John Kristoff
@jtk.infosec.exchange.ap.brid.gy
UIC PhD candidate | https://Dataplane.org | Netscout. Internet infrastructure (#BGP, #DNS) and #infosec. Bit mechanic. Also: #Blues / tfr / #fedi22
🌉 bridged from ⁂ https://infosec.exchange/@jtk, follow @ap.brid.gy to interact
🌉 bridged from ⁂ https://infosec.exchange/@jtk, follow @ap.brid.gy to interact
Curious what the thinking is for an edu to slice off a /24 that ended up at a Bulgarian web hoster.
https://social.bgp.tools/@transfers/statuses/01KA30858R3DSVDK72F1EY82WM
https://social.bgp.tools/@transfers/statuses/01KA30858R3DSVDK72F1EY82WM
Post by IP/ASN Transfers, @transfers@bgp.tools
"University of Idaho" (ARIN) transferred 198.60.193.0/24 (Taken from 198.60.193.0 - 198.60.207.255) to "K Media Tech Ltd" (RIPE) (Estimated Market Value: $7.17 K)
social.bgp.tools
November 15, 2025 at 11:12 AM
Curious what the thinking is for an edu to slice off a /24 that ended up at a Bulgarian web hoster.
https://social.bgp.tools/@transfers/statuses/01KA30858R3DSVDK72F1EY82WM
https://social.bgp.tools/@transfers/statuses/01KA30858R3DSVDK72F1EY82WM
Weekend Reads
* Reflections on the .us TLD
https://computer.rip/2025-11-11-dot-us.html
* Freedom on the Net 2025 report
https://freedomhouse.org/report/freedom-net/2025/uncertain-future-global-internet
* Vodafone Germany leaving public IXes […]
* Reflections on the .us TLD
https://computer.rip/2025-11-11-dot-us.html
* Freedom on the Net 2025 report
https://freedomhouse.org/report/freedom-net/2025/uncertain-future-global-internet
* Vodafone Germany leaving public IXes […]
Original post on infosec.exchange
infosec.exchange
November 14, 2025 at 9:09 PM
Weekend Reads
* Reflections on the .us TLD
https://computer.rip/2025-11-11-dot-us.html
* Freedom on the Net 2025 report
https://freedomhouse.org/report/freedom-net/2025/uncertain-future-global-internet
* Vodafone Germany leaving public IXes […]
* Reflections on the .us TLD
https://computer.rip/2025-11-11-dot-us.html
* Freedom on the Net 2025 report
https://freedomhouse.org/report/freedom-net/2025/uncertain-future-global-internet
* Vodafone Germany leaving public IXes […]
Q1: do you set hostname on your #bgp routers and send it to peers
Q2: do your peers set and send their hostname to you?
I know BIRD and FRR support this, not sure about others.
ref: https://datatracker.ietf.org/doc/html/draft-walton-bgp-hostname-capability-02 - yes a long expired draft
Q2: do your peers set and send their hostname to you?
I know BIRD and FRR support this, not sure about others.
ref: https://datatracker.ietf.org/doc/html/draft-walton-bgp-hostname-capability-02 - yes a long expired draft
Hostname Capability for BGP
In this document, we introduce a new BGP capability that allows the advertisemnet of a BGP speaker's hostname.
datatracker.ietf.org
November 12, 2025 at 10:17 PM
Q1: do you set hostname on your #bgp routers and send it to peers
Q2: do your peers set and send their hostname to you?
I know BIRD and FRR support this, not sure about others.
ref: https://datatracker.ietf.org/doc/html/draft-walton-bgp-hostname-capability-02 - yes a long expired draft
Q2: do your peers set and send their hostname to you?
I know BIRD and FRR support this, not sure about others.
ref: https://datatracker.ietf.org/doc/html/draft-walton-bgp-hostname-capability-02 - yes a long expired draft
.gov #dns notes
On 2025-01-19 there were two "biden" names, bidenlibrary and bidenwhitehouse. Not so unusual. Associated names for Obama and Trump were also there and remain still. These are exec branch names but the agency responsible for them is the National Archives and Records […]
On 2025-01-19 there were two "biden" names, bidenlibrary and bidenwhitehouse. Not so unusual. Associated names for Obama and Trump were also there and remain still. These are exec branch names but the agency responsible for them is the National Archives and Records […]
Original post on infosec.exchange
infosec.exchange
November 12, 2025 at 5:44 PM
.gov #dns notes
On 2025-01-19 there were two "biden" names, bidenlibrary and bidenwhitehouse. Not so unusual. Associated names for Obama and Trump were also there and remain still. These are exec branch names but the agency responsible for them is the National Archives and Records […]
On 2025-01-19 there were two "biden" names, bidenlibrary and bidenwhitehouse. Not so unusual. Associated names for Obama and Trump were also there and remain still. These are exec branch names but the agency responsible for them is the National Archives and Records […]
trumpaccounts [insert joke here]
https://mastodon.social/@botgov/115537635292378434
https://mastodon.social/@botgov/115537635292378434
Botgov (@botgov@mastodon.social)
The following .gov domains have been registered in the past 24 hours: roseny.gov townofberkshireny.gov townoftusten.gov trumpaccounts.gov villageofaftonny.gov
mastodon.social
November 12, 2025 at 5:11 PM
trumpaccounts [insert joke here]
https://mastodon.social/@botgov/115537635292378434
https://mastodon.social/@botgov/115537635292378434
This isn't the first transfer to aws.eu. This is the most visible and overt shift in assets by the big U.S. cloud providers I'm aware of. Others (e.g., Google and Microsoft) talk about doing more in the EU and providing isolation, but as far as I can tell Amazon's separation is going a step […]
Original post on infosec.exchange
infosec.exchange
November 12, 2025 at 2:57 PM
This isn't the first transfer to aws.eu. This is the most visible and overt shift in assets by the big U.S. cloud providers I'm aware of. Others (e.g., Google and Microsoft) talk about doing more in the EU and providing isolation, but as far as I can tell Amazon's separation is going a step […]
Presumably even more to HostRoyale. They use edgoo for all upstream.
https://social.bgp.tools/@transfers/statuses/01K9QJX3EHY2276BFBBCR3JK0Y
https://social.bgp.tools/@transfers/statuses/01K9QJX3EHY2276BFBBCR3JK0Y
Post by IP/ASN Transfers, @transfers@bgp.tools
"VODAFONE ONO, S.A." transferred: 82.158.232.0/21 (Taken from 82.158.128.0/17), 82.158.240.0/20 (Taken from 82.158.128.0/17), 85.136.224.0/19 (Taken from 85.136.0.0/15) to "cleardocks LLC" (Estimated Market Value: $288.77 K)
social.bgp.tools
November 10, 2025 at 7:56 PM
Presumably even more to HostRoyale. They use edgoo for all upstream.
https://social.bgp.tools/@transfers/statuses/01K9QJX3EHY2276BFBBCR3JK0Y
https://social.bgp.tools/@transfers/statuses/01K9QJX3EHY2276BFBBCR3JK0Y
Monday jam: The New Mastersounds | The Vandengburg Suite | https://song.link/us/i/79354663 #jazz
Vandenburg Suite by The New Mastersounds
Listen now on your favorite streaming service. Powered by Songlink/Odesli, an on-demand, customizable smart link service to help you share songs, albums, podcasts and more.
song.link
November 10, 2025 at 1:33 PM
Monday jam: The New Mastersounds | The Vandengburg Suite | https://song.link/us/i/79354663 #jazz
I'd guess related to the Internet interference reportedly happening within Cameroon, CAMNET (#as15964) leaking #bgp routes for 4.0.0.0/8 and 8.0.0.0/8, e.g.,
https://www.cidr-report.org/cgi-bin/as-report?as=AS15964&view=2.0 […]
https://www.cidr-report.org/cgi-bin/as-report?as=AS15964&view=2.0 […]
Original post on infosec.exchange
infosec.exchange
November 10, 2025 at 1:38 AM
I'd guess related to the Internet interference reportedly happening within Cameroon, CAMNET (#as15964) leaking #bgp routes for 4.0.0.0/8 and 8.0.0.0/8, e.g.,
https://www.cidr-report.org/cgi-bin/as-report?as=AS15964&view=2.0 […]
https://www.cidr-report.org/cgi-bin/as-report?as=AS15964&view=2.0 […]
Weekend Reads
* EDNS client subnet in practice
https://farrokhi.net/posts/2025/10/edns-client-subnet-in-practice-evaluating-public-resolver-behaviors/
* BGP-based DDoS scrubbing services survey
https://ris.utwente.nl/ws/portalfiles/portal/507287576/BGP_based_scrubbing_services.pdf
* Circuit […]
* EDNS client subnet in practice
https://farrokhi.net/posts/2025/10/edns-client-subnet-in-practice-evaluating-public-resolver-behaviors/
* BGP-based DDoS scrubbing services survey
https://ris.utwente.nl/ws/portalfiles/portal/507287576/BGP_based_scrubbing_services.pdf
* Circuit […]
Original post on infosec.exchange
infosec.exchange
November 7, 2025 at 11:23 PM
Weekend Reads
* EDNS client subnet in practice
https://farrokhi.net/posts/2025/10/edns-client-subnet-in-practice-evaluating-public-resolver-behaviors/
* BGP-based DDoS scrubbing services survey
https://ris.utwente.nl/ws/portalfiles/portal/507287576/BGP_based_scrubbing_services.pdf
* Circuit […]
* EDNS client subnet in practice
https://farrokhi.net/posts/2025/10/edns-client-subnet-in-practice-evaluating-public-resolver-behaviors/
* BGP-based DDoS scrubbing services survey
https://ris.utwente.nl/ws/portalfiles/portal/507287576/BGP_based_scrubbing_services.pdf
* Circuit […]
Cloudflare overtaking Apache in the web server survey feels a bit like when people starting using OpenDNS over their local ISP resolvers.
I have an idea of what could be next, but you're not going to like it.
I have an idea of what could be next, but you're not going to like it.
November 7, 2025 at 10:31 PM
Cloudflare overtaking Apache in the web server survey feels a bit like when people starting using OpenDNS over their local ISP resolvers.
I have an idea of what could be next, but you're not going to like it.
I have an idea of what could be next, but you're not going to like it.
Seems noteworthy that #akamai put this short statement on their blog.
"Akamai is aware of content and connectivity filtering within Russia. [...] Because of the constantly evolving situation - including active hostilities - ongoing delivery of traffic to users in Russia is provided […]
"Akamai is aware of content and connectivity filtering within Russia. [...] Because of the constantly evolving situation - including active hostilities - ongoing delivery of traffic to users in Russia is provided […]
Original post on infosec.exchange
infosec.exchange
November 7, 2025 at 7:40 PM
Seems noteworthy that #akamai put this short statement on their blog.
"Akamai is aware of content and connectivity filtering within Russia. [...] Because of the constantly evolving situation - including active hostilities - ongoing delivery of traffic to users in Russia is provided […]
"Akamai is aware of content and connectivity filtering within Russia. [...] Because of the constantly evolving situation - including active hostilities - ongoing delivery of traffic to users in Russia is provided […]
I'm not sure I should be surprised, sad, or just bemused at how often the literal wildcard, e.g. '*.domain.example' shows up in queries at my auth servers. Something(s) out of Hetzner seems to love doing this a lot.
November 7, 2025 at 2:48 PM
I'm not sure I should be surprised, sad, or just bemused at how often the literal wildcard, e.g. '*.domain.example' shows up in queries at my auth servers. Something(s) out of Hetzner seems to love doing this a lot.
This is probably related to an in-progress VPN service Barrett Lyon has been working on. See domain shown for details.
https://social.bgp.tools/@new_ripe_asns/statuses/01K9F4SHHZQ5JV0E23W9SKDKDA
https://social.bgp.tools/@new_ripe_asns/statuses/01K9F4SHHZQ5JV0E23W9SKDKDA
Post by new_ripe_asns, @new_ripe_asns@bgp.tools
AS203921 - [doxx.net corporation]
social.bgp.tools
November 7, 2025 at 2:38 PM
This is probably related to an in-progress VPN service Barrett Lyon has been working on. See domain shown for details.
https://social.bgp.tools/@new_ripe_asns/statuses/01K9F4SHHZQ5JV0E23W9SKDKDA
https://social.bgp.tools/@new_ripe_asns/statuses/01K9F4SHHZQ5JV0E23W9SKDKDA
First trumpcard, now trumpgoldcard
https://mastodon.social/@botgov/115497995028062065
https://mastodon.social/@botgov/115497995028062065
Botgov (@botgov@mastodon.social)
The following .gov domains have been registered in the past 24 hours: bengaltownshipmi.gov burlesoncountytx.gov londonderryvt.gov multcoda.gov portlandtownshipmi.gov sctca-ca.gov trumpgoldcard.gov
mastodon.social
November 5, 2025 at 11:53 PM
First trumpcard, now trumpgoldcard
https://mastodon.social/@botgov/115497995028062065
https://mastodon.social/@botgov/115497995028062065
Reposted by John Kristoff
Something that started as a small curiosity and weekend project turned into a long article with several surprises for myself (including how bad I am at time estimates). I went down quite a few rabbit holes along the way.
EDNS Client Subnet in Practice: Evaluating Public Resolver Behaviors […]
EDNS Client Subnet in Practice: Evaluating Public Resolver Behaviors […]
Original post on unix.family
unix.family
November 3, 2025 at 2:13 PM
Something that started as a small curiosity and weekend project turned into a long article with several surprises for myself (including how bad I am at time estimates). I went down quite a few rabbit holes along the way.
EDNS Client Subnet in Practice: Evaluating Public Resolver Behaviors […]
EDNS Client Subnet in Practice: Evaluating Public Resolver Behaviors […]
Bogus #bgp routes that were little noticed. The origin ASN appears to have been a typo for #as327885 (Viettel Tanzania), perhaps in a failed attempt at a government directed shutdown?
https://stat.ripe.net/widget/routing-history#starttime=2025-10-26&resource=372885 […]
https://stat.ripe.net/widget/routing-history#starttime=2025-10-26&resource=372885 […]
Original post on infosec.exchange
infosec.exchange
November 3, 2025 at 12:54 AM
Bogus #bgp routes that were little noticed. The origin ASN appears to have been a typo for #as327885 (Viettel Tanzania), perhaps in a failed attempt at a government directed shutdown?
https://stat.ripe.net/widget/routing-history#starttime=2025-10-26&resource=372885 […]
https://stat.ripe.net/widget/routing-history#starttime=2025-10-26&resource=372885 […]
.co TLD registry web sites returning 503s at the moment. They apparently;y had some name registration service outage a couple of days ago, possibly related?
https://web.archive.org/web/20251102204006/https://www.cointernet.com.co/
https://web.archive.org/web/20251102204125/https://www.go.co/
https://web.archive.org/web/20251102204006/https://www.cointernet.com.co/
https://web.archive.org/web/20251102204125/https://www.go.co/
November 2, 2025 at 8:45 PM
.co TLD registry web sites returning 503s at the moment. They apparently;y had some name registration service outage a couple of days ago, possibly related?
https://web.archive.org/web/20251102204006/https://www.cointernet.com.co/
https://web.archive.org/web/20251102204125/https://www.go.co/
https://web.archive.org/web/20251102204006/https://www.cointernet.com.co/
https://web.archive.org/web/20251102204125/https://www.go.co/
Yet more presumably to HostRoyale, who has not been considered a major player in the hosting business afaik. And they are not particularly cheap. But they are acquiring a substantial amount of v4 space that is making me at least, perk up and take notice. Something is driving these purchases, and […]
Original post on infosec.exchange
infosec.exchange
November 1, 2025 at 12:24 AM
Yet more presumably to HostRoyale, who has not been considered a major player in the hosting business afaik. And they are not particularly cheap. But they are acquiring a substantial amount of v4 space that is making me at least, perk up and take notice. Something is driving these purchases, and […]
Weekend Reads
* BGP zombie hunting
https://blog.cloudflare.com/going-bgp-zombie-hunting/
* Inside AI data centers
https://www.newyorker.com/magazine/2025/11/03/inside-the-data-centers-that-train-ai-and-drain-the-electrical-grid
* Modern IP address anonymization […]
* BGP zombie hunting
https://blog.cloudflare.com/going-bgp-zombie-hunting/
* Inside AI data centers
https://www.newyorker.com/magazine/2025/11/03/inside-the-data-centers-that-train-ai-and-drain-the-electrical-grid
* Modern IP address anonymization […]
Original post on infosec.exchange
infosec.exchange
October 31, 2025 at 8:57 PM
Weekend Reads
* BGP zombie hunting
https://blog.cloudflare.com/going-bgp-zombie-hunting/
* Inside AI data centers
https://www.newyorker.com/magazine/2025/11/03/inside-the-data-centers-that-train-ai-and-drain-the-electrical-grid
* Modern IP address anonymization […]
* BGP zombie hunting
https://blog.cloudflare.com/going-bgp-zombie-hunting/
* Inside AI data centers
https://www.newyorker.com/magazine/2025/11/03/inside-the-data-centers-that-train-ai-and-drain-the-electrical-grid
* Modern IP address anonymization […]
cleardocks is a lot like steel-axis I mentioned yesterday, and their prefixes tend to end up at HostRoyale (#as203020).
HostRoyale is approaching 2000 IP4 (mostly) /24 routes that come from all over the address space, topologically and geographically […]
HostRoyale is approaching 2000 IP4 (mostly) /24 routes that come from all over the address space, topologically and geographically […]
Original post on infosec.exchange
infosec.exchange
October 31, 2025 at 1:16 PM
cleardocks is a lot like steel-axis I mentioned yesterday, and their prefixes tend to end up at HostRoyale (#as203020).
HostRoyale is approaching 2000 IP4 (mostly) /24 routes that come from all over the address space, topologically and geographically […]
HostRoyale is approaching 2000 IP4 (mostly) /24 routes that come from all over the address space, topologically and geographically […]
"Nearly half of The Information's subscribers (about 50%) who responded to our latest survey bought or sold cryptocurrency, crypto ETFs, or crypto treasury stocks in the past three months."
And about 2/3 (of their total 45,000 subscribers) at this influential tech/biz pub have at one time or […]
And about 2/3 (of their total 45,000 subscribers) at this influential tech/biz pub have at one time or […]
Original post on infosec.exchange
infosec.exchange
October 31, 2025 at 1:23 AM
"Nearly half of The Information's subscribers (about 50%) who responded to our latest survey bought or sold cryptocurrency, crypto ETFs, or crypto treasury stocks in the past three months."
And about 2/3 (of their total 45,000 subscribers) at this influential tech/biz pub have at one time or […]
And about 2/3 (of their total 45,000 subscribers) at this influential tech/biz pub have at one time or […]
ROA Planner, as seen on the #nanog list:
https://rootbeer.testing.ns.internet2.edu/roa-planner/
"The implementation remains fragile and will be unavailable intermittently, but we hope to improve it over the next couple of weeks."
aka beta test.
#rpki
https://rootbeer.testing.ns.internet2.edu/roa-planner/
"The implementation remains fragile and will be unavailable intermittently, but we hope to improve it over the next couple of weeks."
aka beta test.
#rpki
RPKI-ROA Planner
rootbeer.testing.ns.internet2.edu
October 30, 2025 at 6:10 PM
ROA Planner, as seen on the #nanog list:
https://rootbeer.testing.ns.internet2.edu/roa-planner/
"The implementation remains fragile and will be unavailable intermittently, but we hope to improve it over the next couple of weeks."
aka beta test.
#rpki
https://rootbeer.testing.ns.internet2.edu/roa-planner/
"The implementation remains fragile and will be unavailable intermittently, but we hope to improve it over the next couple of weeks."
aka beta test.
#rpki
techforce now, parked like most other new exec branch names
https://mastodon.social/@botgov/115463785142497722
https://mastodon.social/@botgov/115463785142497722
Botgov (@botgov@mastodon.social)
The following .gov domains have been registered in the past 24 hours: circlepinesmn.gov gardencityny.gov greenwoodtownshipil.gov hopkinsmn.gov lyoncountymn.gov penfieldny.gov rockawaybeachoregon.gov techforce.gov valatie.gov winchesterid.gov
mastodon.social
October 30, 2025 at 4:30 PM
techforce now, parked like most other new exec branch names
https://mastodon.social/@botgov/115463785142497722
https://mastodon.social/@botgov/115463785142497722