Hulu

2017-02-11 Thread Mike Hammett 
Could someone from Hulu reach out to me? My customers are getting the anonymous 
proxy page and I'm not sure why. 

They don't have any contact info in peeringdb and their ARIN whois looks more 
generic than useful (ipadmin@). 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com

Re: backbones filtering unsanctioned sites

2017-02-11 Thread William Waites 

> Looks like mostly proxy/torrent sites on that IP address.

That may be so. Maybe it isn’t particularly objectionable for Cogent
to not to carry traffic to some particular destination that they don’t like.
As you point out they already only offer a partial view of the Internet. 

What is very problematic is that they announce that this destination
is reachable via them, and then drop traffic. This is a problem for the
same reason that hijacking by announcing more specifics is a problem.
The bgp tables become no longer a source of truth about reachability.
If this kind of behaviour from transit networks becomes the norm, we
are in big trouble.

William Waites
LFCS, School of Informatics, University of Edinburgh

The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.

Re: backbones filtering unsanctioned sites

2017-02-11 Thread Jason Canady 
Cogent's best friend to the rescue: http://bgp.he.net/ip/104.31.18.30#_dns

Looks like mostly proxy/torrent sites on that IP address.

-- 

Jason Canady
Unlimited Net, LLC
Responsive, Reliable, Secure

On 2/11/17 5:11 PM, Marco Teixeira wrote:
> So... i doubt CloudFlare allocates one ip per domain served... which means
> Cogent customers will be unable to access other CloudFlare proxied site,
> served by this same IP, for a particular geographic zone?
>
>
> ---
> Marco
>
>
>
> On Sat, Feb 11, 2017 at 8:44 PM, Alistair Mackenzie 
> wrote:
>
>> Cogent confirmed on the phone that they are the ones who put the blackhole
>> in place. This is after they closed our ticket twice without response.
>>
>> Purposely didn't mention a website in the ticket yet they asked on the
>> phone if it was regarding thepiratebay so they are very aware of this...
>>
>> On 11 February 2017 at 15:18, Bryan Holloway  wrote:
>>
>>> Yup, they do indeed. And for fun, I black-listed one of our IPs, and sure
>>> enough, the next-hop shows up as 10.255.255.255, and the communities are
>>> the same aside from what appear to be regional things.
>>>
>>> --
>>>
>>> BGP routing table entry for 66.253.214.90/32, version 638637516
>>> Paths: (1 available, best #1, table Default-IP-Routing-Table)
>>> Flag: 0x820
>>>   23473
>>> 10.255.255.255 (metric 10177050) from 154.54.66.21 (154.54.66.21)
>>>   Origin IGP, localpref 150, valid, internal, best
>>>   Community: 174:990 174:20912 174:21001 174:22013
>>>   Originator: 66.28.1.228, Cluster list: 154.54.66.21, 66.28.1.9
>>>
>>>
>>>
>>> On 2/10/17 1:49 PM, Alistair Mackenzie wrote:
>>>
 Cogent also have a blackhole route-server that they will provide to you
>> to
 announce /32's for blackholing.

 The address for this is 66.28.1.228 which is the originator for the
 104.31.19.30/3 2 and 104.31.18.30/32 routes.


 On 10 February 2017 at 18:46, Jason Rokeach  wrote:

 This looks pretty intentional to me.  From
> http://www.cogentco.com/en/network/looking-glass:
>
> BGP routing table entry for 104.31.18.30/32, version 611495773
> Paths: (1 available, best #1, table Default-IP-Routing-Table)
>   Local
> 10.255.255.255 (metric 10177050) from 154.54.66.21 (154.54.66.21)
>   Origin IGP, metric 0, localpref 150, valid, internal, best
>   Community: 174:990 174:20912 174:21001
>   Originator: 66.28.1.228, Cluster list: 154.54.66.21, 66.28.1.9
>
> BGP routing table entry for 104.31.19.30/32, version 611495772
> Paths: (1 available, best #1, table Default-IP-Routing-Table)
>   Local
> 10.255.255.255 (metric 10177050) from 154.54.66.21 (154.54.66.21)
>   Origin IGP, metric 0, localpref 150, valid, internal, best
>   Community: 174:990 174:20912 174:21001
>   Originator: 66.28.1.228, Cluster list: 154.54.66.21, 66.28.1.9
>
>
> Call it a "hunch" but I doubt 10.255.255.255 is a valid next-hop
>> router.
> On Fri, Feb 10, 2017 at 1:39 PM, Mike Hammett 
>> wrote:
> Have we determined that this is intentional vs. some screw up?
>>
>>
>>
>> -
>> Mike Hammett
>> Intelligent Computing Solutions
>> http://www.ics-il.com
>>
>> Midwest-IX
>> http://www.midwest-ix.com
>>
>> - Original Message -
>>
>> From: "Brielle Bruns" 
>> To: nanog@nanog.org
>> Sent: Friday, February 10, 2017 12:28:53 PM
>> Subject: Re: backbones filtering unsanctioned sites
>>
>> On 2/9/17 9:18 PM, Ken Chase wrote:
>>
>>> https://torrentfreak.com/internet-backbone-provider-
>>>
>> cogent-blocks-pirate-bay-and-other-pirate-sites-170209/
>>
>>> /kc
>>>
>>>
>> Funny. Someone else got back:
>>
>> "Abuse cannot not provide you a list of websites that may be
>> encountering reduced visibility via Cogent"
>>
>> I almost wish I had a Cogent circuit just to bring this up with an
>> account rep. Almost.
>>
>> I'd very much so view this as a contractual violation on Cogent's
>> part.
>> Cogent keeps contacting me every year wanting to sell me service. This
>> will be a good one to bring up when they call me next time.
>>
>> --
>> Brielle Bruns
>> The Summit Open Source Development Group
>> http://www.sosdg.org / http://www.ahbl.org
>>
>>
>>

Re: backbones filtering unsanctioned sites

2017-02-11 Thread Marco Teixeira 
So... i doubt CloudFlare allocates one ip per domain served... which means
Cogent customers will be unable to access other CloudFlare proxied site,
served by this same IP, for a particular geographic zone?


---
Marco



On Sat, Feb 11, 2017 at 8:44 PM, Alistair Mackenzie 
wrote:

> Cogent confirmed on the phone that they are the ones who put the blackhole
> in place. This is after they closed our ticket twice without response.
>
> Purposely didn't mention a website in the ticket yet they asked on the
> phone if it was regarding thepiratebay so they are very aware of this...
>
> On 11 February 2017 at 15:18, Bryan Holloway  wrote:
>
> > Yup, they do indeed. And for fun, I black-listed one of our IPs, and sure
> > enough, the next-hop shows up as 10.255.255.255, and the communities are
> > the same aside from what appear to be regional things.
> >
> > --
> >
> > BGP routing table entry for 66.253.214.90/32, version 638637516
> > Paths: (1 available, best #1, table Default-IP-Routing-Table)
> > Flag: 0x820
> >   23473
> > 10.255.255.255 (metric 10177050) from 154.54.66.21 (154.54.66.21)
> >   Origin IGP, localpref 150, valid, internal, best
> >   Community: 174:990 174:20912 174:21001 174:22013
> >   Originator: 66.28.1.228, Cluster list: 154.54.66.21, 66.28.1.9
> >
> >
> >
> > On 2/10/17 1:49 PM, Alistair Mackenzie wrote:
> >
> >> Cogent also have a blackhole route-server that they will provide to you
> to
> >> announce /32's for blackholing.
> >>
> >> The address for this is 66.28.1.228 which is the originator for the
> >> 104.31.19.30/3 2 and 104.31.18.30/32 routes.
> >>
> >>
> >> On 10 February 2017 at 18:46, Jason Rokeach  wrote:
> >>
> >> This looks pretty intentional to me.  From
> >>> http://www.cogentco.com/en/network/looking-glass:
> >>>
> >>> BGP routing table entry for 104.31.18.30/32, version 611495773
> >>> Paths: (1 available, best #1, table Default-IP-Routing-Table)
> >>>   Local
> >>> 10.255.255.255 (metric 10177050) from 154.54.66.21 (154.54.66.21)
> >>>   Origin IGP, metric 0, localpref 150, valid, internal, best
> >>>   Community: 174:990 174:20912 174:21001
> >>>   Originator: 66.28.1.228, Cluster list: 154.54.66.21, 66.28.1.9
> >>>
> >>> BGP routing table entry for 104.31.19.30/32, version 611495772
> >>> Paths: (1 available, best #1, table Default-IP-Routing-Table)
> >>>   Local
> >>> 10.255.255.255 (metric 10177050) from 154.54.66.21 (154.54.66.21)
> >>>   Origin IGP, metric 0, localpref 150, valid, internal, best
> >>>   Community: 174:990 174:20912 174:21001
> >>>   Originator: 66.28.1.228, Cluster list: 154.54.66.21, 66.28.1.9
> >>>
> >>>
> >>> Call it a "hunch" but I doubt 10.255.255.255 is a valid next-hop
> router.
> >>>
> >>> On Fri, Feb 10, 2017 at 1:39 PM, Mike Hammett 
> wrote:
> >>>
> >>> Have we determined that this is intentional vs. some screw up?
> 
> 
> 
> 
>  -
>  Mike Hammett
>  Intelligent Computing Solutions
>  http://www.ics-il.com
> 
>  Midwest-IX
>  http://www.midwest-ix.com
> 
>  - Original Message -
> 
>  From: "Brielle Bruns" 
>  To: nanog@nanog.org
>  Sent: Friday, February 10, 2017 12:28:53 PM
>  Subject: Re: backbones filtering unsanctioned sites
> 
>  On 2/9/17 9:18 PM, Ken Chase wrote:
> 
> > https://torrentfreak.com/internet-backbone-provider-
> >
>  cogent-blocks-pirate-bay-and-other-pirate-sites-170209/
> 
> >
> > /kc
> >
> >
>  Funny. Someone else got back:
> 
>  "Abuse cannot not provide you a list of websites that may be
>  encountering reduced visibility via Cogent"
> 
>  I almost wish I had a Cogent circuit just to bring this up with an
>  account rep. Almost.
> 
>  I'd very much so view this as a contractual violation on Cogent's
> part.
> 
>  Cogent keeps contacting me every year wanting to sell me service. This
>  will be a good one to bring up when they call me next time.
> 
>  --
>  Brielle Bruns
>  The Summit Open Source Development Group
>  http://www.sosdg.org / http://www.ahbl.org
> 
> 
> 
> >>>
>

Re: backbones filtering unsanctioned sites

2017-02-11 Thread Alistair Mackenzie 
Cogent confirmed on the phone that they are the ones who put the blackhole
in place. This is after they closed our ticket twice without response.

Purposely didn't mention a website in the ticket yet they asked on the
phone if it was regarding thepiratebay so they are very aware of this...

On 11 February 2017 at 15:18, Bryan Holloway  wrote:

> Yup, they do indeed. And for fun, I black-listed one of our IPs, and sure
> enough, the next-hop shows up as 10.255.255.255, and the communities are
> the same aside from what appear to be regional things.
>
> --
>
> BGP routing table entry for 66.253.214.90/32, version 638637516
> Paths: (1 available, best #1, table Default-IP-Routing-Table)
> Flag: 0x820
>   23473
> 10.255.255.255 (metric 10177050) from 154.54.66.21 (154.54.66.21)
>   Origin IGP, localpref 150, valid, internal, best
>   Community: 174:990 174:20912 174:21001 174:22013
>   Originator: 66.28.1.228, Cluster list: 154.54.66.21, 66.28.1.9
>
>
>
> On 2/10/17 1:49 PM, Alistair Mackenzie wrote:
>
>> Cogent also have a blackhole route-server that they will provide to you to
>> announce /32's for blackholing.
>>
>> The address for this is 66.28.1.228 which is the originator for the
>> 104.31.19.30/3 2 and 104.31.18.30/32 routes.
>>
>>
>> On 10 February 2017 at 18:46, Jason Rokeach  wrote:
>>
>> This looks pretty intentional to me.  From
>>> http://www.cogentco.com/en/network/looking-glass:
>>>
>>> BGP routing table entry for 104.31.18.30/32, version 611495773
>>> Paths: (1 available, best #1, table Default-IP-Routing-Table)
>>>   Local
>>> 10.255.255.255 (metric 10177050) from 154.54.66.21 (154.54.66.21)
>>>   Origin IGP, metric 0, localpref 150, valid, internal, best
>>>   Community: 174:990 174:20912 174:21001
>>>   Originator: 66.28.1.228, Cluster list: 154.54.66.21, 66.28.1.9
>>>
>>> BGP routing table entry for 104.31.19.30/32, version 611495772
>>> Paths: (1 available, best #1, table Default-IP-Routing-Table)
>>>   Local
>>> 10.255.255.255 (metric 10177050) from 154.54.66.21 (154.54.66.21)
>>>   Origin IGP, metric 0, localpref 150, valid, internal, best
>>>   Community: 174:990 174:20912 174:21001
>>>   Originator: 66.28.1.228, Cluster list: 154.54.66.21, 66.28.1.9
>>>
>>>
>>> Call it a "hunch" but I doubt 10.255.255.255 is a valid next-hop router.
>>>
>>> On Fri, Feb 10, 2017 at 1:39 PM, Mike Hammett  wrote:
>>>
>>> Have we determined that this is intentional vs. some screw up?




 -
 Mike Hammett
 Intelligent Computing Solutions
 http://www.ics-il.com

 Midwest-IX
 http://www.midwest-ix.com

 - Original Message -

 From: "Brielle Bruns" 
 To: nanog@nanog.org
 Sent: Friday, February 10, 2017 12:28:53 PM
 Subject: Re: backbones filtering unsanctioned sites

 On 2/9/17 9:18 PM, Ken Chase wrote:

> https://torrentfreak.com/internet-backbone-provider-
>
 cogent-blocks-pirate-bay-and-other-pirate-sites-170209/

>
> /kc
>
>
 Funny. Someone else got back:

 "Abuse cannot not provide you a list of websites that may be
 encountering reduced visibility via Cogent"

 I almost wish I had a Cogent circuit just to bring this up with an
 account rep. Almost.

 I'd very much so view this as a contractual violation on Cogent's part.

 Cogent keeps contacting me every year wanting to sell me service. This
 will be a good one to bring up when they call me next time.

 --
 Brielle Bruns
 The Summit Open Source Development Group
 http://www.sosdg.org / http://www.ahbl.org



>>>

Re: backbones filtering unsanctioned sites

2017-02-11 Thread Bryan Holloway 
Yup, they do indeed. And for fun, I black-listed one of our IPs, and 
sure enough, the next-hop shows up as 10.255.255.255, and the 
communities are the same aside from what appear to be regional things.


--

BGP routing table entry for 66.253.214.90/32, version 638637516
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Flag: 0x820
  23473
10.255.255.255 (metric 10177050) from 154.54.66.21 (154.54.66.21)
  Origin IGP, localpref 150, valid, internal, best
  Community: 174:990 174:20912 174:21001 174:22013
  Originator: 66.28.1.228, Cluster list: 154.54.66.21, 66.28.1.9



On 2/10/17 1:49 PM, Alistair Mackenzie wrote:

Cogent also have a blackhole route-server that they will provide to you to
announce /32's for blackholing.

The address for this is 66.28.1.228 which is the originator for the
104.31.19.30/3 2 and 104.31.18.30/32 routes.

On 10 February 2017 at 18:46, Jason Rokeach  wrote:


This looks pretty intentional to me.  From
http://www.cogentco.com/en/network/looking-glass:

BGP routing table entry for 104.31.18.30/32, version 611495773
Paths: (1 available, best #1, table Default-IP-Routing-Table)
  Local
10.255.255.255 (metric 10177050) from 154.54.66.21 (154.54.66.21)
  Origin IGP, metric 0, localpref 150, valid, internal, best
  Community: 174:990 174:20912 174:21001
  Originator: 66.28.1.228, Cluster list: 154.54.66.21, 66.28.1.9

BGP routing table entry for 104.31.19.30/32, version 611495772
Paths: (1 available, best #1, table Default-IP-Routing-Table)
  Local
10.255.255.255 (metric 10177050) from 154.54.66.21 (154.54.66.21)
  Origin IGP, metric 0, localpref 150, valid, internal, best
  Community: 174:990 174:20912 174:21001
  Originator: 66.28.1.228, Cluster list: 154.54.66.21, 66.28.1.9


Call it a "hunch" but I doubt 10.255.255.255 is a valid next-hop router.

On Fri, Feb 10, 2017 at 1:39 PM, Mike Hammett  wrote:


Have we determined that this is intentional vs. some screw up?




-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

Midwest-IX
http://www.midwest-ix.com

- Original Message -

From: "Brielle Bruns" 
To: nanog@nanog.org
Sent: Friday, February 10, 2017 12:28:53 PM
Subject: Re: backbones filtering unsanctioned sites

On 2/9/17 9:18 PM, Ken Chase wrote:

https://torrentfreak.com/internet-backbone-provider-

cogent-blocks-pirate-bay-and-other-pirate-sites-170209/


/kc



Funny. Someone else got back:

"Abuse cannot not provide you a list of websites that may be
encountering reduced visibility via Cogent"

I almost wish I had a Cogent circuit just to bring this up with an
account rep. Almost.

I'd very much so view this as a contractual violation on Cogent's part.

Cogent keeps contacting me every year wanting to sell me service. This
will be a good one to bring up when they call me next time.

--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org / http://www.ahbl.org