<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body class=""><div>On Wed, 2018-04-25 at 15:03 -0400, Charles Sprickman wrote:</div><blockquote type="cite"><meta http-equiv="Content-Type" content="text/html charset=utf-8" class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Moving to -discuss… (a second time, sent to outages-discuss@)<br class="">
<br class=""><div class=""><blockquote type="cite" class=""><div class="">On Apr 25, 2018, at 10:35 AM, Zach Hanna via Outages <<a href="mailto:outages@outages.org" class="">outages@outages.org</a>> wrote:</div><div class=""><div class=""><div dir="auto" class="">That would require 1) the wallet company understanding the technical details of the outage (a stretch), and 2) understanding that it is preventable, and 3) how and by whom. </div></div></div></blockquote><div class=""><br class=""></div><div class="">I think the wallet company understands, and I think they probably felt pretty safe using one of the world’s largest DNS providers for their service. If they thought about this they probably figured “who could hijack Amazon?” and “Google is clever, 8.8.8.8 probably can’t be fooled”.</div><div class=""><br class=""></div><div class="">Although I guess they didn’t think about DNSSEC, so maybe I’m all wrong. :)</div><div class=""><br class=""></div><div class=""> Domain Name: <a href="http://myetherwallet.com/" class="">MYETHERWALLET.COM</a><br class=""> Name Server: <a href="http://ns-1007.awsdns-61.net/" class="">NS-1007.AWSDNS-61.NET</a><br class=""> Name Server: <a href="http://ns-1498.awsdns-59.org/" class="">NS-1498.AWSDNS-59.ORG</a><br class=""> Name Server: NS-1993.AWSDNS-57.CO.UK<br class=""> Name Server: <a href="http://ns-73.awsdns-09.com/" class="">NS-73.AWSDNS-09.COM</a><br class=""> <b class="">DNSSEC: unsigned</b></div><div class=""><br class=""></div><div class="">One of my clients is a customer of HE, and I’m wondering if they will have anything to say about this. I only do very small-fry stuff with BGP, but even I know that if I provide a customer the ability to speak BGP to me, I have to be paranoid and only let them announce an agreed-upon list of networks.</div><div class=""><br class=""></div><div class="">Anyone have any articles that look more at the two providers involved here, preferably with some statements from HE or eNet?</div><div class=""><br class=""></div><div class="">Charles</div></div></div></blockquote><div>--------</div><div><span style="font-family: monospace;">Not to be philosophical but the big part of this is Network itself is the enemy. </span><span style="font-family: monospace;">An old slogan from dutch hacker community comes to mind, someone you trust is one of us and the leak is higher up in the chain of command that you ;-)</span></div><div><span style="font-family: monospace;"><br></span></div><div>-- </div><div><div style="width: 71ch;">regards,</div><div style="width: 71ch;">/vrode</div></div><div style="width: 71ch;"><br></div><blockquote type="cite"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class=""><br class=""><blockquote type="cite" class=""><div class=""><div class=""><br class=""><div class="gmail_quote"><div class="">On Wed, Apr 25, 2018 at 12:04 AM Gert Doering via Outages <<a href="mailto:outages@outages.org" class="">outages@outages.org</a>> wrote:<br class=""></div><blockquote type="cite">Hi,<br class="">
<br class="">
On Tue, Apr 24, 2018 at 07:47:36PM -0400, J Kibler via Outages wrote:<br class="">
> Here is a more detailed analysis of what happened:<br class="">
> <a href="https://arstechnica.com/information-technology/2018/04/suspicious-event-hijacks-amazon-traffic-for-2-hours-steals-cryptocurrency/" rel="noreferrer" target="_blank" class="">https://arstechnica.com/information-technology/2018/04/suspicious-event-hijacks-amazon-traffic-for-2-hours-steals-cryptocurrency/</a><br class="">
<br class="">
Maybe that is actually good news.<br class="">
<br class="">
Financial damages have been done, by a US company, to a US company, due<br class="">
to neglicience in BGP filtering. This is going to be an expensive lawsuit,<br class="">
and hopefully people will start proper BGP filtering afterwards...<br class="">
<br class="">
gert<br class="">
-- <br class="">
"If was one thing all people took for granted, was conviction that if you <br class="">
feed honest figures into a computer, honest figures come out. Never doubted <br class="">
it myself till I met a computer with a sense of humor."<br class="">
Robert A. Heinlein, The Moon is a Harsh Mistress<br class="">
<br class="">
Gert Doering - Munich, Germany <a href="mailto:gert@greenie.muc.de" target="_blank" class="">gert@greenie.muc.de</a><br class="">
_______________________________________________<br class="">
Outages mailing list<br class="">
<a href="mailto:Outages@outages.org" target="_blank" class="">Outages@outages.org</a><br class="">
<a href="https://puck.nether.net/mailman/listinfo/outages" rel="noreferrer" target="_blank" class="">https://puck.nether.net/mailman/listinfo/outages</a><br class="">
<br></blockquote></div></div>
_______________________________________________<br class="">Outages mailing list<br class=""><a href="mailto:Outages@outages.org" class="">Outages@outages.org</a><br class=""><a href="https://puck.nether.net/mailman/listinfo/outages" class="">https://puck.nether.net/mailman/listinfo/outages</a><br class=""></div></blockquote></div><br class=""></div><br class=""><br class=""><div class="">
-- <br class="">Charles Sprickman<br class="">NetEng/SysAdmin<br class=""><a href="http://Bway.net" class="">Bway.net</a> - New York's Best Internet <a href="http://www.bway.net" class="">www.bway.net</a><br class=""><a href="mailto:spork@bway.net" class="">spork@bway.net</a> - 212.982.9800<br class=""><br class=""><br class="">
</div>
<br class=""><pre>_______________________________________________
Outages-discussion mailing list
<a href="mailto:Outages-discussion@outages.org">Outages-discussion@outages.org</a>
<a href="https://puck.nether.net/mailman/listinfo/outages-discussion">https://puck.nether.net/mailman/listinfo/outages-discussion</a>
</pre></blockquote></body></html>