John Kristoff
@jtk.infosec.exchange.ap.brid.gy
UIC PhD candidate | https://Dataplane.org | Netscout. Internet infrastructure (#BGP, #DNS) and #infosec. Bit mechanic. Also: #Blues / tfr / #fedi22
🌉 bridged from ⁂ https://infosec.exchange/@jtk, follow @ap.brid.gy to interact
🌉 bridged from ⁂ https://infosec.exchange/@jtk, follow @ap.brid.gy to interact
Legit email from Psychz Networks, but not so impressive. It says I discontinued some service and they want me back (didn't happen).
The email goes on to say I should simply reply to the email with server specs you want to try and they'll set it up., signed "Best Regards, Sales Person". Oh […]
The email goes on to say I should simply reply to the email with server specs you want to try and they'll set it up., signed "Best Regards, Sales Person". Oh […]
Original post on infosec.exchange
infosec.exchange
November 24, 2025 at 7:59 PM
Legit email from Psychz Networks, but not so impressive. It says I discontinued some service and they want me back (didn't happen).
The email goes on to say I should simply reply to the email with server specs you want to try and they'll set it up., signed "Best Regards, Sales Person". Oh […]
The email goes on to say I should simply reply to the email with server specs you want to try and they'll set it up., signed "Best Regards, Sales Person". Oh […]
Not really newsworthy, but this announcement from Leaseweb feels a bit 20th century:
[...] an upcoming update to the Customer Portal Secret Management page. We have introduced a new feature that restricts the use of certain special characters in key names for improved security.
Allowed special […]
[...] an upcoming update to the Customer Portal Secret Management page. We have introduced a new feature that restricts the use of certain special characters in key names for improved security.
Allowed special […]
Original post on infosec.exchange
infosec.exchange
November 24, 2025 at 3:23 PM
Not really newsworthy, but this announcement from Leaseweb feels a bit 20th century:
[...] an upcoming update to the Customer Portal Secret Management page. We have introduced a new feature that restricts the use of certain special characters in key names for improved security.
Allowed special […]
[...] an upcoming update to the Customer Portal Secret Management page. We have introduced a new feature that restricts the use of certain special characters in key names for improved security.
Allowed special […]
The reported APNIC service outages are noteworthy for associating the Cloudflare outage with what you might have thought are unrelated infrastructure services (i.e., RDAP, RPKI, WHOIS).
If you look at the individual incident events, most outages for each of these services however are just a few […]
If you look at the individual incident events, most outages for each of these services however are just a few […]
Original post on infosec.exchange
infosec.exchange
November 24, 2025 at 4:05 AM
The reported APNIC service outages are noteworthy for associating the Cloudflare outage with what you might have thought are unrelated infrastructure services (i.e., RDAP, RPKI, WHOIS).
If you look at the individual incident events, most outages for each of these services however are just a few […]
If you look at the individual incident events, most outages for each of these services however are just a few […]
This is surely going to be in a future RISKS Digest.
"This aspect of Helios’ design ensures that no two trustees could collude to determine the outcome of an election or the contents of individual votes on their own: all trustees must provide their decryption shares.
Unfortunately, one of the […]
"This aspect of Helios’ design ensures that no two trustees could collude to determine the outcome of an election or the contents of individual votes on their own: all trustees must provide their decryption shares.
Unfortunately, one of the […]
Original post on infosec.exchange
infosec.exchange
November 22, 2025 at 8:55 PM
This is surely going to be in a future RISKS Digest.
"This aspect of Helios’ design ensures that no two trustees could collude to determine the outcome of an election or the contents of individual votes on their own: all trustees must provide their decryption shares.
Unfortunately, one of the […]
"This aspect of Helios’ design ensures that no two trustees could collude to determine the outcome of an election or the contents of individual votes on their own: all trustees must provide their decryption shares.
Unfortunately, one of the […]
Weekend Reads
* How Quake got its TCP/IP stack
https://fabiensanglard.net/quake_chunnel/index.html
* MENOG 25 region advancement report
https://labs.ripe.net/author/qasim-lone/menog-25-advancing-internet-technologies-in-the-middle-east-report/
* Life of a packet in the Linux kernel […]
* How Quake got its TCP/IP stack
https://fabiensanglard.net/quake_chunnel/index.html
* MENOG 25 region advancement report
https://labs.ripe.net/author/qasim-lone/menog-25-advancing-internet-technologies-in-the-middle-east-report/
* Life of a packet in the Linux kernel […]
Original post on infosec.exchange
infosec.exchange
November 21, 2025 at 9:56 PM
Weekend Reads
* How Quake got its TCP/IP stack
https://fabiensanglard.net/quake_chunnel/index.html
* MENOG 25 region advancement report
https://labs.ripe.net/author/qasim-lone/menog-25-advancing-internet-technologies-in-the-middle-east-report/
* Life of a packet in the Linux kernel […]
* How Quake got its TCP/IP stack
https://fabiensanglard.net/quake_chunnel/index.html
* MENOG 25 region advancement report
https://labs.ripe.net/author/qasim-lone/menog-25-advancing-internet-technologies-in-the-middle-east-report/
* Life of a packet in the Linux kernel […]
www.fsf.org host (and TCP port 80, but not 443 comms) seems to up, but actual web service appears to be unresponsive. Maintenance or broken? Unsure.
November 21, 2025 at 6:29 PM
www.fsf.org host (and TCP port 80, but not 443 comms) seems to up, but actual web service appears to be unresponsive. Maintenance or broken? Unsure.
Microsoft Azure:
"On 15 November 2028, we'll be retiring F, Fs, Fsv2, Lsv2, G, Gs, Av2, Amv2, and B-series Azure VMs. You won't be able to use or purchase these VMs, or any constrained core sizes that are part of the retiring VM series, after that date."
Three-year advance notice, pretty sure […]
"On 15 November 2028, we'll be retiring F, Fs, Fsv2, Lsv2, G, Gs, Av2, Amv2, and B-series Azure VMs. You won't be able to use or purchase these VMs, or any constrained core sizes that are part of the retiring VM series, after that date."
Three-year advance notice, pretty sure […]
Original post on infosec.exchange
infosec.exchange
November 21, 2025 at 1:21 PM
Microsoft Azure:
"On 15 November 2028, we'll be retiring F, Fs, Fsv2, Lsv2, G, Gs, Av2, Amv2, and B-series Azure VMs. You won't be able to use or purchase these VMs, or any constrained core sizes that are part of the retiring VM series, after that date."
Three-year advance notice, pretty sure […]
"On 15 November 2028, we'll be retiring F, Fs, Fsv2, Lsv2, G, Gs, Av2, Amv2, and B-series Azure VMs. You won't be able to use or purchase these VMs, or any constrained core sizes that are part of the retiring VM series, after that date."
Three-year advance notice, pretty sure […]
Friends, if you, your colleagues, or your organization has the means, especially if you've gotten some value out of rpki-client (also OpenBGPD or StayRTR), please consider donating to the non-profit Route Server Support Foundation (RSSF) to keep the software coming.
This is the important […]
This is the important […]
Original post on infosec.exchange
infosec.exchange
November 18, 2025 at 10:21 PM
Friends, if you, your colleagues, or your organization has the means, especially if you've gotten some value out of rpki-client (also OpenBGPD or StayRTR), please consider donating to the non-profit Route Server Support Foundation (RSSF) to keep the software coming.
This is the important […]
This is the important […]
On 2025-11-05 CAMTEL (#as15964) began announcing 4.0.0.0/8 and 8.0.0.0/8. Others announce more specific prefixes within them, but as the plot shows CAMTEL is now receiving an elevated amount of traffic to the corresponding, unannounced address space in these […]
[Original post on infosec.exchange]
[Original post on infosec.exchange]
November 18, 2025 at 5:19 PM
On 2025-11-05 CAMTEL (#as15964) began announcing 4.0.0.0/8 and 8.0.0.0/8. Others announce more specific prefixes within them, but as the plot shows CAMTEL is now receiving an elevated amount of traffic to the corresponding, unannounced address space in these […]
[Original post on infosec.exchange]
[Original post on infosec.exchange]
First time for everything. Ran into a hosting provider with a sshd_config that had PubkeyAuthentication set to no by default.
November 17, 2025 at 11:08 PM
First time for everything. Ran into a hosting provider with a sshd_config that had PubkeyAuthentication set to no by default.
Somewhat surprised to discover that as of now, from my vantage point, akamai.net's NS RRset of 13 names only two are #IPv6-enabled.
November 17, 2025 at 9:31 PM
Somewhat surprised to discover that as of now, from my vantage point, akamai.net's NS RRset of 13 names only two are #IPv6-enabled.
If you or your colleagues have ROAs in the #afrinic #rpki repository, see this email from @job
Those with a non-conformant subject name can reissue the ROA themselves, the others will need to be fixed by the registry.
https://lists.afrinic.net/pipermail/dbwg/2025-November/000546.html
Those with a non-conformant subject name can reissue the ROA themselves, the others will need to be fixed by the registry.
https://lists.afrinic.net/pipermail/dbwg/2025-November/000546.html
[DBWG] Nonconformant X.509 issuer+subject names in some Afrinic RPKI CA/EE certs
lists.afrinic.net
November 17, 2025 at 2:47 PM
If you or your colleagues have ROAs in the #afrinic #rpki repository, see this email from @job
Those with a non-conformant subject name can reissue the ROA themselves, the others will need to be fixed by the registry.
https://lists.afrinic.net/pipermail/dbwg/2025-November/000546.html
Those with a non-conformant subject name can reissue the ROA themselves, the others will need to be fixed by the registry.
https://lists.afrinic.net/pipermail/dbwg/2025-November/000546.html
Monday jam: J.B. Hutto | Donna Mill | https://song.link/s/18gawhMk4cM19cEgq7BkUj #blues
Donna Mill - Take 3 by J. B. Hutto
Listen now on your favorite streaming service. Powered by Songlink/Odesli, an on-demand, customizable smart link service to help you share songs, albums, podcasts and more.
song.link
November 17, 2025 at 1:40 PM
Monday jam: J.B. Hutto | Donna Mill | https://song.link/s/18gawhMk4cM19cEgq7BkUj #blues
HughesNet (#as6621) is in financial trouble and #starlink may be the beneficiary.
https://cordcuttersnews.com/a-major-internet-provider-is-reportedly-shutting-down/
https://cordcuttersnews.com/a-major-internet-provider-is-reportedly-shutting-down/
A Major Internet Provider is Reportedly Shutting Down
Hughesnet, the long-standing satellite internet provider, is gearing up to guide its own customers toward its fiercest competitor, Starlink, as part of a strategic pivot amid mounting financial pressures and intensifying market rivalry. This unusual move stems from a broader agreement between Hughesnet’s parent company, EchoStar, and SpaceX, which involves the sale of valuable radio […]
The post A Major Internet Provider is Reportedly Shutting Down appeared first on Cord Cutters News.
cordcuttersnews.com
November 16, 2025 at 7:20 PM
HughesNet (#as6621) is in financial trouble and #starlink may be the beneficiary.
https://cordcuttersnews.com/a-major-internet-provider-is-reportedly-shutting-down/
https://cordcuttersnews.com/a-major-internet-provider-is-reportedly-shutting-down/
Curious what the thinking is for an edu to slice off a /24 that ended up at a Bulgarian web hoster.
https://social.bgp.tools/@transfers/statuses/01KA30858R3DSVDK72F1EY82WM
https://social.bgp.tools/@transfers/statuses/01KA30858R3DSVDK72F1EY82WM
Post by IP/ASN Transfers, @[email protected]
"University of Idaho" (ARIN) transferred 198.60.193.0/24 (Taken from 198.60.193.0 - 198.60.207.255) to "K Media Tech Ltd" (RIPE) (Estimated Market Value: $7.17 K)
social.bgp.tools
November 15, 2025 at 11:12 AM
Curious what the thinking is for an edu to slice off a /24 that ended up at a Bulgarian web hoster.
https://social.bgp.tools/@transfers/statuses/01KA30858R3DSVDK72F1EY82WM
https://social.bgp.tools/@transfers/statuses/01KA30858R3DSVDK72F1EY82WM
Weekend Reads
* Reflections on the .us TLD
https://computer.rip/2025-11-11-dot-us.html
* Freedom on the Net 2025 report
https://freedomhouse.org/report/freedom-net/2025/uncertain-future-global-internet
* Vodafone Germany leaving public IXes […]
* Reflections on the .us TLD
https://computer.rip/2025-11-11-dot-us.html
* Freedom on the Net 2025 report
https://freedomhouse.org/report/freedom-net/2025/uncertain-future-global-internet
* Vodafone Germany leaving public IXes […]
Original post on infosec.exchange
infosec.exchange
November 14, 2025 at 9:09 PM
Weekend Reads
* Reflections on the .us TLD
https://computer.rip/2025-11-11-dot-us.html
* Freedom on the Net 2025 report
https://freedomhouse.org/report/freedom-net/2025/uncertain-future-global-internet
* Vodafone Germany leaving public IXes […]
* Reflections on the .us TLD
https://computer.rip/2025-11-11-dot-us.html
* Freedom on the Net 2025 report
https://freedomhouse.org/report/freedom-net/2025/uncertain-future-global-internet
* Vodafone Germany leaving public IXes […]
Q1: do you set hostname on your #bgp routers and send it to peers
Q2: do your peers set and send their hostname to you?
I know BIRD and FRR support this, not sure about others.
ref: https://datatracker.ietf.org/doc/html/draft-walton-bgp-hostname-capability-02 - yes a long expired draft
Q2: do your peers set and send their hostname to you?
I know BIRD and FRR support this, not sure about others.
ref: https://datatracker.ietf.org/doc/html/draft-walton-bgp-hostname-capability-02 - yes a long expired draft
Hostname Capability for BGP
In this document, we introduce a new BGP capability that allows the advertisemnet of a BGP speaker's hostname.
datatracker.ietf.org
November 12, 2025 at 10:17 PM
Q1: do you set hostname on your #bgp routers and send it to peers
Q2: do your peers set and send their hostname to you?
I know BIRD and FRR support this, not sure about others.
ref: https://datatracker.ietf.org/doc/html/draft-walton-bgp-hostname-capability-02 - yes a long expired draft
Q2: do your peers set and send their hostname to you?
I know BIRD and FRR support this, not sure about others.
ref: https://datatracker.ietf.org/doc/html/draft-walton-bgp-hostname-capability-02 - yes a long expired draft
.gov #dns notes
On 2025-01-19 there were two "biden" names, bidenlibrary and bidenwhitehouse. Not so unusual. Associated names for Obama and Trump were also there and remain still. These are exec branch names but the agency responsible for them is the National Archives and Records […]
On 2025-01-19 there were two "biden" names, bidenlibrary and bidenwhitehouse. Not so unusual. Associated names for Obama and Trump were also there and remain still. These are exec branch names but the agency responsible for them is the National Archives and Records […]
Original post on infosec.exchange
infosec.exchange
November 12, 2025 at 5:44 PM
.gov #dns notes
On 2025-01-19 there were two "biden" names, bidenlibrary and bidenwhitehouse. Not so unusual. Associated names for Obama and Trump were also there and remain still. These are exec branch names but the agency responsible for them is the National Archives and Records […]
On 2025-01-19 there were two "biden" names, bidenlibrary and bidenwhitehouse. Not so unusual. Associated names for Obama and Trump were also there and remain still. These are exec branch names but the agency responsible for them is the National Archives and Records […]
trumpaccounts [insert joke here]
https://mastodon.social/@botgov/115537635292378434
https://mastodon.social/@botgov/115537635292378434
Botgov (@[email protected])
The following .gov domains have been registered in the past 24 hours: roseny.gov townofberkshireny.gov townoftusten.gov trumpaccounts.gov villageofaftonny.gov
mastodon.social
November 12, 2025 at 5:11 PM
trumpaccounts [insert joke here]
https://mastodon.social/@botgov/115537635292378434
https://mastodon.social/@botgov/115537635292378434
This isn't the first transfer to aws.eu. This is the most visible and overt shift in assets by the big U.S. cloud providers I'm aware of. Others (e.g., Google and Microsoft) talk about doing more in the EU and providing isolation, but as far as I can tell Amazon's separation is going a step […]
Original post on infosec.exchange
infosec.exchange
November 12, 2025 at 2:57 PM
This isn't the first transfer to aws.eu. This is the most visible and overt shift in assets by the big U.S. cloud providers I'm aware of. Others (e.g., Google and Microsoft) talk about doing more in the EU and providing isolation, but as far as I can tell Amazon's separation is going a step […]
Presumably even more to HostRoyale. They use edgoo for all upstream.
https://social.bgp.tools/@transfers/statuses/01K9QJX3EHY2276BFBBCR3JK0Y
https://social.bgp.tools/@transfers/statuses/01K9QJX3EHY2276BFBBCR3JK0Y
Post by IP/ASN Transfers, @[email protected]
"VODAFONE ONO, S.A." transferred: 82.158.232.0/21 (Taken from 82.158.128.0/17), 82.158.240.0/20 (Taken from 82.158.128.0/17), 85.136.224.0/19 (Taken from 85.136.0.0/15) to "cleardocks LLC" (Estimated Market Value: $288.77 K)
social.bgp.tools
November 10, 2025 at 7:56 PM
Presumably even more to HostRoyale. They use edgoo for all upstream.
https://social.bgp.tools/@transfers/statuses/01K9QJX3EHY2276BFBBCR3JK0Y
https://social.bgp.tools/@transfers/statuses/01K9QJX3EHY2276BFBBCR3JK0Y
Monday jam: The New Mastersounds | The Vandengburg Suite | https://song.link/us/i/79354663 #jazz
Vandenburg Suite by The New Mastersounds
Listen now on your favorite streaming service. Powered by Songlink/Odesli, an on-demand, customizable smart link service to help you share songs, albums, podcasts and more.
song.link
November 10, 2025 at 1:33 PM
Monday jam: The New Mastersounds | The Vandengburg Suite | https://song.link/us/i/79354663 #jazz