[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
UBNT Security was Re: Cloudflare 1.1.1.1 public DNS broken w/ AT&T CPE
I believe at one point UBNT did block outside management access, but then their customers voiced to bring it back.
That said, I think they're taking security more seriously going forward.
-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest-IX
http://www.midwest-ix.com
----- Original Message -----
From: "Brielle Bruns" <bruns at 2mbit.com>
To: nanog at nanog.org
Sent: Monday, April 2, 2018 4:20:38 PM
Subject: Re: Cloudflare 1.1.1.1 public DNS broken w/ AT&T CPE
On 4/2/2018 9:35 AM, Simon Lockhart wrote:
> Quite.
>
> This looks like a willy-waving exercise by Cloudflare coming up with the lowest
> quad-digit IP. They must have known that this would cause routing issues, and
> now suddenly it's our responsibility to make significant changes to live
> infrastructures just so they can continue to look clever with the IP address.
>
> Simon
I don't see how this is Cloudflare's fault really? Its the
responsibility of network maintainers to... well, lets be blunt here,
maintain their network.
If part of maintaining their network involves updating bogon
routes/filters, then that's part of maintaining the network that can't
be lapsed.
This is like the WISPs blaming Ubiquiti for their failure to update
their CPEs and PtP devices for a security flaw that Ubnt released fix
for more then a year before (and for not properly securing the
management interfaces of their network devices).
Or even better, the morons who blocked all of 172.0.0.0/8 even though a
good portion of that block is live public IP space. I actually felt
really bad for AOL having been assigned IP blocks from that space, since
it had to have created customer complaints at times.
There's only one person to blame here, and it's not the RIRs or Cloudflare.
--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org / http://www.ahbl.org