Re: [uknof] Santander and IPv4 mapped address
On 2019/06/07 17:22, Aled Morris wrote: > I have customers with IPv6 dual stack and they are having intermittent > problems (SSL failure) > connecting to Santander's retail banking portal. > > Is there anyone from Santander (or with a contact in Santander) on this list? > > I'm wondering if the problem is related to this: > > > $ host retail.santander.co.uk > > retail.santander.co.uk is an alias for retail.lbi.santander.uk. > > retail.lbi.santander.uk has address 193.127.210.129 > > retail.lbi.santander.uk has IPv6 address :::193.127.210.129 > > > Aled > They have been doing that since at least Oct 2017, probably earlier. I would have thought "happy eyeballs" in browsers would usually mask the problem though.
[uknof] Santander and IPv4 mapped address
I have customers with IPv6 dual stack and they are having intermittent problems (SSL failure) connecting to Santander's retail banking portal. Is there anyone from Santander (or with a contact in Santander) on this list? I'm wondering if the problem is related to this: $ host retail.santander.co.uk retail.santander.co.uk is an alias for retail.lbi.santander.uk. retail.lbi.santander.uk has address 193.127.210.129 retail.lbi.santander.uk has IPv6 address :::193.127.210.129 Aled
[uknof] IPv6 Global Unicast Address Assignments Registry Update
Hi, The IPv6 global unicast address assignments registry has been updated to reflect the allocation of the following block to the RIPE NCC: 2a10:::/12 You can find the registry at: https://www.iana.org/assignments/ipv6-unicast-address-assignments/ The allocation was made in accordance with the Policy for Allocation of IPv6 Blocks to Regional Internet Registries: https://www.icann.org/resources/pages/allocation-ipv6-rirs-2012-02-25-en Regards, -- Selina Harrington Lead IANA Services Specialist smime.p7s Description: S/MIME cryptographic signature
Re: [uknof] Notice of Claimed Infringement from A.B.C.D at 2019-06-05T06:41:07Z - Ref
Hi Peter, That's correct, in this case the host was a proxy frontend to some public services and is locked down to only be able to talk to its backends, no http/s out, no DNS except to internal resolvers. Basically I looked into it as much as I could justify, and to be honest the only reason why I queried it with IP-Echelon was to see what the scope for error was there, due to me not finding anything, only to be discouraged by multiple auto form replies. I'm not going to re-image the host on the strength of that. The way I understand these torrent notifications to work is that companies like IP-Echelon join the tracker and passively get a list of every IP address seen to be participating. The thing is, I also understand that some trackers inject a certain percentage of completely random IPs in order to frustrate companies like IP-Echelon… Cheers, Andy On Fri, Jun 07, 2019 at 02:37:09PM +, Peter Knapp wrote: > So does the host have no HTTP/HTTPS access, or name server lookups etc? > > BT will use all those ports these days. > > Peter > > > -Original Message- > From: uknof [mailto:uknof-boun...@lists.uknof.org.uk] On Behalf Of Andy Smith > Sent: 07 June 2019 15:28 > To: uknof@lists.uknof.org.uk > Subject: Re: [uknof] Notice of Claimed Infringement from A.B.C.D at > 2019-06-05T06:41:07Z - Ref > > Hi Peter, > > Just iptables on the host, it's just that this particular host has a > restrictive firewall on both input and output and given the ports > and IPs listed in the report it should not have been possible for > that activity to happen. > > Of course, if it had been compromised then maybe the firewall got > altered and then put back again afterwards but this all gets a bit > far-fetched for the sake of downloading a movie by BitTorrent. > > Like I say, I looked into it and couldn't find any indication that > it had actually happened, and the reporting company was completely > impossible to communicate with. > > Cheers, > Andy > > On Fri, Jun 07, 2019 at 02:07:50PM +, Peter Knapp wrote: > > Love to know what firewall you're using that guarantees you can't get any > > form of BT through it please? > > > > Pete > > > > > > -Original Message- > > From: uknof [mailto:uknof-boun...@lists.uknof.org.uk] On Behalf Of Andy > > Smith > > Sent: 07 June 2019 15:04 > > To: uknof@lists.uknof.org.uk > > Subject: Re: [uknof] Notice of Claimed Infringement from A.B.C.D at > > 2019-06-05T06:41:07Z - Ref > > > > Hello, > > > > On Fri, Jun 07, 2019 at 05:38:10PM +0400, Stephen Wilcox wrote: > > > On Fri, 7 Jun 2019 at 17:25, Andy Smith wrote: > > > > However, one day they sent one that implicated one of our > > > > infrastructure hosts and I could not see any way in which that could > > > > be torrenting, so I asked for more information. Every form of > > > > contact I made resulted in an auto response suggesting that if I am > > > > confused I should ask my network admin about it. > > > > > > So you're saying people who work at infrastructure companies - ISPs, DCs > > > etc, they don't do torrents and the like, and they would not do so with > > > on-premise equipment. > > > > No, I'm saying that unlike customer services in this specific case I > > had full access to it and was able to audit it to the best of my > > ability and found no such activity. BitTorrent wouldn't even have > > been able to get through its firewall. > > > > Cheers, > > Andy > > > > -- > > https://bitfolk.com/ -- No-nonsense VPS hosting
Re: [uknof] Notice of Claimed Infringement from A.B.C.D at 2019-06-05T06:41:07Z - Ref
On Fri, Jun 7, 2019 at 2:13 PM John Bourke wrote: > Hi, > > > > We build and operate Satellite ISP platforms for distributors of satellite > services. These distributors sell through resellers to end customers. > > > > We got a “Notice of Claimed Infringement” for a torrent download of > copyright material by one of the reseller’s customers. We can identify the > end customer from logs. > > > > What is best practice when dealing with these complaints ? > > > > Is there a risk that our public NAT addresses will be blacklisted ? > > > > Should we enforce an Acceptable Use Policy ? > > > > Thanks > > > > John Bourke > > Mobile Internet Ltd > Best to just ignore and spam filter the automated messages, any serious legal threats they'd at least get someone to send you a personal email.
Re: [uknof] Notice of Claimed Infringement from A.B.C.D at 2019-06-05T06:41:07Z - Ref
This line of questioning is utterly bizarre. These operations are well known to use bad data from questionable sources. We blackholed a bunch of them at the MX after hundreds of complaints about a netblock which had been returned to the free pool years ago. I think it is perfectly reasonable for Andy to trust his own judgement on what his own systems might have been used for. Will On 7 Jun 2019, at 15:37, Peter Knapp wrote: So does the host have no HTTP/HTTPS access, or name server lookups etc? BT will use all those ports these days. Peter -Original Message- From: uknof [mailto:uknof-boun...@lists.uknof.org.uk] On Behalf Of Andy Smith Sent: 07 June 2019 15:28 To: uknof@lists.uknof.org.uk Subject: Re: [uknof] Notice of Claimed Infringement from A.B.C.D at 2019-06-05T06:41:07Z - Ref Hi Peter, Just iptables on the host, it's just that this particular host has a restrictive firewall on both input and output and given the ports and IPs listed in the report it should not have been possible for that activity to happen. Of course, if it had been compromised then maybe the firewall got altered and then put back again afterwards but this all gets a bit far-fetched for the sake of downloading a movie by BitTorrent. Like I say, I looked into it and couldn't find any indication that it had actually happened, and the reporting company was completely impossible to communicate with. Cheers, Andy On Fri, Jun 07, 2019 at 02:07:50PM +, Peter Knapp wrote: Love to know what firewall you're using that guarantees you can't get any form of BT through it please? Pete -Original Message- From: uknof [mailto:uknof-boun...@lists.uknof.org.uk] On Behalf Of Andy Smith Sent: 07 June 2019 15:04 To: uknof@lists.uknof.org.uk Subject: Re: [uknof] Notice of Claimed Infringement from A.B.C.D at 2019-06-05T06:41:07Z - Ref Hello, On Fri, Jun 07, 2019 at 05:38:10PM +0400, Stephen Wilcox wrote: On Fri, 7 Jun 2019 at 17:25, Andy Smith wrote: However, one day they sent one that implicated one of our infrastructure hosts and I could not see any way in which that could be torrenting, so I asked for more information. Every form of contact I made resulted in an auto response suggesting that if I am confused I should ask my network admin about it. So you're saying people who work at infrastructure companies - ISPs, DCs etc, they don't do torrents and the like, and they would not do so with on-premise equipment. No, I'm saying that unlike customer services in this specific case I had full access to it and was able to audit it to the best of my ability and found no such activity. BitTorrent wouldn't even have been able to get through its firewall. Cheers, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting
Re: [uknof] Notice of Claimed Infringement from A.B.C.D at 2019-06-05T06:41:07Z - Ref
So does the host have no HTTP/HTTPS access, or name server lookups etc? BT will use all those ports these days. Peter -Original Message- From: uknof [mailto:uknof-boun...@lists.uknof.org.uk] On Behalf Of Andy Smith Sent: 07 June 2019 15:28 To: uknof@lists.uknof.org.uk Subject: Re: [uknof] Notice of Claimed Infringement from A.B.C.D at 2019-06-05T06:41:07Z - Ref Hi Peter, Just iptables on the host, it's just that this particular host has a restrictive firewall on both input and output and given the ports and IPs listed in the report it should not have been possible for that activity to happen. Of course, if it had been compromised then maybe the firewall got altered and then put back again afterwards but this all gets a bit far-fetched for the sake of downloading a movie by BitTorrent. Like I say, I looked into it and couldn't find any indication that it had actually happened, and the reporting company was completely impossible to communicate with. Cheers, Andy On Fri, Jun 07, 2019 at 02:07:50PM +, Peter Knapp wrote: > Love to know what firewall you're using that guarantees you can't get any > form of BT through it please? > > Pete > > > -Original Message- > From: uknof [mailto:uknof-boun...@lists.uknof.org.uk] On Behalf Of Andy Smith > Sent: 07 June 2019 15:04 > To: uknof@lists.uknof.org.uk > Subject: Re: [uknof] Notice of Claimed Infringement from A.B.C.D at > 2019-06-05T06:41:07Z - Ref > > Hello, > > On Fri, Jun 07, 2019 at 05:38:10PM +0400, Stephen Wilcox wrote: > > On Fri, 7 Jun 2019 at 17:25, Andy Smith wrote: > > > However, one day they sent one that implicated one of our > > > infrastructure hosts and I could not see any way in which that could > > > be torrenting, so I asked for more information. Every form of > > > contact I made resulted in an auto response suggesting that if I am > > > confused I should ask my network admin about it. > > > > So you're saying people who work at infrastructure companies - ISPs, DCs > > etc, they don't do torrents and the like, and they would not do so with > > on-premise equipment. > > No, I'm saying that unlike customer services in this specific case I > had full access to it and was able to audit it to the best of my > ability and found no such activity. BitTorrent wouldn't even have > been able to get through its firewall. > > Cheers, > Andy > > -- > https://bitfolk.com/ -- No-nonsense VPS hosting
Re: [uknof] Notice of Claimed Infringement from A.B.C.D at 2019-06-05T06:41:07Z - Ref
Hi Peter, Just iptables on the host, it's just that this particular host has a restrictive firewall on both input and output and given the ports and IPs listed in the report it should not have been possible for that activity to happen. Of course, if it had been compromised then maybe the firewall got altered and then put back again afterwards but this all gets a bit far-fetched for the sake of downloading a movie by BitTorrent. Like I say, I looked into it and couldn't find any indication that it had actually happened, and the reporting company was completely impossible to communicate with. Cheers, Andy On Fri, Jun 07, 2019 at 02:07:50PM +, Peter Knapp wrote: > Love to know what firewall you're using that guarantees you can't get any > form of BT through it please? > > Pete > > > -Original Message- > From: uknof [mailto:uknof-boun...@lists.uknof.org.uk] On Behalf Of Andy Smith > Sent: 07 June 2019 15:04 > To: uknof@lists.uknof.org.uk > Subject: Re: [uknof] Notice of Claimed Infringement from A.B.C.D at > 2019-06-05T06:41:07Z - Ref > > Hello, > > On Fri, Jun 07, 2019 at 05:38:10PM +0400, Stephen Wilcox wrote: > > On Fri, 7 Jun 2019 at 17:25, Andy Smith wrote: > > > However, one day they sent one that implicated one of our > > > infrastructure hosts and I could not see any way in which that could > > > be torrenting, so I asked for more information. Every form of > > > contact I made resulted in an auto response suggesting that if I am > > > confused I should ask my network admin about it. > > > > So you're saying people who work at infrastructure companies - ISPs, DCs > > etc, they don't do torrents and the like, and they would not do so with > > on-premise equipment. > > No, I'm saying that unlike customer services in this specific case I > had full access to it and was able to audit it to the best of my > ability and found no such activity. BitTorrent wouldn't even have > been able to get through its firewall. > > Cheers, > Andy > > -- > https://bitfolk.com/ -- No-nonsense VPS hosting
Re: [uknof] Notice of Claimed Infringement from A.B.C.D at 2019-06-05T06:41:07Z - Ref
Love to know what firewall you're using that guarantees you can't get any form of BT through it please? Pete -Original Message- From: uknof [mailto:uknof-boun...@lists.uknof.org.uk] On Behalf Of Andy Smith Sent: 07 June 2019 15:04 To: uknof@lists.uknof.org.uk Subject: Re: [uknof] Notice of Claimed Infringement from A.B.C.D at 2019-06-05T06:41:07Z - Ref Hello, On Fri, Jun 07, 2019 at 05:38:10PM +0400, Stephen Wilcox wrote: > On Fri, 7 Jun 2019 at 17:25, Andy Smith wrote: > > However, one day they sent one that implicated one of our > > infrastructure hosts and I could not see any way in which that could > > be torrenting, so I asked for more information. Every form of > > contact I made resulted in an auto response suggesting that if I am > > confused I should ask my network admin about it. > > So you're saying people who work at infrastructure companies - ISPs, DCs > etc, they don't do torrents and the like, and they would not do so with > on-premise equipment. No, I'm saying that unlike customer services in this specific case I had full access to it and was able to audit it to the best of my ability and found no such activity. BitTorrent wouldn't even have been able to get through its firewall. Cheers, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting
Re: [uknof] Notice of Claimed Infringement from A.B.C.D at 2019-06-05T06:41:07Z - Ref
Hello, On Fri, Jun 07, 2019 at 05:38:10PM +0400, Stephen Wilcox wrote: > On Fri, 7 Jun 2019 at 17:25, Andy Smith wrote: > > However, one day they sent one that implicated one of our > > infrastructure hosts and I could not see any way in which that could > > be torrenting, so I asked for more information. Every form of > > contact I made resulted in an auto response suggesting that if I am > > confused I should ask my network admin about it. > > So you're saying people who work at infrastructure companies - ISPs, DCs > etc, they don't do torrents and the like, and they would not do so with > on-premise equipment. No, I'm saying that unlike customer services in this specific case I had full access to it and was able to audit it to the best of my ability and found no such activity. BitTorrent wouldn't even have been able to get through its firewall. Cheers, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting
Re: [uknof] Notice of Claimed Infringement from A.B.C.D at 2019-06-05T06:41:07Z - Ref
On Fri, 7 Jun 2019 at 17:25, Andy Smith wrote: > > However, one day they sent one that implicated one of our > infrastructure hosts and I could not see any way in which that could > be torrenting, so I asked for more information. Every form of > contact I made resulted in an auto response suggesting that if I am > confused I should ask my network admin about it. > So you're saying people who work at infrastructure companies - ISPs, DCs etc, they don't do torrents and the like, and they would not do so with on-premise equipment. What good netizens you are! Steve
Re: [uknof] Notice of Claimed Infringement from A.B.C.D at 2019-06-05T06:41:07Z - Ref
Hi John, On Fri, Jun 07, 2019 at 01:08:49PM +, John Bourke wrote: > We got a "Notice of Claimed Infringement" for a torrent download of copyright > material by one of the reseller's customers. We can identify the end > customer from logs. > > What is best practice when dealing with these complaints ? We used to pass these on to the customer for the customer to take whatever action they think best. However, one day they sent one that implicated one of our infrastructure hosts and I could not see any way in which that could be torrenting, so I asked for more information. Every form of contact I made resulted in an auto response suggesting that if I am confused I should ask my network admin about it. After that, since the reports are provably inaccurate to some degree and there is no way to work with the reporters, we started to send them to /dev/null. > Is there a risk that our public NAT addresses will be blacklisted ? Unlikely. These companies do not operate any service; they are contracted to the media rights owners to go out and hunt possible infringers and intimidate them into stopping. No doubt they keep records of everything they have found and might one day take some en masse action to gather the contact details of the subscribers but it seems unlikely that they are going to feed all the IPs into some sort of blacklist for a future streaming service or similar. > Should we enforce an Acceptable Use Policy ? If you want to investigate this third party's allegation that your customer was torrenting something they shouldn't be torrenting, and then take action compatible with your AUP, that would be your decision. As I say, we drew the line at passing the notice on to the customer, and then after discovering that the reports could be wrong and there was no way to query them, we started binning them with no action. Cheers, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting
[uknof] Notice of Claimed Infringement from A.B.C.D at 2019-06-05T06:41:07Z - Ref
Hi, We build and operate Satellite ISP platforms for distributors of satellite services. These distributors sell through resellers to end customers. We got a "Notice of Claimed Infringement" for a torrent download of copyright material by one of the reseller's customers. We can identify the end customer from logs. What is best practice when dealing with these complaints ? Is there a risk that our public NAT addresses will be blacklisted ? Should we enforce an Acceptable Use Policy ? Thanks John Bourke Mobile Internet Ltd