Even more concerning, on the surface it looks like there could be some cooperation by Cloudflare. If you look at the list of domains that contain an A record for that IP, it's almost all torrent sites and mirrors. Could they have placed all these domains behind that IP for a purpose like this? http://bgp.he.net/ip/104.31.18.30#_dns -------- Original Message -------- Subject: Re: backbones filtering unsanctioned sites Local Time: February 13, 2017 2:53 PM UTC Time: February 13, 2017 9:53 PM From: jfmezei_nanog@vaxination.ca To: nanog@nanog.org Cogent seems to have been very very silent on the issue. Could this be because they got some police/NSA/FBI letter requiring confindentiality and requiring Cogent to snoop on all traffic to 104.31.19.30 , and along with agreeing to comply, blocked all the requested traffic which means that their cooperation yield logs of what IP has made a SYN to 104.31.18.30 but since that SYN went nowhere, contains no other information, so the agency gets its logs as requested, but with no actionable information in them ? That would explain the block AND Cogent being coy/silent on issue. This could be a "protect users" move even though on the surface Cogent appears to be the bad guy. The other question is whether other major backbone providers got the same order and complied without telling ayone nor taking any action to block. In my case, the ISP I used has local peering with Cloudfare, so not affected. Not sure what percentage of users have local transit-free connections.