Any cidr list for Cloud Innovation? (Attack issues now that they're routed by Cox)
Hi all, curious if there’s any accurate and maintained list of the networks associated with Cloud Innovation? For reasons unknown, it seems Cox is now providing transit for some of the questionable Seychelles-associated networks via their normal AS 22773. That of course makes the attack traffic sourced from those networks hard to mitigate, since we can’t blackhole Cox without cutting off the massive amount of legit traffic. Many of the networks seem to also be routed by 35916 (https://bgp.he.net/AS35916#_prefixes), but with more specific advertisements via Cox. Perhaps Cloud Innovation and Multacom are one and the same, or Multacom just has no issue dealing with that entity. Either way, I suppose I could use 35916 as a reference, but not sure that’s a complete list or if Multacom will come to route legit customers at some point. Thanks, David
use at your own risk. [frank@fisi ~]$ grep F368F2D0 delegated-afrinic-extended-20260322 afrinic|SC|ipv4|45.192.0.0|1048576|20141201|allocated|F368F2D0 afrinic|SC|ipv4|154.80.0.0|1048576|20130724|allocated|F368F2D0 afrinic|SC|ipv4|154.192.0.0|2097152|20160923|allocated|F368F2D0 afrinic|SC|ipv4|156.224.0.0|2097152|20151222|allocated|F368F2D0 [frank@fisi ~]$ 45.192.0.0/12 154.80.0.0/12 154.192.0.0/11 156.224.0.0/11 On 3/25/2026 5:36 PM, David Hubbard via NANOG wrote:
Hi all, curious if there’s any accurate and maintained list of the networks associated with Cloud Innovation? For reasons unknown, it seems Cox is now providing transit for some of the questionable Seychelles-associated networks via their normal AS 22773. That of course makes the attack traffic sourced from those networks hard to mitigate, since we can’t blackhole Cox without cutting off the massive amount of legit traffic.
Many of the networks seem to also be routed by 35916 (https://bgp.he.net/AS35916#_prefixes), but with more specific advertisements via Cox. Perhaps Cloud Innovation and Multacom are one and the same, or Multacom just has no issue dealing with that entity. Either way, I suppose I could use 35916 as a reference, but not sure that’s a complete list or if Multacom will come to route legit customers at some point.
Thanks,
David
_______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/I4HIMW6S...
Hi Thanks for raising this. We do not publish a static public list mapping networks in the manner you describe, because the underlying customer and routing landscape is dynamic. The correct reporting channel is abuse@larus.net, where reports are automatically routed to the relevant downstream network for review and handling. For matters that require formal legal escalation or binding legal process, the correct contact is legal@larus.net. We support a large number of networks, so our abuse intake and triage workflow is highly automated, including internal LLM-assisted routing. As with any large-scale system, accuracy can always be improved, and we welcome specific feedback where routing or handling can be made better. -- Kind regards. Lu On Wed, Mar 25, 2026 at 22:37 David Hubbard via NANOG <nanog@lists.nanog.org> wrote:
Hi all, curious if there’s any accurate and maintained list of the networks associated with Cloud Innovation? For reasons unknown, it seems Cox is now providing transit for some of the questionable Seychelles-associated networks via their normal AS 22773. That of course makes the attack traffic sourced from those networks hard to mitigate, since we can’t blackhole Cox without cutting off the massive amount of legit traffic.
Many of the networks seem to also be routed by 35916 ( https://bgp.he.net/AS35916#_prefixes), but with more specific advertisements via Cox. Perhaps Cloud Innovation and Multacom are one and the same, or Multacom just has no issue dealing with that entity. Either way, I suppose I could use 35916 as a reference, but not sure that’s a complete list or if Multacom will come to route legit customers at some point.
Thanks,
David
_______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/I4HIMW6S...
participants (3)
-
David Hubbard -
Frank Habicht -
Lu Heng