All, If anyone has any contacts at Dell/SonicWall that can assist, their latest firewalls have a misfeature that have started blocking F-root (ISC, my Day-job) as a possible botnet responder. You can reach me, 24/7, at 703-338-2497, or at dmahoney@isc.org. Needless to say, this is seriously bad. As we ourselves are not Sonicwall users, our options here are limited. I've gotten their usual call center nonsense where they told me "I need to contact my system administrator" and wouldn't transfer me further. I've submitted a "removal" request via the form at http://botnet.global.sonicwall.com/change, but that still doesn't help if there's a firmware out there doing broken hueristics and mass-DDOSing folks. If for some reason there actually IS some botnet-related traffic going on toward the root servers (the root servers get a LOT of garbage, so this doesn't surprise me), we'd like to know that too. -Dan Mahoney -- --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org ---------------------------
Hi Dan, Did you manage to get in touch with anyone? If not, I can attempt to broadcast to the Dell Networking group internally. There should be Sonicwall people on there that can help. -Vinny -----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Dan Mahoney, System Admin Sent: Monday, March 21, 2016 9:47 PM To: nanog@nanog.org Subject: Paging someone at SonicWall/Dell All, If anyone has any contacts at Dell/SonicWall that can assist, their latest firewalls have a misfeature that have started blocking F-root (ISC, my Day-job) as a possible botnet responder. You can reach me, 24/7, at 703-338-2497, or at dmahoney@isc.org. Needless to say, this is seriously bad. As we ourselves are not Sonicwall users, our options here are limited. I've gotten their usual call center nonsense where they told me "I need to contact my system administrator" and wouldn't transfer me further. I've submitted a "removal" request via the form at http://botnet.global.sonicwall.com/change, but that still doesn't help if there's a firmware out there doing broken hueristics and mass-DDOSing folks. If for some reason there actually IS some botnet-related traffic going on toward the root servers (the root servers get a LOT of garbage, so this doesn't surprise me), we'd like to know that too. -Dan Mahoney -- --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org ---------------------------
participants (2)
-
Dan Mahoney, System Admin
-
Vinny_Abello@Dell.com