Hi, I am a customer of ReliableSite in their New Jersey location, and RS uses GTT as a transit ISP, along with Tata and Comcast. GTT appears to be blocking the IPv4 address 128.31.0.39, and RS' BGP uses GTT for 128.31.0.39. neel@t1:~ % traceroute 128.31.0.39 traceroute to 128.31.0.39 (128.31.0.39), 64 hops max, 40 byte packets 1 45.150.XXX.1 (45.150.XXX.1) 4.828 ms 4.557 ms 5.916 ms 2 * * * ^C neel@t1:~ % Hop #2 which is generally the transit provider, GTT (which handles this route). Note: 45.150.XXX.1 is because it's a subnet I brought in, this is the only ReliableSite hop. The 128.31.0.0/24 doesn't appear to be blocked as a whole, only that 128.31.0.39. See below: neel@t1:~ % traceroute 128.31.0.1 traceroute to 128.31.0.1 (128.31.0.1), 64 hops max, 40 byte packets 1 45.150.XXX.1 (45.150.XXX.1) 0.241 ms 0.220 ms 9.362 ms 2 ae9-300.cr2-nyc4.ip4.gtt.net (209.120.147.121) 1.605 ms 0.853 ms 1.173 ms 3 ae3.cr1-nyc2.ip4.gtt.net (89.149.129.194) 5.488 ms 6.471 ms 1.451 ms 4 be3088.ccr31.jfk04.atlas.cogentco.com (154.54.11.57) 1.604 ms 1.726 ms * 5 be3363.ccr42.jfk02.atlas.cogentco.com (154.54.3.125) 1.802 ms 1.771 ms 1.708 ms 6 be3472.ccr32.bos01.atlas.cogentco.com (154.54.46.33) 7.082 ms 7.268 ms 7.249 ms 7 38.104.186.186 (38.104.186.186) 7.017 ms 7.247 ms 6.987 ms 8 dmz-rtr-1-external-rtr-3.mit.edu (18.0.161.13) 7.010 ms 7.001 ms 6.996 ms 9 dmz-rtr-2-dmz-rtr-1-2.mit.edu (18.0.162.6) 7.033 ms 7.294 ms dmz-rtr-2-dmz-rtr-1-1.mit.edu (18.0.161.6) 7.073 ms 10 guest.default.csail.mit.edu (128.31.0.1) 9.011 ms 7.484 ms 7.551 ms neel@t1:~ % As you can see here, GTT handles other 128.31.0.39 IPs fine as seen in hop #2. ReliableSite says they don't block the IP address, but I don't have any contact at GTT or MIT. My home ISP, Lumen/CenturyLink/Level 3 does not block 128.31.0.39. 128.31.0.39 is a Tor directory authority IP, which is usually a phonebook of Tor relays. There are 9 in the world and the other 8 are unblocked from ReliableSite. Yes, I know Tor is all this 'bad stuff' but the reality is that 99% of Tor users use it like a VPN, speaking as a Tor exit operator and code contributor myself. Exit abuse complaints were super common 5-8 years ago but are now super rare. If someone works at GTT, can 128.31.0.39 be unblocked? Best, -Neel --- https://www.neelc.org
Confirmed it with a router at AS8100, static routing 128.31.0.39 towards GTT results in a blackhole and 128.31.0.1 works just fine, which means either the IP address is null routed on GTT's network at the request of MIT (got to give them the benefit of the doubt) or they are knowingly blocking Tor. Ryan Hamel -----Original Message----- From: NANOG <nanog-bounces+ryan=rkhtech.org@nanog.org> On Behalf Of Neel Chauhan Sent: Tuesday, January 3, 2023 7:49 PM To: nanog@nanog.org Subject: GTT blocking IPv4 address 128.31.0.39 Hi, I am a customer of ReliableSite in their New Jersey location, and RS uses GTT as a transit ISP, along with Tata and Comcast. GTT appears to be blocking the IPv4 address 128.31.0.39, and RS' BGP uses GTT for 128.31.0.39. neel@t1:~ % traceroute 128.31.0.39 traceroute to 128.31.0.39 (128.31.0.39), 64 hops max, 40 byte packets 1 45.150.XXX.1 (45.150.XXX.1) 4.828 ms 4.557 ms 5.916 ms 2 * * * ^C neel@t1:~ % Hop #2 which is generally the transit provider, GTT (which handles this route). Note: 45.150.XXX.1 is because it's a subnet I brought in, this is the only ReliableSite hop. The 128.31.0.0/24 doesn't appear to be blocked as a whole, only that 128.31.0.39. See below: neel@t1:~ % traceroute 128.31.0.1 traceroute to 128.31.0.1 (128.31.0.1), 64 hops max, 40 byte packets 1 45.150.XXX.1 (45.150.XXX.1) 0.241 ms 0.220 ms 9.362 ms 2 ae9-300.cr2-nyc4.ip4.gtt.net (209.120.147.121) 1.605 ms 0.853 ms 1.173 ms 3 ae3.cr1-nyc2.ip4.gtt.net (89.149.129.194) 5.488 ms 6.471 ms 1.451 ms 4 be3088.ccr31.jfk04.atlas.cogentco.com (154.54.11.57) 1.604 ms 1.726 ms * 5 be3363.ccr42.jfk02.atlas.cogentco.com (154.54.3.125) 1.802 ms 1.771 ms 1.708 ms 6 be3472.ccr32.bos01.atlas.cogentco.com (154.54.46.33) 7.082 ms 7.268 ms 7.249 ms 7 38.104.186.186 (38.104.186.186) 7.017 ms 7.247 ms 6.987 ms 8 dmz-rtr-1-external-rtr-3.mit.edu (18.0.161.13) 7.010 ms 7.001 ms 6.996 ms 9 dmz-rtr-2-dmz-rtr-1-2.mit.edu (18.0.162.6) 7.033 ms 7.294 ms dmz-rtr-2-dmz-rtr-1-1.mit.edu (18.0.161.6) 7.073 ms 10 guest.default.csail.mit.edu (128.31.0.1) 9.011 ms 7.484 ms 7.551 ms neel@t1:~ % As you can see here, GTT handles other 128.31.0.39 IPs fine as seen in hop #2. ReliableSite says they don't block the IP address, but I don't have any contact at GTT or MIT. My home ISP, Lumen/CenturyLink/Level 3 does not block 128.31.0.39. 128.31.0.39 is a Tor directory authority IP, which is usually a phonebook of Tor relays. There are 9 in the world and the other 8 are unblocked from ReliableSite. Yes, I know Tor is all this 'bad stuff' but the reality is that 99% of Tor users use it like a VPN, speaking as a Tor exit operator and code contributor myself. Exit abuse complaints were super common 5-8 years ago but are now super rare. If someone works at GTT, can 128.31.0.39 be unblocked? Best, -Neel --- https://www.neelc.org
participants (2)
-
Neel Chauhan
-
Ryan Hamel