> On 25 Apr 2025, at 20:49, Eric Schechter <[email protected]> wrote:
>
> Hello, there is a cloud provider with RIPE ASNs that is hosting all kinds of
> abusive content from port scanning to malware and doesnt respond to any abuse
> emails, they have been outed but pretend they are innocent
> I'm currently being port scanned by pfcloud.io IPs and they havent responded
> to a single abuse report in months
> can anything be done about this malicious host?
> https://x.com/pfcloudio/status/1877064925262012466
The great thing about Autonomous Systems is that they are Autonomous and so are
you.
As such, if you dislike an ASN, you can opt to filter that away.
There are ready made lists for these kind of problems (as that above link is
about), as those kind of providers end up on eg:
https://www.spamhaus.org/blocklists/do-not-route-or-peer/
Complaining to ISPs who are setup to be hosting abuse content, who have
"companies" in Seychelles and other such locations, is not going to work, as
their whole "business" is that of being abusive.
Them ending up on such lists and then having issues because of it might change
their business case, maybe, but do not hold your breath, this is a decades long
problem already.
Thus if you have issues with a prefix or a whole ASN, either use the above
lists and you automatically avoid these kind of "companies" or lookup the
information:
https://bgp.tools/as/51396#prefixes
And filter them out per prefix.
ah yes WHOIS has:
mnt-ref: WHITELABEL-MNT
https://bgp.tools/as/214497#whois
Yep, that is an obvious bad seed, anything related to it seems to be setup as
small shell companies but seem to be the same entity anyway. Logical that they
end up on DROP.
RIPE NCC does no enforcement of this, they verify that the company is "valid",
and that is it.
Just a shame that all that IPv4 space is being used for these purposes instead
of legit companies who want to enter the market. Oh well, there is IPv6 right...
Greets,
Jeroen
-----
To unsubscribe from this mailing list or change your subscription options,
please visit: https://mailman.ripe.net/mailman3/lists/security-wg.ripe.net/
As we have migrated to Mailman 3, you will need to create an account with the
email matching your subscription before you can change your settings.
More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
