When #FlaxTyphoon reports emerged, we examined whether its activity was detectable within AIDE, GCA’s #cybersecurity intelligence platform that monitors global network traffic, detects potential threats, and delivers actionable insights to improve network security.

Our analysis revealed behavioral signals and infrastructure overlaps consistent with Flax Typhoon’s tactics—including VPN tunneling, web shell traffic, and credential-based reconnaissance—across sensors located in Taiwan, the United States, Europe, and East Asia.

Key action items for every network operator to take to reduce risk and strengthen network integrity:

Monitor for unauthorized access attempts and abnormal service behavior.

Strengthen routing security by implementing Mutually Agreed Norms for Routing Security (MANRS) best practices and validating route origins with #RPKI.

Join collaborative intelligence efforts like AIDE, where shared visibility enables shared defense—and actionable data drives real-world mitigation.

Read more in Meghal Donde's insightful and data-packed post: https://globalcyberalliance.org/flax-typhoon-aide/

Our #RPKI proxy RTRTR 0.3.2 ‘Based on a True Story’ now also has support for Autonomous System Provider Authorizations (ASPA). https://github.com/NLnetLabs/rtrtr/releases/tag/v0.3.2

We’re bringing some of our top training courses to #Paris!

26 May – #RIPEDatabase
27 May – #IPv6 #Security
28 May – #BGP #RPKI #IRR

Full-day, hands-on & expert-led.
Non-members welcome if spots are available.

𝐒𝐞𝐜𝐮𝐫𝐞 𝐲𝐨𝐮𝐫 𝐬𝐩𝐨𝐭 𝐧𝐨𝐰: https://learning.ripe.net/w/

And to finish off this release-packed Thursday, we're happy to offer the first Release Candidate of our #RPKI proxy RTRTR, version 0.3.2-rc1. This release adds #ASPA support to the JSON input and output, and more… https://github.com/NLnetLabs/rtrtr/releases/tag/v0.3.2-rc1

A new release of Rotonda, our composable, programmable #BGP engine, is now available. Version 0.4.0 'Bold and Undaunting Youth' features and #RPKI RTR component, as well as Route Origin Validation on incoming routes. https://github.com/NLnetLabs/rotonda/releases/tag/v0.4.0

Did you know chrony, the #NTP implementation, sets up an administrative listener on the loopback interface using UDP/323 by default?

Unfortunately in the #RPKI rpki-rtr has TCP/323 registered with IANA (see IETF RFC 6810). UDP/323 is reserved. Reserving a transport that is unused by the assigned application is common practice these days.

chrony's choice can probably be chalked up to a historical accident since it came first and presumably picked 323 because it "looked" like 123 and was then unassigned.

Chrony should probably change their default imo, but maybe it's too late or not worth it now?

We are pleased to announce the latest release of Routinator, version 0.14.2 ‘Roll Initiative!’ This of our #RPKI validator fixes an issue in the bundled UI that caused it to retrieve data from our own test instance rather than the actual Routinator instance. Users of the bundled UI should upgrade. https://github.com/NLnetLabs/routinator/releases/tag/v0.14.2

Routinator offered support for #RPKI Autonomous System Provider Authorization (ASPA) as an experimental feature for a number of years already. Standardization has now progressed far enough in the #IETF that we feel comfortable making #ASPA a core feature in Routinator 0.14.1. #OpenSource #OpenStandards https://github.com/NLnetLabs/routinator/releases/tag/v0.14.1

We just released Routinator 0.14.1, fixing CVE-2025-0638, where non-ASCII characters in the file names listed in an #RPKI manifest lead to a crash of Routinator:
https://nlnetlabs.nl/downloads/routinator/CVE-2025-0638.txt

You should also be aware of CVE-2024-12084, fixing a heap-based buffer overflow flaw was found in the rsync daemon:
https://nvd.nist.gov/vuln/detail/cve-2024-12084

Please make sure you update both Routinator and rsync. Lastly, because gzip is re-enabled, you’ll save up to 50% bandwidth.

https://nlnetlabs.nl/news/2025/Jan/22/routinator-0.14.1-released/

“… require contracted providers of Internet services to agencies to adopt and deploy Internet routing security technologies, including publishing Route Origin Authorizations and performing Route Origin Validation filtering."

In light of this Executive Order; if you need #RPKI solutions that are continually developed, have a proven track record, are trusted by the world’s largest operators and are supported with a service-level agreement, we're here for you. #OpenSource

https://www.whitehouse.gov/briefing-room/presidential-actions/2025/01/16/executive-order-on-strengthening-and-promoting-innovation-in-the-nations-cybersecurity/

The ARIN #RPKI TAL (Trust Anchor Locator) has been updated to include a BSD-like disclaimer comment, making it more widely available.

https://www.arin.net/announcements/20250116-tal/

Heads up from Job Snijders on openbsd tech@:

https://marc.info/?l=openbsd-tech&m=173705588431903&w=2

Whoof, this "Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity" is a lot of words:

https://www.whitehouse.gov/briefing-room/presidential-actions/2025/01/16/executive-order-on-strengthening-and-promoting-innovation-in-the-nations-cybersecurity/

Notable:

"Within 120 days, publish #RPKI Route Origin Authorizations..."

"Within 180 days, enable encrypted DNS protocols..."

"Agencies shall implement PQC key establishment or hybrid key establishment including a PQC algorithm as soon as practicable..."

"Within 270 days, establish a program to use advanced AI models for cyber defense."

rpki-client 9.4 released https://www.undeadly.org/cgi?action=article;sid=20250108100744 #openbsd #rpki-client #rpki #pki #routing #security #networking

Today #Day3 at #38C3 Stage #YELL 14:42 :: we will talk about #RIPE database, #whois protocol, #BGP security, #ASN #policy , #routing #registry , #RPSL , #RPKI , & other #Internet #infrastructure topics (with thanks to #xkcd who has an illustration for every occasion) https://events.ccc.de/congress/2024/hub/en/event/the-whois-protocol-for-internet-routing-policy-or-how-plaintext-retrieved-over-tcp-43-ends-up-in-router-configurations/

The only sure place & time to see me at #38c3 is Stage YELL / #Day3 at 14:45, when I am giving a talk (with my colleague from @ripencc ) about #RIPE #whois #BGP #security #RPKI #IPv6 #IPv4

https://events.ccc.de/congress/2024/hub/en/event/the-whois-protocol-for-internet-routing-policy-or-how-plaintext-retrieved-over-tcp-43-ends-up-in-router-configurations/

Other than that: Tea-house, Botanical Garden, cycling together...

& let's talk about #climate #justice #ecocide #sustainability #NVC #green #tech #hackathon #stroopwafels #diversity #DEI #JEDI #squirrels #LikaLodge

Is it #MutualAid if I offer #jobs to #USA friends who want to emigrate right now?! Or am I profiting from other peoples suffering? If you *do* want to get #FediHired , check out these #job openings in #Amsterdam / Holland : currently 7 positions , but try open solicitation too . Mention me as a reference for bonus points ;) #trainer #software #engineer #security #embedded #legal #hybrid #RPKI #BGP #RIPE #Atlas #ipv6 #ipv4 #DNS Please share with your #American friends! http://ripe.net/jobs

What does the ‘3000' in Routinator 3000 stand for? #countdown #RPKI https://rov-measurements.nlnetlabs.net/stats/