https://torrentfreak.com/internet-backbone-provider-cogent-blocks-pirate-bay... /kc -- Ken Chase - math@sizone.org Guelph Canada
On 2017-02-10 04:18, Ken Chase wrote:
https://torrentfreak.com/internet-backbone-provider-cogent-blocks-pirate-bay...
/kc
Strange indeed.. but they forgot to ban it on IPv6 - maybe they're trying to push IPv6 adoption! Banning any Cloudflare hosted sites by IP is particularly ineffective because it doesn't really matter which cloudflare IP you connect to as long as you present the right SNI name and HTTP Host header.. basically just add www.thepiratebay.org to your hosts file and point it at any other cloudflare IP.. like they banned 104.31.18.30 so change it to 104.31.18.31 and ban evaded. Rob
On Fri, Feb 10, 2017 at 6:47 AM, Robert McKay <robert@mckay.com> wrote:
On 2017-02-10 04:18, Ken Chase wrote:
https://torrentfreak.com/internet-backbone-provider-cogent- blocks-pirate-bay-and-other-pirate-sites-170209/
/kc
Strange indeed.. but they forgot to ban it on IPv6 - maybe they're trying to push IPv6 adoption!
ha, you are hilarious.
Banning any Cloudflare hosted sites by IP is particularly ineffective because it doesn't really matter which cloudflare IP you connect to as long as you present the right SNI name and HTTP Host header.. basically just add www.thepiratebay.org to your hosts file and point it at any other cloudflare IP.. like they banned 104.31.18.30 so change it to 104.31.18.31 and ban evaded.
isn't any 'copyright driven' censorship move really just a half-a$$ed move anyway? it's all about knocking out 90% of the users? ALL of these restrictions can be avoided if you can encap around, or fix-your-local-resolver, or ... which 90% of the people just won't do...
On 2/9/17 9:18 PM, Ken Chase wrote:
https://torrentfreak.com/internet-backbone-provider-cogent-blocks-pirate-bay...
/kc
Funny. Someone else got back: "Abuse cannot not provide you a list of websites that may be encountering reduced visibility via Cogent" I almost wish I had a Cogent circuit just to bring this up with an account rep. Almost. I'd very much so view this as a contractual violation on Cogent's part. Cogent keeps contacting me every year wanting to sell me service. This will be a good one to bring up when they call me next time. -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org / http://www.ahbl.org
Have we determined that this is intentional vs. some screw up? ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com ----- Original Message ----- From: "Brielle Bruns" <bruns@2mbit.com> To: nanog@nanog.org Sent: Friday, February 10, 2017 12:28:53 PM Subject: Re: backbones filtering unsanctioned sites On 2/9/17 9:18 PM, Ken Chase wrote:
https://torrentfreak.com/internet-backbone-provider-cogent-blocks-pirate-bay...
/kc
Funny. Someone else got back: "Abuse cannot not provide you a list of websites that may be encountering reduced visibility via Cogent" I almost wish I had a Cogent circuit just to bring this up with an account rep. Almost. I'd very much so view this as a contractual violation on Cogent's part. Cogent keeps contacting me every year wanting to sell me service. This will be a good one to bring up when they call me next time. -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org / http://www.ahbl.org
This looks pretty intentional to me. From http://www.cogentco.com/en/network/looking-glass: BGP routing table entry for 104.31.18.30/32, version 611495773 Paths: (1 available, best #1, table Default-IP-Routing-Table) Local 10.255.255.255 (metric 10177050) from 154.54.66.21 (154.54.66.21) Origin IGP, metric 0, localpref 150, valid, internal, best Community: 174:990 174:20912 174:21001 Originator: 66.28.1.228, Cluster list: 154.54.66.21, 66.28.1.9 BGP routing table entry for 104.31.19.30/32, version 611495772 Paths: (1 available, best #1, table Default-IP-Routing-Table) Local 10.255.255.255 (metric 10177050) from 154.54.66.21 (154.54.66.21) Origin IGP, metric 0, localpref 150, valid, internal, best Community: 174:990 174:20912 174:21001 Originator: 66.28.1.228, Cluster list: 154.54.66.21, 66.28.1.9 Call it a "hunch" but I doubt 10.255.255.255 is a valid next-hop router. On Fri, Feb 10, 2017 at 1:39 PM, Mike Hammett <nanog@ics-il.net> wrote:
Have we determined that this is intentional vs. some screw up?
----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com
Midwest-IX http://www.midwest-ix.com
----- Original Message -----
From: "Brielle Bruns" <bruns@2mbit.com> To: nanog@nanog.org Sent: Friday, February 10, 2017 12:28:53 PM Subject: Re: backbones filtering unsanctioned sites
On 2/9/17 9:18 PM, Ken Chase wrote:
https://torrentfreak.com/internet-backbone-provider- cogent-blocks-pirate-bay-and-other-pirate-sites-170209/
/kc
Funny. Someone else got back:
"Abuse cannot not provide you a list of websites that may be encountering reduced visibility via Cogent"
I almost wish I had a Cogent circuit just to bring this up with an account rep. Almost.
I'd very much so view this as a contractual violation on Cogent's part.
Cogent keeps contacting me every year wanting to sell me service. This will be a good one to bring up when they call me next time.
-- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org / http://www.ahbl.org
Never attribute to malice that which is adequately explained by stupidity? ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com ----- Original Message ----- From: "Jason Rokeach" <jason@rokeach.net> To: "Mike Hammett" <nanog@ics-il.net> Cc: nanog@nanog.org Sent: Friday, February 10, 2017 12:46:57 PM Subject: Re: backbones filtering unsanctioned sites This looks pretty intentional to me. From http://www.cogentco.com/en/network/looking-glass : BGP routing table entry for 104.31.18.30/32 , version 611495773 Paths: (1 available, best #1, table Default-IP-Routing-Table) Local 10.255.255.255 (metric 10177050) from 154.54.66.21 (154.54.66.21) Origin IGP, metric 0, localpref 150, valid, internal, best Community: 174:990 174:20912 174:21001 Originator: 66.28.1.228, Cluster list: 154.54.66.21, 66.28.1.9 BGP routing table entry for 104.31.19.30/32 , version 611495772 Paths: (1 available, best #1, table Default-IP-Routing-Table) Local 10.255.255.255 (metric 10177050) from 154.54.66.21 (154.54.66.21) Origin IGP, metric 0, localpref 150, valid, internal, best Community: 174:990 174:20912 174:21001 Originator: 66.28.1.228, Cluster list: 154.54.66.21, 66.28.1.9 Call it a "hunch" but I doubt 10.255.255.255 is a valid next-hop router. On Fri, Feb 10, 2017 at 1:39 PM, Mike Hammett < nanog@ics-il.net > wrote: Have we determined that this is intentional vs. some screw up? ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com ----- Original Message ----- From: "Brielle Bruns" < bruns@2mbit.com > To: nanog@nanog.org Sent: Friday, February 10, 2017 12:28:53 PM Subject: Re: backbones filtering unsanctioned sites On 2/9/17 9:18 PM, Ken Chase wrote:
https://torrentfreak.com/internet-backbone-provider-cogent-blocks-pirate-bay...
/kc
Funny. Someone else got back: "Abuse cannot not provide you a list of websites that may be encountering reduced visibility via Cogent" I almost wish I had a Cogent circuit just to bring this up with an account rep. Almost. I'd very much so view this as a contractual violation on Cogent's part. Cogent keeps contacting me every year wanting to sell me service. This will be a good one to bring up when they call me next time. -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org / http://www.ahbl.org
Cogent also have a blackhole route-server that they will provide to you to announce /32's for blackholing. The address for this is 66.28.1.228 which is the originator for the 104.31.19.30/3 <http://104.31.19.30/32>2 and 104.31.18.30/32 routes. On 10 February 2017 at 18:46, Jason Rokeach <jason@rokeach.net> wrote:
This looks pretty intentional to me. From http://www.cogentco.com/en/network/looking-glass:
BGP routing table entry for 104.31.18.30/32, version 611495773 Paths: (1 available, best #1, table Default-IP-Routing-Table) Local 10.255.255.255 (metric 10177050) from 154.54.66.21 (154.54.66.21) Origin IGP, metric 0, localpref 150, valid, internal, best Community: 174:990 174:20912 174:21001 Originator: 66.28.1.228, Cluster list: 154.54.66.21, 66.28.1.9
BGP routing table entry for 104.31.19.30/32, version 611495772 Paths: (1 available, best #1, table Default-IP-Routing-Table) Local 10.255.255.255 (metric 10177050) from 154.54.66.21 (154.54.66.21) Origin IGP, metric 0, localpref 150, valid, internal, best Community: 174:990 174:20912 174:21001 Originator: 66.28.1.228, Cluster list: 154.54.66.21, 66.28.1.9
Call it a "hunch" but I doubt 10.255.255.255 is a valid next-hop router.
On Fri, Feb 10, 2017 at 1:39 PM, Mike Hammett <nanog@ics-il.net> wrote:
Have we determined that this is intentional vs. some screw up?
----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com
Midwest-IX http://www.midwest-ix.com
----- Original Message -----
From: "Brielle Bruns" <bruns@2mbit.com> To: nanog@nanog.org Sent: Friday, February 10, 2017 12:28:53 PM Subject: Re: backbones filtering unsanctioned sites
On 2/9/17 9:18 PM, Ken Chase wrote:
https://torrentfreak.com/internet-backbone-provider- cogent-blocks-pirate-bay-and-other-pirate-sites-170209/
/kc
Funny. Someone else got back:
"Abuse cannot not provide you a list of websites that may be encountering reduced visibility via Cogent"
I almost wish I had a Cogent circuit just to bring this up with an account rep. Almost.
I'd very much so view this as a contractual violation on Cogent's part.
Cogent keeps contacting me every year wanting to sell me service. This will be a good one to bring up when they call me next time.
-- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org / http://www.ahbl.org
Yup, they do indeed. And for fun, I black-listed one of our IPs, and sure enough, the next-hop shows up as 10.255.255.255, and the communities are the same aside from what appear to be regional things. -- BGP routing table entry for 66.253.214.90/32, version 638637516 Paths: (1 available, best #1, table Default-IP-Routing-Table) Flag: 0x820 23473 10.255.255.255 (metric 10177050) from 154.54.66.21 (154.54.66.21) Origin IGP, localpref 150, valid, internal, best Community: 174:990 174:20912 174:21001 174:22013 Originator: 66.28.1.228, Cluster list: 154.54.66.21, 66.28.1.9 On 2/10/17 1:49 PM, Alistair Mackenzie wrote:
Cogent also have a blackhole route-server that they will provide to you to announce /32's for blackholing.
The address for this is 66.28.1.228 which is the originator for the 104.31.19.30/3 <http://104.31.19.30/32>2 and 104.31.18.30/32 routes.
On 10 February 2017 at 18:46, Jason Rokeach <jason@rokeach.net> wrote:
This looks pretty intentional to me. From http://www.cogentco.com/en/network/looking-glass:
BGP routing table entry for 104.31.18.30/32, version 611495773 Paths: (1 available, best #1, table Default-IP-Routing-Table) Local 10.255.255.255 (metric 10177050) from 154.54.66.21 (154.54.66.21) Origin IGP, metric 0, localpref 150, valid, internal, best Community: 174:990 174:20912 174:21001 Originator: 66.28.1.228, Cluster list: 154.54.66.21, 66.28.1.9
BGP routing table entry for 104.31.19.30/32, version 611495772 Paths: (1 available, best #1, table Default-IP-Routing-Table) Local 10.255.255.255 (metric 10177050) from 154.54.66.21 (154.54.66.21) Origin IGP, metric 0, localpref 150, valid, internal, best Community: 174:990 174:20912 174:21001 Originator: 66.28.1.228, Cluster list: 154.54.66.21, 66.28.1.9
Call it a "hunch" but I doubt 10.255.255.255 is a valid next-hop router.
On Fri, Feb 10, 2017 at 1:39 PM, Mike Hammett <nanog@ics-il.net> wrote:
Have we determined that this is intentional vs. some screw up?
----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com
Midwest-IX http://www.midwest-ix.com
----- Original Message -----
From: "Brielle Bruns" <bruns@2mbit.com> To: nanog@nanog.org Sent: Friday, February 10, 2017 12:28:53 PM Subject: Re: backbones filtering unsanctioned sites
On 2/9/17 9:18 PM, Ken Chase wrote:
https://torrentfreak.com/internet-backbone-provider- cogent-blocks-pirate-bay-and-other-pirate-sites-170209/
/kc
Funny. Someone else got back:
"Abuse cannot not provide you a list of websites that may be encountering reduced visibility via Cogent"
I almost wish I had a Cogent circuit just to bring this up with an account rep. Almost.
I'd very much so view this as a contractual violation on Cogent's part.
Cogent keeps contacting me every year wanting to sell me service. This will be a good one to bring up when they call me next time.
-- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org / http://www.ahbl.org
Cogent confirmed on the phone that they are the ones who put the blackhole in place. This is after they closed our ticket twice without response. Purposely didn't mention a website in the ticket yet they asked on the phone if it was regarding thepiratebay so they are very aware of this... On 11 February 2017 at 15:18, Bryan Holloway <bryan@shout.net> wrote:
Yup, they do indeed. And for fun, I black-listed one of our IPs, and sure enough, the next-hop shows up as 10.255.255.255, and the communities are the same aside from what appear to be regional things.
--
BGP routing table entry for 66.253.214.90/32, version 638637516 Paths: (1 available, best #1, table Default-IP-Routing-Table) Flag: 0x820 23473 10.255.255.255 (metric 10177050) from 154.54.66.21 (154.54.66.21) Origin IGP, localpref 150, valid, internal, best Community: 174:990 174:20912 174:21001 174:22013 Originator: 66.28.1.228, Cluster list: 154.54.66.21, 66.28.1.9
On 2/10/17 1:49 PM, Alistair Mackenzie wrote:
Cogent also have a blackhole route-server that they will provide to you to announce /32's for blackholing.
The address for this is 66.28.1.228 which is the originator for the 104.31.19.30/3 <http://104.31.19.30/32>2 and 104.31.18.30/32 routes.
On 10 February 2017 at 18:46, Jason Rokeach <jason@rokeach.net> wrote:
This looks pretty intentional to me. From
http://www.cogentco.com/en/network/looking-glass:
BGP routing table entry for 104.31.18.30/32, version 611495773 Paths: (1 available, best #1, table Default-IP-Routing-Table) Local 10.255.255.255 (metric 10177050) from 154.54.66.21 (154.54.66.21) Origin IGP, metric 0, localpref 150, valid, internal, best Community: 174:990 174:20912 174:21001 Originator: 66.28.1.228, Cluster list: 154.54.66.21, 66.28.1.9
BGP routing table entry for 104.31.19.30/32, version 611495772 Paths: (1 available, best #1, table Default-IP-Routing-Table) Local 10.255.255.255 (metric 10177050) from 154.54.66.21 (154.54.66.21) Origin IGP, metric 0, localpref 150, valid, internal, best Community: 174:990 174:20912 174:21001 Originator: 66.28.1.228, Cluster list: 154.54.66.21, 66.28.1.9
Call it a "hunch" but I doubt 10.255.255.255 is a valid next-hop router.
On Fri, Feb 10, 2017 at 1:39 PM, Mike Hammett <nanog@ics-il.net> wrote:
Have we determined that this is intentional vs. some screw up?
----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com
Midwest-IX http://www.midwest-ix.com
----- Original Message -----
From: "Brielle Bruns" <bruns@2mbit.com> To: nanog@nanog.org Sent: Friday, February 10, 2017 12:28:53 PM Subject: Re: backbones filtering unsanctioned sites
On 2/9/17 9:18 PM, Ken Chase wrote:
cogent-blocks-pirate-bay-and-other-pirate-sites-170209/
/kc
Funny. Someone else got back:
"Abuse cannot not provide you a list of websites that may be encountering reduced visibility via Cogent"
I almost wish I had a Cogent circuit just to bring this up with an account rep. Almost.
I'd very much so view this as a contractual violation on Cogent's part.
Cogent keeps contacting me every year wanting to sell me service. This will be a good one to bring up when they call me next time.
-- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org / http://www.ahbl.org
So... i doubt CloudFlare allocates one ip per domain served... which means Cogent customers will be unable to access other CloudFlare proxied site, served by this same IP, for a particular geographic zone? --- Marco On Sat, Feb 11, 2017 at 8:44 PM, Alistair Mackenzie <magicsata@gmail.com> wrote:
Cogent confirmed on the phone that they are the ones who put the blackhole in place. This is after they closed our ticket twice without response.
Purposely didn't mention a website in the ticket yet they asked on the phone if it was regarding thepiratebay so they are very aware of this...
On 11 February 2017 at 15:18, Bryan Holloway <bryan@shout.net> wrote:
Yup, they do indeed. And for fun, I black-listed one of our IPs, and sure enough, the next-hop shows up as 10.255.255.255, and the communities are the same aside from what appear to be regional things.
--
BGP routing table entry for 66.253.214.90/32, version 638637516 Paths: (1 available, best #1, table Default-IP-Routing-Table) Flag: 0x820 23473 10.255.255.255 (metric 10177050) from 154.54.66.21 (154.54.66.21) Origin IGP, localpref 150, valid, internal, best Community: 174:990 174:20912 174:21001 174:22013 Originator: 66.28.1.228, Cluster list: 154.54.66.21, 66.28.1.9
On 2/10/17 1:49 PM, Alistair Mackenzie wrote:
Cogent also have a blackhole route-server that they will provide to you to announce /32's for blackholing.
The address for this is 66.28.1.228 which is the originator for the 104.31.19.30/3 <http://104.31.19.30/32>2 and 104.31.18.30/32 routes.
On 10 February 2017 at 18:46, Jason Rokeach <jason@rokeach.net> wrote:
http://www.cogentco.com/en/network/looking-glass:
BGP routing table entry for 104.31.18.30/32, version 611495773 Paths: (1 available, best #1, table Default-IP-Routing-Table) Local 10.255.255.255 (metric 10177050) from 154.54.66.21 (154.54.66.21) Origin IGP, metric 0, localpref 150, valid, internal, best Community: 174:990 174:20912 174:21001 Originator: 66.28.1.228, Cluster list: 154.54.66.21, 66.28.1.9
BGP routing table entry for 104.31.19.30/32, version 611495772 Paths: (1 available, best #1, table Default-IP-Routing-Table) Local 10.255.255.255 (metric 10177050) from 154.54.66.21 (154.54.66.21) Origin IGP, metric 0, localpref 150, valid, internal, best Community: 174:990 174:20912 174:21001 Originator: 66.28.1.228, Cluster list: 154.54.66.21, 66.28.1.9
Call it a "hunch" but I doubt 10.255.255.255 is a valid next-hop router.
On Fri, Feb 10, 2017 at 1:39 PM, Mike Hammett <nanog@ics-il.net> wrote:
Have we determined that this is intentional vs. some screw up?
----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com
Midwest-IX http://www.midwest-ix.com
----- Original Message -----
From: "Brielle Bruns" <bruns@2mbit.com> To: nanog@nanog.org Sent: Friday, February 10, 2017 12:28:53 PM Subject: Re: backbones filtering unsanctioned sites
On 2/9/17 9:18 PM, Ken Chase wrote:
cogent-blocks-pirate-bay-and-other-pirate-sites-170209/
/kc
Funny. Someone else got back:
"Abuse cannot not provide you a list of websites that may be encountering reduced visibility via Cogent"
I almost wish I had a Cogent circuit just to bring this up with an account rep. Almost.
I'd very much so view this as a contractual violation on Cogent's
This looks pretty intentional to me. From part.
Cogent keeps contacting me every year wanting to sell me service. This will be a good one to bring up when they call me next time.
-- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org / http://www.ahbl.org
Cogent's best friend to the rescue: http://bgp.he.net/ip/104.31.18.30#_dns Looks like mostly proxy/torrent sites on that IP address. -- Jason Canady Unlimited Net, LLC Responsive, Reliable, Secure On 2/11/17 5:11 PM, Marco Teixeira wrote:
So... i doubt CloudFlare allocates one ip per domain served... which means Cogent customers will be unable to access other CloudFlare proxied site, served by this same IP, for a particular geographic zone?
--- Marco
On Sat, Feb 11, 2017 at 8:44 PM, Alistair Mackenzie <magicsata@gmail.com> wrote:
Cogent confirmed on the phone that they are the ones who put the blackhole in place. This is after they closed our ticket twice without response.
Purposely didn't mention a website in the ticket yet they asked on the phone if it was regarding thepiratebay so they are very aware of this...
On 11 February 2017 at 15:18, Bryan Holloway <bryan@shout.net> wrote:
Yup, they do indeed. And for fun, I black-listed one of our IPs, and sure enough, the next-hop shows up as 10.255.255.255, and the communities are the same aside from what appear to be regional things.
--
BGP routing table entry for 66.253.214.90/32, version 638637516 Paths: (1 available, best #1, table Default-IP-Routing-Table) Flag: 0x820 23473 10.255.255.255 (metric 10177050) from 154.54.66.21 (154.54.66.21) Origin IGP, localpref 150, valid, internal, best Community: 174:990 174:20912 174:21001 174:22013 Originator: 66.28.1.228, Cluster list: 154.54.66.21, 66.28.1.9
On 2/10/17 1:49 PM, Alistair Mackenzie wrote:
Cogent also have a blackhole route-server that they will provide to you to announce /32's for blackholing.
The address for this is 66.28.1.228 which is the originator for the 104.31.19.30/3 <http://104.31.19.30/32>2 and 104.31.18.30/32 routes.
On 10 February 2017 at 18:46, Jason Rokeach <jason@rokeach.net> wrote:
http://www.cogentco.com/en/network/looking-glass:
BGP routing table entry for 104.31.18.30/32, version 611495773 Paths: (1 available, best #1, table Default-IP-Routing-Table) Local 10.255.255.255 (metric 10177050) from 154.54.66.21 (154.54.66.21) Origin IGP, metric 0, localpref 150, valid, internal, best Community: 174:990 174:20912 174:21001 Originator: 66.28.1.228, Cluster list: 154.54.66.21, 66.28.1.9
BGP routing table entry for 104.31.19.30/32, version 611495772 Paths: (1 available, best #1, table Default-IP-Routing-Table) Local 10.255.255.255 (metric 10177050) from 154.54.66.21 (154.54.66.21) Origin IGP, metric 0, localpref 150, valid, internal, best Community: 174:990 174:20912 174:21001 Originator: 66.28.1.228, Cluster list: 154.54.66.21, 66.28.1.9
Call it a "hunch" but I doubt 10.255.255.255 is a valid next-hop router. On Fri, Feb 10, 2017 at 1:39 PM, Mike Hammett <nanog@ics-il.net> wrote: Have we determined that this is intentional vs. some screw up?
----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com
Midwest-IX http://www.midwest-ix.com
----- Original Message -----
From: "Brielle Bruns" <bruns@2mbit.com> To: nanog@nanog.org Sent: Friday, February 10, 2017 12:28:53 PM Subject: Re: backbones filtering unsanctioned sites
On 2/9/17 9:18 PM, Ken Chase wrote:
> https://torrentfreak.com/internet-backbone-provider- > cogent-blocks-pirate-bay-and-other-pirate-sites-170209/
> /kc > > Funny. Someone else got back:
"Abuse cannot not provide you a list of websites that may be encountering reduced visibility via Cogent"
I almost wish I had a Cogent circuit just to bring this up with an account rep. Almost.
I'd very much so view this as a contractual violation on Cogent's
This looks pretty intentional to me. From part.
Cogent keeps contacting me every year wanting to sell me service. This will be a good one to bring up when they call me next time.
-- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org / http://www.ahbl.org
Looks like mostly proxy/torrent sites on that IP address.
That may be so. Maybe it isn’t particularly objectionable for Cogent to not to carry traffic to some particular destination that they don’t like. As you point out they already only offer a partial view of the Internet. What is very problematic is that they announce that this destination is reachable via them, and then drop traffic. This is a problem for the same reason that hijacking by announcing more specifics is a problem. The bgp tables become no longer a source of truth about reachability. If this kind of behaviour from transit networks becomes the norm, we are in big trouble. William Waites LFCS, School of Informatics, University of Edinburgh The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336.
Cogent seems to have been very very silent on the issue. Could this be because they got some police/NSA/FBI letter requiring confindentiality and requiring Cogent to snoop on all traffic to 104.31.19.30 , and along with agreeing to comply, blocked all the requested traffic which means that their cooperation yield logs of what IP has made a SYN to 104.31.18.30 but since that SYN went nowhere, contains no other information, so the agency gets its logs as requested, but with no actionable information in them ? That would explain the block AND Cogent being coy/silent on issue. This could be a "protect users" move even though on the surface Cogent appears to be the bad guy. The other question is whether other major backbone providers got the same order and complied without telling ayone nor taking any action to block. In my case, the ISP I used has local peering with Cloudfare, so not affected. Not sure what percentage of users have local transit-free connections.
Even more concerning, on the surface it looks like there could be some cooperation by Cloudflare. If you look at the list of domains that contain an A record for that IP, it's almost all torrent sites and mirrors. Could they have placed all these domains behind that IP for a purpose like this? http://bgp.he.net/ip/104.31.18.30#_dns -------- Original Message -------- Subject: Re: backbones filtering unsanctioned sites Local Time: February 13, 2017 2:53 PM UTC Time: February 13, 2017 9:53 PM From: jfmezei_nanog@vaxination.ca To: nanog@nanog.org Cogent seems to have been very very silent on the issue. Could this be because they got some police/NSA/FBI letter requiring confindentiality and requiring Cogent to snoop on all traffic to 104.31.19.30 , and along with agreeing to comply, blocked all the requested traffic which means that their cooperation yield logs of what IP has made a SYN to 104.31.18.30 but since that SYN went nowhere, contains no other information, so the agency gets its logs as requested, but with no actionable information in them ? That would explain the block AND Cogent being coy/silent on issue. This could be a "protect users" move even though on the surface Cogent appears to be the bad guy. The other question is whether other major backbone providers got the same order and complied without telling ayone nor taking any action to block. In my case, the ISP I used has local peering with Cloudfare, so not affected. Not sure what percentage of users have local transit-free connections.
* nanog@nanog.org (Patrick Boyle via NANOG) [Tue 14 Feb 2017, 14:16 CET]:
Even more concerning, on the surface it looks like there could be some cooperation by Cloudflare. If you look at the list of domains that contain an A record for that IP, it's almost all torrent sites and mirrors. Could they have placed all these domains behind that IP for a purpose like this?
Why wouldn't they try to limit collateral damage by censorious governments? Are you suggesting they instead hold their other customers hostage? -- Niels.
So risk avoidance on the part of the 100k other sites hosted by CF is now a conspiracy? I'm surprised it took this many years for something like this to happen. Wonder which LE in which country... Either way seems nothing too suspicious is going on here. Jared Mauch
On Feb 13, 2017, at 5:19 PM, Patrick Boyle via NANOG <nanog@nanog.org> wrote:
Even more concerning, on the surface it looks like there could be some cooperation by Cloudflare. If you look at the list of domains that contain an A record for that IP, it's almost all torrent sites and mirrors. Could they have placed all these domains behind that IP for a purpose like this?
On 2017-02-14 08:27, Jared Mauch wrote:
So risk avoidance on the part of the 100k other sites hosted by CF is now a conspiracy?
Cogent is a backbone network that is international in scope. When China tells a network to block the BBC that block happens only in China. If the USA wants to be like China and start blocking web sites it doesn't like, then it should only affect traffic in the USA. Google is a content company. Removing a company from its search results is a content issue, not a telecom issue. Cogent blocking an IP is a telecom issue and at least in canada should this be brought up at CRTC, would raise a Section 36 violation. And if transit providers start to block content, especially if they do not warn their ISP customers (so thei can warn their retail customers), then this is really not correct. In Canada, the supreme court has ruled, from different slants all reaching tghe conclusion that a neutral carrier is not responsible for the content that travels through its pipes. The second that carrier starts to exert control over content, it loses that immunity. Cogent blocking content affects traffic outside of the USA.
On Tue, Feb 14, 2017 at 1:10 PM, Jean-Francois Mezei < jfmezei_nanog@vaxination.ca> wrote:
On 2017-02-14 08:27, Jared Mauch wrote:
So risk avoidance on the part of the 100k other sites hosted by CF is now a conspiracy?
Cogent is a backbone network that is international in scope. When China tells a network to block the BBC that block happens only in China.
'when possible' (also, PRC is a special case...) you might make the analogy here to the singaporian 'block these 100 objectionable sites' law (since repealed I believe) though.
If the USA wants to be like China and start blocking web sites it doesn't like, then it should only affect traffic in the USA.
yes, because of course the networks in question here are built around national borders... and of course also on internal (to the nation) boundaries.. and of course even more granularly on the internal, internal national boundaries (country -> state -> county -. city -> burrough -> apt-building -> floor - door -> room -> person -> device clearly cogent did this as well)
Google is a content company. Removing a company from its search results is a content issue, not a telecom issue.
Cogent blocking an IP is a telecom issue and at least in canada should this be brought up at CRTC, would raise a Section 36 violation.
excellent, goodluck fellow traveler.
And if transit providers start to block content, especially if they do not warn their ISP customers (so thei can warn their retail customers), then this is really not correct.
sure, but... what about dhs/ice revocation of domains in com/net/org/etc? :)
In Canada, the supreme court has ruled, from different slants all reaching tghe conclusion that a neutral carrier is not responsible for the content that travels through its pipes. The second that carrier starts to exert control over content, it loses that immunity.
good thing cogent isn't a canadian company I suppose?
Cogent blocking content affects traffic outside of the USA.
it sure does, you might have luck bringing this up with your equivalent to the US State Department, no?
They exist: http://www.bloomberg.com/research/stocks/private/snapshot.asp?privcapId=2687... http://canadabizdb.com/company/3264874/cogent-canada-inc http://www.contracts-contrats.hc-sc.gc.ca/cfob/mssid/contractdisc.nsf/WEBbypurpose/A35BA8F8DB21C5E98525787E0066931A?OpenDocument&lang=eng& http://listings.ftb-companies-ca.com/l/112540553/Cogent-Canada-Inc-in-Toront... My cogent invoice: Cogent Canada, Inc. P.O.Box 46067 Postal Station A Toronto, Ontario M5W 4K9 [ Dont visit the Cogent Canada facebook page. Not quite the same industry. Or the @CogentCanada twitter feed. (Something about semen vouchers.) ] Anyway, they exist as a Canadian entity (and have even made submissions to the CRTC bitching about rulings favouring Bell), so they're certainly operating in Canada. Anyone wanna file a complaint to the CCTS in Canada? https://www.ccts-cprst.ca/ /kc On Tue, Feb 14, 2017 at 01:19:41PM -0500, Christopher Morrow said:
On Tue, Feb 14, 2017 at 1:10 PM, Jean-Francois Mezei < jfmezei_nanog@vaxination.ca> wrote:
On 2017-02-14 08:27, Jared Mauch wrote:
So risk avoidance on the part of the 100k other sites hosted by CF is now a conspiracy?
Cogent is a backbone network that is international in scope. When China tells a network to block the BBC that block happens only in China.
'when possible' (also, PRC is a special case...)
you might make the analogy here to the singaporian 'block these 100 objectionable sites' law (since repealed I believe) though.
If the USA wants to be like China and start blocking web sites it doesn't like, then it should only affect traffic in the USA.
yes, because of course the networks in question here are built around national borders... and of course also on internal (to the nation) boundaries.. and of course even more granularly on the internal, internal national boundaries (country -> state -> county -. city -> burrough -> apt-building -> floor - door -> room -> person -> device clearly cogent did this as well)
Google is a content company. Removing a company from its search results is a content issue, not a telecom issue.
Cogent blocking an IP is a telecom issue and at least in canada should this be brought up at CRTC, would raise a Section 36 violation.
excellent, goodluck fellow traveler.
And if transit providers start to block content, especially if they do not warn their ISP customers (so thei can warn their retail customers), then this is really not correct.
sure, but...
what about dhs/ice revocation of domains in com/net/org/etc? :)
In Canada, the supreme court has ruled, from different slants all reaching tghe conclusion that a neutral carrier is not responsible for the content that travels through its pipes. The second that carrier starts to exert control over content, it loses that immunity.
good thing cogent isn't a canadian company I suppose?
Cogent blocking content affects traffic outside of the USA.
it sure does, you might have luck bringing this up with your equivalent to the US State Department, no?
Ken Chase - math@sizone.org Guelph/Toronto Canada
Can anyone with a Cogent connection in Canada verify that they are impacted as well? Regards, Andrew Paolucci -------- Original Message -------- Subject: Re: backbones filtering unsanctioned sites Local Time: February 14, 2017 6:10 PM UTC Time: February 14, 2017 6:10 PM From: jfmezei_nanog@vaxination.ca To: nanog@nanog.org On 2017-02-14 08:27, Jared Mauch wrote:
So risk avoidance on the part of the 100k other sites hosted by CF is now a conspiracy?
Cogent is a backbone network that is international in scope. When China tells a network to block the BBC that block happens only in China. If the USA wants to be like China and start blocking web sites it doesn't like, then it should only affect traffic in the USA. Google is a content company. Removing a company from its search results is a content issue, not a telecom issue. Cogent blocking an IP is a telecom issue and at least in canada should this be brought up at CRTC, would raise a Section 36 violation. And if transit providers start to block content, especially if they do not warn their ISP customers (so thei can warn their retail customers), then this is really not correct. In Canada, the supreme court has ruled, from different slants all reaching tghe conclusion that a neutral carrier is not responsible for the content that travels through its pipes. The second that carrier starts to exert control over content, it loses that immunity. Cogent blocking content affects traffic outside of the USA.
* Andrew Paolucci:
Can anyone with a Cogent connection in Canada verify that they are impacted as well?
I think it's global. I tried sites in Canada and Germany, and the traces look like deliberate blocking of /32s. I don't have a BGP view for these sites, though. Why wouldn't it be global? If someone forces their hands, ISPs aren't shipping companies and can pick and choose where they comply.
If it's been decided that BGP communities will now be used for purposes other than internet traffic control, then perhaps Cloudflare would also be willing to put the hundreds of DDoS-attack-for-hire services they protect on a single IP so we can blackhole those as well? At least then we can use BGP communities to fight against internet censorship instead of engaging in it. https://www.google.com/search?q=ddos+booter On Tue, Feb 14, 2017 at 5:27 AM, Jared Mauch <jared@puck.nether.net> wrote:
So risk avoidance on the part of the 100k other sites hosted by CF is now a conspiracy?
I'm surprised it took this many years for something like this to happen. Wonder which LE in which country...
Either way seems nothing too suspicious is going on here.
Jared Mauch
On Feb 13, 2017, at 5:19 PM, Patrick Boyle via NANOG <nanog@nanog.org> wrote:
Even more concerning, on the surface it looks like there could be some cooperation by Cloudflare. If you look at the list of domains that contain an A record for that IP, it's almost all torrent sites and mirrors. Could they have placed all these domains behind that IP for a purpose like this?
On 2017-02-14 08:27, Jared Mauch wrote:
So risk avoidance on the part of the 100k other sites hosted by CF is now a conspiracy?
I'm surprised it took this many years for something like this to happen. Wonder which LE in which country...
Either way seems nothing too suspicious is going on here.
Jared Mauch
Looks like it was a court order issued recently in Spain. "Cogent CEO Dave Schaeffer yesterday confirmed to Ars that the company is complying with a court order issued recently in Spain." TPB was not actually the target, it was collateral. "But The Pirate Bay was not the subject of the court order, Schaeffer also confirmed."
From - https://arstechnica.com/tech-policy/2017/02/a-court-order-blocked-pirate-sit...
-- Sadiq Saif https://sadiqsaif.ca
On 2017-02-16 14:59, Sadiq Saif wrote:
From - https://arstechnica.com/tech-policy/2017/02/a-court-order-blocked-pirate-sit...
Many thanks. pardon my ignorance here, but question: For an outfit such as Cogent which acts not only as a transit provider, but also edge provider to large end users, can it easily implement such a court order to block only edge interfaces and not to its transit infrastructure? (aka: propagate null routes for 104.31.19.30 only to interfaces that lead to end users, but leave core/GBP aspects without the block.) Or is BGP and any internal routing protocols so intermingled that it becomes hard to manage such blocks ? The difficulty for network to block traffic becomes an important argument when trying to convince governments that blocking should not be done. (ex: Québec government wanting to block access to gambling sites except its own).
For transit maybe Cogent should have dropped the route, so they did not advertize a route to peers that included null routed parts. Den 16/02/2017 kl. 21.52 skrev Jean-Francois Mezei:
On 2017-02-16 14:59, Sadiq Saif wrote:
From - https://arstechnica.com/tech-policy/2017/02/a-court-order-blocked-pirate-sit...
Many thanks.
pardon my ignorance here, but question:
For an outfit such as Cogent which acts not only as a transit provider, but also edge provider to large end users, can it easily implement such a court order to block only edge interfaces and not to its transit infrastructure?
(aka: propagate null routes for 104.31.19.30 only to interfaces that lead to end users, but leave core/GBP aspects without the block.)
Or is BGP and any internal routing protocols so intermingled that it becomes hard to manage such blocks ?
The difficulty for network to block traffic becomes an important argument when trying to convince governments that blocking should not be done. (ex: Québec government wanting to block access to gambling sites except its own).
I am not familiar with Cogent’s architecture but why couldn’t they just null route the IP address at their edge routers from within Spain? I am not a lawyer but from what I understand, since the Spanish government has zero say on what goes on outside of their borders, a court order that may or may not have been issued is not a legal defense for blocking access around the world. Furthermore, I think that this should be viewed as a malicious act and not as unfortunate consequence or a breach of contract. As far as letting them off the hook because they only offer a partial view of the route table, our contract never anything about partial views. Force majeure only applies to thing they have no control over. For that to apply, the court order, if that’s what it was, would have to apply to every jurisdiction in which they operate. I am also skeptical of this court order, seeing as Ars was unable to independently verify. Disclaimer: We used to have Cogent transit and it was the single worst experience I have been through in my professional life. Every time I had to deal with them, it felt more like what I would dealing with the mobs that control much of Russia. Therefore, I am very hesitant to assume even the slightest bit of good faith towards them.
On Feb 16, 2017, at 5:06 PM, Baldur Norddahl <baldur.norddahl@gmail.com> wrote:
For transit maybe Cogent should have dropped the route, so they did not advertize a route to peers that included null routed parts.
Den 16/02/2017 kl. 21.52 skrev Jean-Francois Mezei:
On 2017-02-16 14:59, Sadiq Saif wrote:
From - https://arstechnica.com/tech-policy/2017/02/a-court-order-blocked-pirate-sit...
Many thanks.
pardon my ignorance here, but question:
For an outfit such as Cogent which acts not only as a transit provider, but also edge provider to large end users, can it easily implement such a court order to block only edge interfaces and not to its transit infrastructure?
(aka: propagate null routes for 104.31.19.30 only to interfaces that lead to end users, but leave core/GBP aspects without the block.)
Or is BGP and any internal routing protocols so intermingled that it becomes hard to manage such blocks ?
The difficulty for network to block traffic becomes an important argument when trying to convince governments that blocking should not be done. (ex: Québec government wanting to block access to gambling sites except its own).
* Todd Crane:
I am not familiar with Cogent’s architecture but why couldn’t they just null route the IP address at their edge routers from within Spain? I am not a lawyer but from what I understand, since the Spanish government has zero say on what goes on outside of their borders,
Of course they do, see the arrest of Augusto Pinochet. Due to the nature of mass copyright violation, it is likely that these sites violate the rights of Spanish copyright holders, and if such a violated party obtains a court order against an ISP, I see no reason why the violations should go on everywhere except Spain.
On Friday, 17 February, 2017 08:29, "Florian Weimer" <fw@deneb.enyo.de> said:
Of course they do, see the arrest of Augusto Pinochet.
Universal Jurisdiction is supposed to cover the likes of war crimes, torture, extrajudicial executions and genocide, that are generally agreed to be crimes against humanity as a whole, regardless of where they take place. Much as the copyright cartel would like to put any (perceived) loss of revenue into the same bracket, are you *really* advocating that copyright infringement belongs in that list?
Due to the nature of mass copyright violation, it is likely that these sites violate the rights of Spanish copyright holders, and if such a violated party obtains a court order against an ISP, I see no reason why the violations should go on everywhere except Spain.
The action isn't against the people infringing copyright, the sites (arguably) aiding them in infringing copyright, or even the company providing hosting services to those sites. It is, if the situation is being reported correctly, forcing a connectivity provider to block access to some elements of the hosting services *worldwide* based on the fact that it operates in one country. In my view, both far too many steps removed from the offence, and, more importantly, overly-broad in impact. Do you think the Chinese government should be able to force any voice provider operating in China to block any of their customers, anywhere in the world, from talking about Taiwan as an independent country? Do you think the Iranian government should be able to force any mobile phone company operating in Iran to implement a worldwide ban of Pokemon Go? If the answer to either of those questions is "no", can you explain why the jurisdiction should be limited in these cases, but not for Spanish copyright holders? (Note that I'm not talking about the "right" or "wrong" of those decisions within their respective jurisdiction, that's not relevant to where their jurisdiction extends.) Regards, Tim.
* > On Friday, 17 February, 2017 08:29, "Florian Weimer" <fw@deneb.enyo.de> said:
Of course they do, see the arrest of Augusto Pinochet.
Universal Jurisdiction is supposed to cover the likes of war crimes, torture, extrajudicial executions and genocide, that are generally agreed to be crimes against humanity as a whole, regardless of where they take place. Much as the copyright cartel would like to put any (perceived) loss of revenue into the same bracket, are you *really* advocating that copyright infringement belongs in that list?
I think the Spanish prosecutor claimed at the time that crimes were committed against Spaniards, too. So it's not quite a case of absolute universal jurisdiction. Assuming that Spanish copyright holders sought the court order, the situation isn't too different.
Due to the nature of mass copyright violation, it is likely that these sites violate the rights of Spanish copyright holders, and if such a violated party obtains a court order against an ISP, I see no reason why the violations should go on everywhere except Spain.
The action isn't against the people infringing copyright, the sites (arguably) aiding them in infringing copyright, or even the company providing hosting services to those sites. It is, if the situation is being reported correctly, forcing a connectivity provider to block access to some elements of the hosting services *worldwide* based on the fact that it operates in one country. In my view, both far too many steps removed from the offence, and, more importantly, overly-broad in impact.
There can be some debate whether a transit ISP should be subject to such an injunction, rather than a party closer to the source. But I don't see why if a Spanish court determines that Spanish law requires compliance by the ISP, the blocking order should be restricted to Spain. The rights are violated everywhere, after all. Sometimes, global compliance is just a cost of doing business locally.
Do you think the Chinese government should be able to force any voice provider operating in China to block any of their customers, anywhere in the world, from talking about Taiwan as an independent country?
Do you think the Iranian government should be able to force any mobile phone company operating in Iran to implement a worldwide ban of Pokemon Go?
If the answer to either of those questions is "no", can you explain why the jurisdiction should be limited in these cases, but not for Spanish copyright holders?
Iranian law appears to require permission for running nation-wide games, not games around the globe. Similarly, I doubt that Chinese law has a legal basis for demanding filtering of voice calls, but it's difficult to find confirmation for that. (I believe that a lot of service bans in China are enacted by the government upon encouragement from would-be competitors, but that does not make such bans legal according to Chinese law.) So the difference is that your hypothetical scenarios violate local laws.
* Jared Mauch:
So risk avoidance on the part of the 100k other sites hosted by CF is now a conspiracy?
Conspiracy is perhaps a bit too strong, but I would be annoyed if someone took my business, but then deliberately undermined the service they provide. Of course, if it's all part of the agreement, it's fine, but if it is not, it certainly looks like a crass net neutrality violation.
On Mon, Feb 13, 2017 at 4:53 PM, Jean-Francois Mezei < jfmezei_nanog@vaxination.ca> wrote:
Cogent seems to have been very very silent on the issue.
why would they say anything at all? it's blatantly clear what's happened, right? "lea order to block access" no explanation necessary.
Could this be because they got some police/NSA/FBI letter requiring confindentiality and requiring Cogent to snoop on all traffic to
unclear why you think snooping is happening? packets dont' return, nothing to sniff... this is just a blackhole.
104.31.19.30 , and along with agreeing to comply, blocked all the requested traffic which means that their cooperation yield logs of what IP has made a SYN to 104.31.18.30 but since that SYN went nowhere,
my guess is that: "all of the internet" is syn'ing to that IP, because "all of the internet" syns to all of my ips... scanning is always happening.
contains no other information, so the agency gets its logs as requested, but with no actionable information in them ?
you are pushing for a conspiracy where none must exist.
That would explain the block AND Cogent being coy/silent on issue.
they are not coy, the data is available.
This could be a "protect users" move even though on the surface Cogent appears to be the bad guy.
The other question is whether other major backbone providers got the same order and complied without telling ayone nor taking any action to block.
In my case, the ISP I used has local peering with Cloudfare, so not affected. Not sure what percentage of users have local transit-free connections.
On Fri, Feb 10, 2017 at 1:39 PM, Mike Hammett <nanog@ics-il.net> wrote:
Have we determined that this is intentional vs. some screw up?
if you look at the cogent LG it's pretty clear that the announce reachability for the /20 that includes the tpb /32.. and that the /32 is particularly routed elsewhere, and that the 'elsewhere' is coming form a bgp speaker who's DNS says something along the lines of: "blackhole"... so... err, either someone fat-fingered OR intentionally entered a /32 into the config management system :(
----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com
Midwest-IX http://www.midwest-ix.com
----- Original Message -----
From: "Brielle Bruns" <bruns@2mbit.com> To: nanog@nanog.org Sent: Friday, February 10, 2017 12:28:53 PM Subject: Re: backbones filtering unsanctioned sites
On 2/9/17 9:18 PM, Ken Chase wrote:
https://torrentfreak.com/internet-backbone-provider- cogent-blocks-pirate-bay-and-other-pirate-sites-170209/
/kc
Funny. Someone else got back:
"Abuse cannot not provide you a list of websites that may be encountering reduced visibility via Cogent"
I almost wish I had a Cogent circuit just to bring this up with an account rep. Almost.
I'd very much so view this as a contractual violation on Cogent's part.
Cogent keeps contacting me every year wanting to sell me service. This will be a good one to bring up when they call me next time.
-- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org / http://www.ahbl.org
And because they're continuing to announce the /20, we run into their blackhole unless we manually filter that /20. This is going to become unworkable in short order once a bigger chunk of the internet starts doing this. /kc On Fri, Feb 10, 2017 at 03:03:11PM -0500, Christopher Morrow said:
On Fri, Feb 10, 2017 at 1:39 PM, Mike Hammett <nanog@ics-il.net> wrote:
Have we determined that this is intentional vs. some screw up?
if you look at the cogent LG it's pretty clear that the announce reachability for the /20 that includes the tpb /32.. and that the /32 is particularly routed elsewhere, and that the 'elsewhere' is coming form a bgp speaker who's DNS says something along the lines of: "blackhole"...
so... err, either someone fat-fingered OR intentionally entered a /32 into the config management system :(
----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com
Midwest-IX http://www.midwest-ix.com
----- Original Message -----
From: "Brielle Bruns" <bruns@2mbit.com> To: nanog@nanog.org Sent: Friday, February 10, 2017 12:28:53 PM Subject: Re: backbones filtering unsanctioned sites
On 2/9/17 9:18 PM, Ken Chase wrote:
https://torrentfreak.com/internet-backbone-provider- cogent-blocks-pirate-bay-and-other-pirate-sites-170209/
/kc
Funny. Someone else got back:
"Abuse cannot not provide you a list of websites that may be encountering reduced visibility via Cogent"
I almost wish I had a Cogent circuit just to bring this up with an account rep. Almost.
I'd very much so view this as a contractual violation on Cogent's part.
Cogent keeps contacting me every year wanting to sell me service. This will be a good one to bring up when they call me next time.
-- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org / http://www.ahbl.org
-- Ken Chase - math@sizone.org Guelph/Toronto Canada Heavy Computing - Clued bandwidth, colocation and managed linux VPS @151 Front St. W.
On Fri, Feb 10, 2017 at 3:15 PM, Ken Chase <math@sizone.org> wrote:
And because they're continuing to announce the /20, we run into their blackhole unless we manually filter that /20. This is going to become unworkable in short order once a bigger chunk of the internet starts doing this.
I bet an answer from cogent here is: "you can always TE around 174" that's hard for end-users, but the direct customer can certainly do this... and yea, sucks :(
/kc
On Fri, Feb 10, 2017 at 1:39 PM, Mike Hammett <nanog@ics-il.net> wrote:
Have we determined that this is intentional vs. some screw up?
if you look at the cogent LG it's pretty clear that the announce reachability for the /20 that includes the tpb /32.. and that the /32 is particularly routed elsewhere, and that the 'elsewhere' is coming form a bgp speaker who's DNS says something along the lines of: "blackhole"...
so... err, either someone fat-fingered OR intentionally entered a /32 into the config management system :(
----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com
Midwest-IX http://www.midwest-ix.com
----- Original Message -----
From: "Brielle Bruns" <bruns@2mbit.com> To: nanog@nanog.org Sent: Friday, February 10, 2017 12:28:53 PM Subject: Re: backbones filtering unsanctioned sites
On 2/9/17 9:18 PM, Ken Chase wrote:
https://torrentfreak.com/internet-backbone-provider- cogent-blocks-pirate-bay-and-other-pirate-sites-170209/
/kc
Funny. Someone else got back:
"Abuse cannot not provide you a list of websites that may be encountering reduced visibility via Cogent"
I almost wish I had a Cogent circuit just to bring this up with an account rep. Almost.
I'd very much so view this as a contractual violation on Cogent's
On Fri, Feb 10, 2017 at 03:03:11PM -0500, Christopher Morrow said: part.
Cogent keeps contacting me every year wanting to sell me service. This will be a good one to bring up when they call me next time.
-- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org / http://www.ahbl.org
-- Ken Chase - math@sizone.org Guelph/Toronto Canada Heavy Computing - Clued bandwidth, colocation and managed linux VPS @151 Front St. W.
"Abuse cannot not provide you a list of websites that may be encountering reduced visibility via Cogent"
They could, if they kept a list of forward lookups they had done to get IPs that ended up in their blacklists. But just having the IPs it's impossible to get the whole list of possible hostnames that point at it (reverse records are singular, and often missing). Nonetheless, it'd be nice to know how a single IP got onto the list - and what Cogent's doing about situations where multiple other hostnames map onto the same ip. I have clietns that are Cogent customers, I'd just like to get informed before I bring the hammer down. /kc -- Ken Chase - math@sizone.org Guelph/Toronto Canada Heavy Computing - Clued bandwidth, colocation and managed linux VPS @151 Front St. W.
On Fri, Feb 10, 2017 at 2:08 PM, Ken Chase <math@sizone.org> wrote:
"Abuse cannot not provide you a list of websites that may be encountering reduced visibility via Cogent"
They could, if they kept a list of forward lookups they had done to get IPs
i think you mean passive-dns .. which is a thing, and exists. (mumble (passive total|farsight|deteque|....) mumble)
that ended up in their blacklists. But just having the IPs it's impossible to get the whole list of possible hostnames that point at it (reverse records are singular, and often missing).
Nonetheless, it'd be nice to know how a single IP got onto the list - and what Cogent's doing about situations where multiple other hostnames map onto the same ip.
it's totally possible that the list here is really just a court-order addition, right? I can't imagine that there is a cogent employee just evily twiddling pens and adding random ips to blacklists...
I have clietns that are Cogent customers, I'd just like to get informed before I bring the hammer down.
it's worth noting that fairly much every service provider has a provision like cogent's 'force majaure' clause which includes: '...any law, order, regulation...' so it seems safe to assume that there's some court order cogent reacted to :( we should fight that problem upstream.
/kc -- Ken Chase - math@sizone.org Guelph/Toronto Canada Heavy Computing - Clued bandwidth, colocation and managed linux VPS @151 Front St. W.
If its not just cogent then we have an even larger issue -- that theres asymetric application of rulings. So we should just assume that if we can't get to something via cogent then all backbones within the same jurisdiction(*) should or will also have the same sites/ips blocked soon? And that it wasnt a fat finger/typo/someone forgot to remove a block? So we're all just waiting for Level 3 to block TPB too, and we still havent seen a legal ruling/order anywhere? * for various values of 'jurisdiction', in a world where all network operators seeing a technical issue can immediately use their law degrees to guess at which jurisdiction where, when and for how long, installed the ban. (FAICT the ban on TPB @cogent is worldwide.) /kc On Fri, Feb 10, 2017 at 05:03:56PM -0500, Christopher Morrow said:
it's totally possible that the list here is really just a court-order addition, right? I can't imagine that there is a cogent employee just evily twiddling pens and adding random ips to blacklists...
[...]
so it seems safe to assume that there's some court order cogent reacted to :( we should fight that problem upstream.
-- Ken Chase - math@sizone.org Guelph/Toronto Canada Heavy Computing - Clued bandwidth, colocation and managed linux VPS @151 Front St. W.
On Fri, Feb 10, 2017 at 5:30 PM, Ken Chase <math@sizone.org> wrote:
If its not just cogent then we have an even larger issue -- that theres asymetric application of rulings. So we should just assume that if we can't get to something via cogent then all backbones within the same jurisdiction(*) should or will also have the same sites/ips
my experience (admittedly dated a bit) is that the people making the request really don't know :( they target who they think will fix their problem... sorta. good luck fellow travelers!
Since 104.31.19.30 is an anycast IP, is it possible that this isn't related to PirateBay but more related to Cogent having a dispute with Cloudfare ? It is counter intuitive for a transit provider to refuse business/traffic, but then again, Cogent has been involved in counter intuituve disputes in the past. I note that this has been going on since last night (at least). It hasn't been resolved, nor has Cogent issued a statement about it (or has it ?)
participants (22)
-
Alistair Mackenzie
-
Andrew Paolucci
-
Baldur Norddahl
-
Brielle Bruns
-
Bryan Holloway
-
Christopher Morrow
-
Florian Weimer
-
Jared Mauch
-
Jason Canady
-
Jason Rokeach
-
Jean-Francois Mezei
-
Ken Chase
-
Kyle Drake
-
Marco Teixeira
-
Mike Hammett
-
Niels Bakker
-
Patrick Boyle
-
Robert McKay
-
Sadiq Saif
-
tim@pelican.org
-
Todd Crane
-
William Waites