I know I saw a significant number of suspicious routes from 31133 in the past day or two as well. There appears to be some pretty widespread bogus routing. - jared
On Apr 19, 2018, at 1:36 PM, Sandra Murphy <sandy@tislabs.com> wrote:
Of possible interest to this group.
Forwarding at Alexander’s suggestion, who says he has already shared info in the NANOG facebook group "(with updated prefixlist)".
—Sandy
Begin forwarded message:
From: Alexander Isavnin <isavnin@gmail.com> Subject: [cooperation-wg] Massive IP blockings in Russia Date: April 17, 2018 at 1:36:33 PM EDT To: cooperation-wg@ripe.net
Dear colleagues!
I’m not pleased to inform you that RosComNadzor, a Russian Communication supervisory body, has started blocking huge ranges of IPs belonging to different cloud infrastructures, mostly Amazon and Google Cloud. Those ranges include: 13.52.0.0/14, 13.56.0.0/14, 18.184.0.0/15, 18.194.0.0/15, 18.196.0.0/15, 34.192.0.0/10, 34.240.0.0/13, 34.248.0.0/13, 35.156.0.0/14, 35.160.0.0/13, 35.176.0.0/15, 52.0.0.0/11, 52.192.0.0/11, 52.208.0.0/13, 52.28.0.0/15, 52.58.0.0/15, 54.144.0.0/12, 54.160.0.0/12, 54.228.0.0/15, 54.72.0.0/15, 54.88.0.0/16.
Russian ISPs MUST fully block all traffic to such networks. The list is frequently updated and gets automatically propagated to ISP every once in a while, failure to block any address may result in 1500eur fine. The infrastructure listed above is being added to the blocklist under “counter-terrorist and counter-extremist” order of the General Prosecutor Office, #27-31-2015/Id4082-15, issued in 2015 and often used for blocking an arbitrary unwanted content. The real reason for such blocking is an attempt to cut access to Telegram messenger, which refused to provide end-to-end encryption keys to the Federal Security Service (previously known as KGB). This is a case similar to San-Bernardino shooter’s, where the FBI was denied access to the shooter’s iPhone, but courts in Russia have made completely opposite decision. Telegram’s infrastructure is being blocked by a different decision by RosKomNadzor, #2-1779/2018. Cloud infrastructures are being blocked for massive proxy and VPN hosting used to dodge messenger blocking.
It is said, that more Apple and Google networks may be blocked soon for apps updates and push notifications delivery for Telegram.
We hope to still have the global IP connectivity to keep you informed about how the situation develops. Do not be surprised if some of your services placed in cloud infrastructures will miss Russian customers.
You can monitor the number of IP addresses, domains and URLs to be blocked in Russia at the https://2018.schors.spb.ru/ page (run by the famous ENOG community member Phil Kulin). Detailed information (also via API) is available at the https://reestr.rublacklist.net run by RosKomSvoboda civil society group.
Kind regards, Alexander Isavnin
Sent via RIPE Forum -- https://www.ripe.net/participate/mail/forum