To unsubscribe send an email to innog-leave(a)innog.net<mailto:innog-leave@innog.net>

1 year, 4 months

Re: TCL network issue

by Parthesh Kumar

As per TCL, Service is affected due to ongoing network outage. In which IP you are getting issues ? Regards, Parthesh Kumar From: Kiran Kumar Boddeda <me(a)bbkk.in> Sent: 18 September 2020 17:25 To: Parthesh Kumar <parthesh.kumar(a)fusionnet.in> Subject: Re: [INNOG] Re: TCL network issue Towards bombay region ? ---- On Fri, 18 Sep 2020 17:24:02 +0530 parthesh.kumar(a)fusionnet.in<mailto:parthesh.kumar@fusionnet.in> wrote ---- Yes still getting packet drop issue. Regards, Parthesh Kumar Sr. Manager - Technical | Fusionnet Web Services Pvt. Ltd. Level-2, ATS Tower, Plot No. 16, Sector 135, Noida – 201301, U.P, India. M: +91 8588877976 T: +91 120 5146006 W: www.fusionnet.in<http://www.fusionnet.in/> From: Kiran Kumar Boddeda <me(a)bbkk.in<mailto:me@bbkk.in>> Sent: 18 September 2020 17:23 To: Parthesh Kumar <parthesh.kumar(a)fusionnet.in<mailto:parthesh.kumar@fusionnet.in>> Subject: Re: [INNOG] TCL network issue Packet drops are being observed on few IP Still digging , do you have any such things ? ---- On Fri, 18 Sep 2020 17:16:33 +0530 parthesh.kumar(a)fusionnet.in<mailto:parthesh.kumar@fusionnet.in> wrote ---- Hello, Anyone facing issues with TCL network today ? Regards, Parthesh Kumar _______________________________________________ INNOG mailing list -- innog(a)innog.net<mailto:innog@innog.net> To unsubscribe send an email to innog-leave(a)innog.net<mailto:innog-leave@innog.net> _______________________________________________ INNOG mailing list -- innog(a)innog.net<mailto:innog@innog.net> To unsubscribe send an email to innog-leave(a)innog.net<mailto:innog-leave@innog.net>

1 year, 4 months

TCL network issue

by Parthesh Kumar

Hello, Anyone facing issues with TCL network today ? Regards, Parthesh Kumar

1 year, 4 months

International website issue

by Parthesh Kumar

Dear All, We are getting issues to open multiple international websites . Can anyone also facing same issue. Please confirm if there is any issue in backbone. Regards, Parthesh Kumar

1 year, 4 months

September RFCsWeLove Meetup on measurements

by Dhruv Dhody

Hi, The September month's RFCsWeLove meetup is planned for the 18th of Sept 2020 (Friday) at 1830 IST with a focus on internet measurements. We had a great set of topics with excellent speakers for you who brings in-depth knowledge in the field. Agenda: Measuring the Internet using RIPE Atlas by Swapneel Patnekar Measurements related work at IETF by Shwetha Bhandari Register here: https://zoom.us/webinar/register/WN_ueNync5oRKOR0xHPpukJYA More details at https://www.iiesoc.in/post/rfcs-we-love-sept-2020 Please pass on the information in your circle. Pass event details: https://www.iiesoc.in/rfcswelove Thanks! Dhruv For IIESoc

1 year, 4 months

Spoofer Report for INNOG for Aug 2020

by CAIDA Spoofer Project

In response to feedback from operational security communities, CAIDA's source address validation measurement project (https://spoofer.caida.org) is automatically generating monthly reports of ASes originating prefixes in BGP for systems from which we received packets with a spoofed source address. We are publishing these reports to network and security operations lists in order to ensure this information reaches operational contacts in these ASes. This report summarises tests conducted within ind. Inferred improvements during Aug 2020: none inferred Source Address Validation issues inferred during Aug 2020: ASN Name First-Spoofed Last-Spoofed 55836 RELIANCEJIO-IN 2017-03-03 2020-08-31 132976 KINGSBROADBAND 2018-09-17 2020-08-25 24186 RAILTEL 2018-12-08 2020-08-22 132335 NETWORK-LEAPSWITCH-IN 2020-08-24 2020-08-24 134026 ULTRANET 2020-08-27 2020-08-28 45184 DEN-ISP-AS-IN-AP 2020-08-28 2020-08-28 135180 STARLING 2020-08-31 2020-08-31 Further information for these tests where we received spoofed packets is available at: https://spoofer.caida.org/recent_tests.php?country_include=ind&no_block=1 Please send any feedback or suggestions to spoofer-info(a)caida.org

1 year, 4 months

August 2020 Newsletter : Tech Policy & Internet Governance Updates curated by CCAOI

by Amrita Choudhury

Dear All, For those who may be interested, sharing the CCAOI August 2020 Newsletter <https://www.ccaoi.in/UI/links/fwnewsletter/CCAOI%20Newsletter%20Aug%202020. pdf> for curated news on Tech Policy and Internet Governance issues and discussions from the Indian Perspective. Regards, Amrita

1 year, 4 months

2022

2021

2020

2019

INNOG September 2020