So the pain has finally flowed down to other parts of the world. (APNIC ran out of IP's a long time ago, so CGN has been in use here for a lot longer) This issue is one I have been dealing with for the last four years. Only with Sony, no other company has caused such a headache in regard to CGNAT. I will not go into the long and painful saga of dealing with the constant issue of Sony putting blocks on random pool addresses, refusing to supply sufficient information to identify rouge users (timestamp, source IP, destination IP and port) then telling our customers it is a problem at the ISP end, but... Something happened about three months ago that Proves that if the Sony technical people want to get off their asses they are perfectly capable of supplying adequate information to identify a rogue user for the ISP to deal with. One of the local Sony PSN helpline managers actually managed to convince one of their technical people to supply a spreadsheet that magically contained sufficient information to allow us to identify a couple of users that did indeed have multiple infections. Great I thought, now if we can just get them to automate/regularly sent this info we will have a way forward. Alas, it appears it was a one off and we are back to the start. I will quote below what the Sony Network guy said when explaining why they can't send detailed information every time - " From: SNEI-NOC-Abuse [mailto:SNEI-NOC-Abuse@am.sony.com] Sent: Thursday, 11 August 2016 8:38 AM To: ##me## Cc: ##helpful Sony guy## Subject: RE: PSN / Flip Network blocks Hello, There is quite a bit of extra computing power required to produce the CSV file with timestamps and destination IP addresses. We send out over 6000 emails per day which already takes a significant amount of resources and time. We tend to get around 20-30 responses. Instead of wasting the resources on all those emails we generate CSV files for those who respond. We hope you understand. Thank you for taking action on these." So there you go, Sony can indeed solve this issue, but apparently a company that makes computers has insufficient computing power and staff to do so. Oh and after this, despite being asked many times they have never responded to requests for the CSV or similar detailed info. -----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Simon Lockhart Sent: Saturday, 17 September 2016 1:13 AM To: nanog@nanog.org Subject: PlayStationNetwork blocking of CGNAT public addresses All, We operate an access network with several hundred thousand users. Increasingly we're putting the users behind CGNAT in order to continue to give them an IPv4 service (we're all dual-stack, so they all get public IPv6 too). Due to the demographic of our users, many of them are gamers. We're hitting a problem with PlayStationNetwork 'randomly' blocking some of our CGNAT outside addresses, because they claim to have received anomalous, or 'attack' traffic from that IP. This obviously causes problems for the other legitimate users who end up behind the same public IPv4 address. Despite numerous attempts to engage with PSN, they are unwilling to give us any additional information which would allow us to identify the 'rogue' users on our network, or to identify the 'unwanted' traffic so that we could either block it, or use it to identify the rogue users ourselves. Has anyone else come up against the problem, and/or have any suggestions on how best to resolve it? Many thanks in advance, Simon