Cloudflare blocking Cogent again
We are seeing multiple Cloudflare sites blocked on our Cogent circuits. Three Cogent circuits from two clients in two states are blocked. I opened a ticket with Cogent, but the last time this happened, they just shrugged and said "not our fault." Are any other Cogent customers seeing this? Any advice on how to resolve? Here are the sites we see blocked by Cloudflare. https://www.americanbar.org/ https://www.ballys.com/ https://investor.fanatics.com/investor-relations/default.aspx Jon Miller Bose McKinney & Evans LLP This message and any attachments may contain legally privileged or confidential information, and are intended only for the individual or entity identified above as the addressee. If you are not the addressee, or if this message has been addressed to you in error, you are not authorized to read, copy, or distribute this message and any attachments, and we ask that you please delete this message and attachments (including all copies) and notify the sender. Delivery of this message and any attachments to any person other than the intended recipient(s) is not intended in any way to waive confidentiality or a privilege. All personal messages express views only of the individual sender, and may not be copied or distributed without this statement.
That’s so nice of Cogent to shrug it off. That’s some top-quality customer service right there! I’ll add this to my ever-growing list of why i will never do business with Cogent. Suggestions on how to fix? Ditch Cogent. If you need help sourcing other providers, feel free to shoot me a message offlist. -Mike
On Aug 11, 2025, at 11:01, Miller, Jon via NANOG <nanog@lists.nanog.org> wrote:
We are seeing multiple Cloudflare sites blocked on our Cogent circuits. Three Cogent circuits from two clients in two states are blocked. I opened a ticket with Cogent, but the last time this happened, they just shrugged and said "not our fault." Are any other Cogent customers seeing this? Any advice on how to resolve? Here are the sites we see blocked by Cloudflare.
https://www.americanbar.org/ https://www.ballys.com/ https://investor.fanatics.com/investor-relations/default.aspx
Jon Miller Bose McKinney & Evans LLP
This message and any attachments may contain legally privileged or confidential information, and are intended only for the individual or entity identified above as the addressee.
If you are not the addressee, or if this message has been addressed to you in error, you are not authorized to read, copy, or distribute this message and any attachments, and we ask that you please delete this message and attachments (including all copies) and notify the sender. Delivery of this message and any attachments to any person other than the intended recipient(s) is not intended in any way to waive confidentiality or a privilege.
All personal messages express views only of the individual sender, and may not be copied or distributed without this statement.
_______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/X5VL4CRG...
Hey Jon - Messaged off list looking for a little more info on what you're seeing. On Mon, Aug 11, 2025 at 1:01 PM Miller, Jon via NANOG <nanog@lists.nanog.org> wrote:
We are seeing multiple Cloudflare sites blocked on our Cogent circuits. Three Cogent circuits from two clients in two states are blocked. I opened a ticket with Cogent, but the last time this happened, they just shrugged and said "not our fault." Are any other Cogent customers seeing this? Any advice on how to resolve? Here are the sites we see blocked by Cloudflare.
https://www.americanbar.org/ https://www.ballys.com/ https://investor.fanatics.com/investor-relations/default.aspx
Jon Miller Bose McKinney & Evans LLP
This message and any attachments may contain legally privileged or confidential information, and are intended only for the individual or entity identified above as the addressee.
If you are not the addressee, or if this message has been addressed to you in error, you are not authorized to read, copy, or distribute this message and any attachments, and we ask that you please delete this message and attachments (including all copies) and notify the sender. Delivery of this message and any attachments to any person other than the intended recipient(s) is not intended in any way to waive confidentiality or a privilege.
All personal messages express views only of the individual sender, and may not be copied or distributed without this statement.
_______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/X5VL4CRG...
-- Bryton Herdes Principal Network Engineer AS13335 - Cloudflare https://as13335.peeringdb.com
On 8/11/25 14:00, Miller, Jon via NANOG wrote:
We are seeing multiple Cloudflare sites blocked on our Cogent circuits. Three Cogent circuits from two clients in two states are blocked. I opened a ticket with Cogent, but the last time this happened, they just shrugged and said "not our fault." Are any other Cogent customers seeing this? Any advice on how to resolve? Here are the sites we see blocked by Cloudflare.
Cogent is a carrier; are they dropping transit from them or just blocking on AS path or IP? Are you using Cogent IP space? Are you single homed to Cogent? If those questions are yes, then your only real option is to reach out to the service providers who are using cloudflare and ask them to resolve the issue with their service provider. It's a bad idea to be single homed to any one upstream; Cogent is why we say this.
Jon Miller Bose McKinney & Evans LLP
This message and any attachments may contain legally privileged or confidential information, and are intended only for the individual or entity identified above as the addressee.
If you are not the addressee, or if this message has been addressed to you in error, you are not authorized to read, copy, or distribute this message and any attachments, and we ask that you please delete this message and attachments (including all copies) and notify the sender. Delivery of this message and any attachments to any person other than the intended recipient(s) is not intended in any way to waive confidentiality or a privilege.
All personal messages express views only of the individual sender, and may not be copied or distributed without this statement.
This is BS. I cite the link in the footer.
_______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/X5VL4CRG...
-- Bryan Fields 727-409-1194 - Voice http://bryanfields.net
Are you sure it’s not the Cloudflare customers choosing to block the Cogent ASN? i.e. are you seeing a CF blocking message rather than just a transit failure? Reason I ask is because we see a reasonable number of bot attacks sourced from AS174 end customers, so I could see sites like the ones you mentioned choosing to block rather than challenge. Cloudflare’s challenges seem to be getting bypassed by bots more and more lately, and their support doesn’t seem to care, so some users may resort to blocking. From: Miller, Jon via NANOG <nanog@lists.nanog.org> Date: Monday, August 11, 2025 at 2:01 PM To: nanog@lists.nanog.org <nanog@lists.nanog.org> Cc: Miller, Jon <JMiller@boselaw.com> Subject: Cloudflare blocking Cogent again We are seeing multiple Cloudflare sites blocked on our Cogent circuits. Three Cogent circuits from two clients in two states are blocked. I opened a ticket with Cogent, but the last time this happened, they just shrugged and said "not our fault." Are any other Cogent customers seeing this? Any advice on how to resolve? Here are the sites we see blocked by Cloudflare. https://www.americanbar.org/ https://www.ballys.com/ https://investor.fanatics.com/investor-relations/default.aspx Jon Miller Bose McKinney & Evans LLP This message and any attachments may contain legally privileged or confidential information, and are intended only for the individual or entity identified above as the addressee. If you are not the addressee, or if this message has been addressed to you in error, you are not authorized to read, copy, or distribute this message and any attachments, and we ask that you please delete this message and attachments (including all copies) and notify the sender. Delivery of this message and any attachments to any person other than the intended recipient(s) is not intended in any way to waive confidentiality or a privilege. All personal messages express views only of the individual sender, and may not be copied or distributed without this statement. _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/X5VL4CRG...
We are seeing Cloudflare “you have been blocked” messages from three different IP ranges but all on the Cogent ASN. Surely multiple Cloudflare customers aren’t blocking whole ASNs, right? Or can an entire ASN end up on a RBL because of a few bad actors? Jon Miller | Chief Information Officer Bose McKinney & Evans LLP From: David Hubbard <dhubbard@dino.hostasaurus.com> Sent: Monday, August 11, 2025 2:49 PM To: North American Network Operators Group <nanog@lists.nanog.org> Cc: Miller, Jon <JMiller@boselaw.com> Subject: Re: Cloudflare blocking Cogent again Are you sure it’s not the Cloudflare customers choosing to block the Cogent ASN? i.e. are you seeing a CF blocking message rather than just a transit failure? Reason I ask is because we see a reasonable number of bot attacks sourced from AS174 end customers, so I could see sites like the ones you mentioned choosing to block rather than challenge. Cloudflare’s challenges seem to be getting bypassed by bots more and more lately, and their support doesn’t seem to care, so some users may resort to blocking. From: Miller, Jon via NANOG <nanog@lists.nanog.org> Date: Monday, August 11, 2025 at 2:01 PM To: nanog@lists.nanog.org <nanog@lists.nanog.org> Cc: Miller, Jon <JMiller@boselaw.com> Subject: Cloudflare blocking Cogent again We are seeing multiple Cloudflare sites blocked on our Cogent circuits. Three Cogent circuits from two clients in two states are blocked. I opened a ticket with Cogent, but the last time this happened, they just shrugged and said "not our fault." Are any other Cogent customers seeing this? Any advice on how to resolve? Here are the sites we see blocked by Cloudflare. https://www.americanbar.org/<https://www.americanbar.org/> https://www.ballys.com/<https://www.ballys.com/> https://investor.fanatics.com/investor-relations/default.aspx<https://investor.fanatics.com/investor-relations/default.aspx> Jon Miller Bose McKinney & Evans LLP This message and any attachments may contain legally privileged or confidential information, and are intended only for the individual or entity identified above as the addressee. If you are not the addressee, or if this message has been addressed to you in error, you are not authorized to read, copy, or distribute this message and any attachments, and we ask that you please delete this message and attachments (including all copies) and notify the sender. Delivery of this message and any attachments to any person other than the intended recipient(s) is not intended in any way to waive confidentiality or a privilege. All personal messages express views only of the individual sender, and may not be copied or distributed without this statement. _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/X5VL4CRGDK6A4PTG6TETN3NW34JJYFDF/<https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/X5VL4CRGDK6A4PTG6TETN3NW34JJYFDF/>
Surely multiple Cloudflare customers aren’t blocking whole ASNs, right? Or can an entire ASN end up on a RBL because of a few bad actors?
Yes, and yes. Plenty of CF customers will block entire ASNs because of a small volume of bot traffic. In fact, "just block the ASN" is a common piece of advice given to people in CF's community forums. This of course is rarely the CORRECT answer for their problem, and they often don't understand the ramifications of what they're doing, but yes this happens all the time. On Mon, Aug 11, 2025 at 3:52 PM Miller, Jon via NANOG <nanog@lists.nanog.org> wrote:
We are seeing Cloudflare “you have been blocked” messages from three different IP ranges but all on the Cogent ASN. Surely multiple Cloudflare customers aren’t blocking whole ASNs, right? Or can an entire ASN end up on a RBL because of a few bad actors?
Jon Miller | Chief Information Officer Bose McKinney & Evans LLP
From: David Hubbard <dhubbard@dino.hostasaurus.com> Sent: Monday, August 11, 2025 2:49 PM To: North American Network Operators Group <nanog@lists.nanog.org> Cc: Miller, Jon <JMiller@boselaw.com> Subject: Re: Cloudflare blocking Cogent again
Are you sure it’s not the Cloudflare customers choosing to block the Cogent ASN? i.e. are you seeing a CF blocking message rather than just a transit failure?
Reason I ask is because we see a reasonable number of bot attacks sourced from AS174 end customers, so I could see sites like the ones you mentioned choosing to block rather than challenge. Cloudflare’s challenges seem to be getting bypassed by bots more and more lately, and their support doesn’t seem to care, so some users may resort to blocking.
From: Miller, Jon via NANOG <nanog@lists.nanog.org> Date: Monday, August 11, 2025 at 2:01 PM To: nanog@lists.nanog.org <nanog@lists.nanog.org> Cc: Miller, Jon <JMiller@boselaw.com> Subject: Cloudflare blocking Cogent again We are seeing multiple Cloudflare sites blocked on our Cogent circuits. Three Cogent circuits from two clients in two states are blocked. I opened a ticket with Cogent, but the last time this happened, they just shrugged and said "not our fault." Are any other Cogent customers seeing this? Any advice on how to resolve? Here are the sites we see blocked by Cloudflare.
https://www.americanbar.org/<https://www.americanbar.org/> https://www.ballys.com/<https://www.ballys.com/> https://investor.fanatics.com/investor-relations/default.aspx<; https://investor.fanatics.com/investor-relations/default.aspx>
Jon Miller Bose McKinney & Evans LLP
This message and any attachments may contain legally privileged or confidential information, and are intended only for the individual or entity identified above as the addressee.
If you are not the addressee, or if this message has been addressed to you in error, you are not authorized to read, copy, or distribute this message and any attachments, and we ask that you please delete this message and attachments (including all copies) and notify the sender. Delivery of this message and any attachments to any person other than the intended recipient(s) is not intended in any way to waive confidentiality or a privilege.
All personal messages express views only of the individual sender, and may not be copied or distributed without this statement.
_______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/X5VL4CRG... < https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/X5VL4CRG...
_______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/FURY3KOZ...
Yup that’s not uncommon, because often times when a cloud computing provider inhabits numerous netblocks all over the ASN, allows their customers to have dynamic exit IP’s, and doesn’t act on abuse reports, people end up dropping an ASN-based rule into Cloudflare. Blocking is aggressive, vs “managed challenge” which attempts to at least let humans through, but sometimes you’re stuck between a rock and a hard place if the bots in question are able to bypass the challenge, the attack continues, Cogent or their customer do nothing, and your app/site is impacted. I don’t see that as much with 174 as I do with malicious traffic from OVH, Digital Ocean, Hetzner, etc., but it happens. From: Miller, Jon <JMiller@boselaw.com> Date: Monday, August 11, 2025 at 3:52 PM To: David Hubbard <dhubbard@dino.hostasaurus.com>, North American Network Operators Group <nanog@lists.nanog.org> Subject: RE: Cloudflare blocking Cogent again We are seeing Cloudflare “you have been blocked” messages from three different IP ranges but all on the Cogent ASN. Surely multiple Cloudflare customers aren’t blocking whole ASNs, right? Or can an entire ASN end up on a RBL because of a few bad actors? Jon Miller | Chief Information Officer Bose McKinney & Evans LLP From: David Hubbard <dhubbard@dino.hostasaurus.com> Sent: Monday, August 11, 2025 2:49 PM To: North American Network Operators Group <nanog@lists.nanog.org> Cc: Miller, Jon <JMiller@boselaw.com> Subject: Re: Cloudflare blocking Cogent again Are you sure it’s not the Cloudflare customers choosing to block the Cogent ASN? i.e. are you seeing a CF blocking message rather than just a transit failure? Reason I ask is because we see a reasonable number of bot attacks sourced from AS174 end customers, so I could see sites like the ones you mentioned choosing to block rather than challenge. Cloudflare’s challenges seem to be getting bypassed by bots more and more lately, and their support doesn’t seem to care, so some users may resort to blocking. From: Miller, Jon via NANOG <nanog@lists.nanog.org> Date: Monday, August 11, 2025 at 2:01 PM To: nanog@lists.nanog.org <nanog@lists.nanog.org> Cc: Miller, Jon <JMiller@boselaw.com> Subject: Cloudflare blocking Cogent again We are seeing multiple Cloudflare sites blocked on our Cogent circuits. Three Cogent circuits from two clients in two states are blocked. I opened a ticket with Cogent, but the last time this happened, they just shrugged and said "not our fault." Are any other Cogent customers seeing this? Any advice on how to resolve? Here are the sites we see blocked by Cloudflare. https://www.americanbar.org/ https://www.ballys.com/ https://investor.fanatics.com/investor-relations/default.aspx Jon Miller Bose McKinney & Evans LLP This message and any attachments may contain legally privileged or confidential information, and are intended only for the individual or entity identified above as the addressee. If you are not the addressee, or if this message has been addressed to you in error, you are not authorized to read, copy, or distribute this message and any attachments, and we ask that you please delete this message and attachments (including all copies) and notify the sender. Delivery of this message and any attachments to any person other than the intended recipient(s) is not intended in any way to waive confidentiality or a privilege. All personal messages express views only of the individual sender, and may not be copied or distributed without this statement. _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/X5VL4CRG...
participants (6)
-
Bryan Fields -
Bryton Herdes -
David Hubbard -
Mike Lyon -
Miller, Jon -
Tom Beecher