Fwd: [cooperation-wg] Massive IP blockings in Russia
Of possible interest to this group. Forwarding at Alexander’s suggestion, who says he has already shared info in the NANOG facebook group "(with updated prefixlist)". —Sandy
Begin forwarded message:
From: Alexander Isavnin <isavnin@gmail.com> Subject: [cooperation-wg] Massive IP blockings in Russia Date: April 17, 2018 at 1:36:33 PM EDT To: cooperation-wg@ripe.net
Dear colleagues!
I’m not pleased to inform you that RosComNadzor, a Russian Communication supervisory body, has started blocking huge ranges of IPs belonging to different cloud infrastructures, mostly Amazon and Google Cloud. Those ranges include: 13.52.0.0/14, 13.56.0.0/14, 18.184.0.0/15, 18.194.0.0/15, 18.196.0.0/15, 34.192.0.0/10, 34.240.0.0/13, 34.248.0.0/13, 35.156.0.0/14, 35.160.0.0/13, 35.176.0.0/15, 52.0.0.0/11, 52.192.0.0/11, 52.208.0.0/13, 52.28.0.0/15, 52.58.0.0/15, 54.144.0.0/12, 54.160.0.0/12, 54.228.0.0/15, 54.72.0.0/15, 54.88.0.0/16.
Russian ISPs MUST fully block all traffic to such networks. The list is frequently updated and gets automatically propagated to ISP every once in a while, failure to block any address may result in 1500eur fine. The infrastructure listed above is being added to the blocklist under “counter-terrorist and counter-extremist” order of the General Prosecutor Office, #27-31-2015/Id4082-15, issued in 2015 and often used for blocking an arbitrary unwanted content. The real reason for such blocking is an attempt to cut access to Telegram messenger, which refused to provide end-to-end encryption keys to the Federal Security Service (previously known as KGB). This is a case similar to San-Bernardino shooter’s, where the FBI was denied access to the shooter’s iPhone, but courts in Russia have made completely opposite decision. Telegram’s infrastructure is being blocked by a different decision by RosKomNadzor, #2-1779/2018. Cloud infrastructures are being blocked for massive proxy and VPN hosting used to dodge messenger blocking.
It is said, that more Apple and Google networks may be blocked soon for apps updates and push notifications delivery for Telegram.
We hope to still have the global IP connectivity to keep you informed about how the situation develops. Do not be surprised if some of your services placed in cloud infrastructures will miss Russian customers.
You can monitor the number of IP addresses, domains and URLs to be blocked in Russia at the https://2018.schors.spb.ru/ page (run by the famous ENOG community member Phil Kulin). Detailed information (also via API) is available at the https://reestr.rublacklist.net run by RosKomSvoboda civil society group.
Kind regards, Alexander Isavnin
Sent via RIPE Forum -- https://www.ripe.net/participate/mail/forum
I know I saw a significant number of suspicious routes from 31133 in the past day or two as well. There appears to be some pretty widespread bogus routing. - jared
On Apr 19, 2018, at 1:36 PM, Sandra Murphy <sandy@tislabs.com> wrote:
Of possible interest to this group.
Forwarding at Alexander’s suggestion, who says he has already shared info in the NANOG facebook group "(with updated prefixlist)".
—Sandy
Begin forwarded message:
From: Alexander Isavnin <isavnin@gmail.com> Subject: [cooperation-wg] Massive IP blockings in Russia Date: April 17, 2018 at 1:36:33 PM EDT To: cooperation-wg@ripe.net
Dear colleagues!
I’m not pleased to inform you that RosComNadzor, a Russian Communication supervisory body, has started blocking huge ranges of IPs belonging to different cloud infrastructures, mostly Amazon and Google Cloud. Those ranges include: 13.52.0.0/14, 13.56.0.0/14, 18.184.0.0/15, 18.194.0.0/15, 18.196.0.0/15, 34.192.0.0/10, 34.240.0.0/13, 34.248.0.0/13, 35.156.0.0/14, 35.160.0.0/13, 35.176.0.0/15, 52.0.0.0/11, 52.192.0.0/11, 52.208.0.0/13, 52.28.0.0/15, 52.58.0.0/15, 54.144.0.0/12, 54.160.0.0/12, 54.228.0.0/15, 54.72.0.0/15, 54.88.0.0/16.
Russian ISPs MUST fully block all traffic to such networks. The list is frequently updated and gets automatically propagated to ISP every once in a while, failure to block any address may result in 1500eur fine. The infrastructure listed above is being added to the blocklist under “counter-terrorist and counter-extremist” order of the General Prosecutor Office, #27-31-2015/Id4082-15, issued in 2015 and often used for blocking an arbitrary unwanted content. The real reason for such blocking is an attempt to cut access to Telegram messenger, which refused to provide end-to-end encryption keys to the Federal Security Service (previously known as KGB). This is a case similar to San-Bernardino shooter’s, where the FBI was denied access to the shooter’s iPhone, but courts in Russia have made completely opposite decision. Telegram’s infrastructure is being blocked by a different decision by RosKomNadzor, #2-1779/2018. Cloud infrastructures are being blocked for massive proxy and VPN hosting used to dodge messenger blocking.
It is said, that more Apple and Google networks may be blocked soon for apps updates and push notifications delivery for Telegram.
We hope to still have the global IP connectivity to keep you informed about how the situation develops. Do not be surprised if some of your services placed in cloud infrastructures will miss Russian customers.
You can monitor the number of IP addresses, domains and URLs to be blocked in Russia at the https://2018.schors.spb.ru/ page (run by the famous ENOG community member Phil Kulin). Detailed information (also via API) is available at the https://reestr.rublacklist.net run by RosKomSvoboda civil society group.
Kind regards, Alexander Isavnin
Sent via RIPE Forum -- https://www.ripe.net/participate/mail/forum
I guess this is already a big issue + this is going to be a problem for people attending the FIFA World Cup using information from the cloud (few people, no?) Ale, El 19/4/18 a las 1:36 p. m., Sandra Murphy escribió:
Of possible interest to this group.
Forwarding at Alexander’s suggestion, who says he has already shared info in the NANOG facebook group "(with updated prefixlist)".
—Sandy
Begin forwarded message:
From: Alexander Isavnin <isavnin@gmail.com> Subject: [cooperation-wg] Massive IP blockings in Russia Date: April 17, 2018 at 1:36:33 PM EDT To: cooperation-wg@ripe.net
Dear colleagues!
I’m not pleased to inform you that RosComNadzor, a Russian Communication supervisory body, has started blocking huge ranges of IPs belonging to different cloud infrastructures, mostly Amazon and Google Cloud. Those ranges include: 13.52.0.0/14, 13.56.0.0/14, 18.184.0.0/15, 18.194.0.0/15, 18.196.0.0/15, 34.192.0.0/10, 34.240.0.0/13, 34.248.0.0/13, 35.156.0.0/14, 35.160.0.0/13, 35.176.0.0/15, 52.0.0.0/11, 52.192.0.0/11, 52.208.0.0/13, 52.28.0.0/15, 52.58.0.0/15, 54.144.0.0/12, 54.160.0.0/12, 54.228.0.0/15, 54.72.0.0/15, 54.88.0.0/16.
Russian ISPs MUST fully block all traffic to such networks. The list is frequently updated and gets automatically propagated to ISP every once in a while, failure to block any address may result in 1500eur fine. The infrastructure listed above is being added to the blocklist under “counter-terrorist and counter-extremist” order of the General Prosecutor Office, #27-31-2015/Id4082-15, issued in 2015 and often used for blocking an arbitrary unwanted content. The real reason for such blocking is an attempt to cut access to Telegram messenger, which refused to provide end-to-end encryption keys to the Federal Security Service (previously known as KGB). This is a case similar to San-Bernardino shooter’s, where the FBI was denied access to the shooter’s iPhone, but courts in Russia have made completely opposite decision. Telegram’s infrastructure is being blocked by a different decision by RosKomNadzor, #2-1779/2018. Cloud infrastructures are being blocked for massive proxy and VPN hosting used to dodge messenger blocking.
It is said, that more Apple and Google networks may be blocked soon for apps updates and push notifications delivery for Telegram.
We hope to still have the global IP connectivity to keep you informed about how the situation develops. Do not be surprised if some of your services placed in cloud infrastructures will miss Russian customers.
You can monitor the number of IP addresses, domains and URLs to be blocked in Russia at the https://2018.schors.spb.ru/ page (run by the famous ENOG community member Phil Kulin). Detailed information (also via API) is available at the https://reestr.rublacklist.net run by RosKomSvoboda civil society group.
Kind regards, Alexander Isavnin
Sent via RIPE Forum -- https://www.ripe.net/participate/mail/forum
On 4/19/18 1:36 PM, Sandra Murphy wrote:
Russian ISPs MUST fully block all traffic to such networks. The list is frequently updated and gets automatically propagated to ISP every once in a while, failure to block any address may result in 1500eur fine.
Per day? That's a cost of doing business. Can we donate to pay it somewhere?
The infrastructure listed above is being added to the blocklist under “counter-terrorist and counter-extremist” order of the General Prosecutor Office, #27-31-2015/Id4082-15, issued in 2015 and often used for blocking an arbitrary unwanted content. The real reason for such blocking is an attempt to cut access to Telegram messenger, which refused to provide end-to-end encryption keys to the Federal Security Service (previously known as KGB).
Necessity is the plea for every infringement of human liberty. It is the argument of tyrants; it is the creed of slaves. -- William Pitt -- Bryan Fields 727-409-1194 - Voice http://bryanfields.net
Thanks for sharing, Note of caution - there is a mess going on with this blocking so if some IP range/domain is not in any list it doesn't necessary mean it is not blocked. Lists are created/updated pretty sporadically (e.g. the list does not say so but there are reports of blocked DigitalOCean nets 167.99.0.0/16 & 206.189.0.0/16 https://www.securitylab.ru/news/492749.php) . My 2 cents - once Russian Internet authorities get tired of chasing their own tail (any sysadmin knows you can't block ain't nothing by IP addresses today) they will stop this fruitless effort (but of course they cannot do it right now and lose the face) and things will be back to normal. On Thu, Apr 19, 2018 at 9:39 PM, Bryan Fields <Bryan@bryanfields.net> wrote:
On 4/19/18 1:36 PM, Sandra Murphy wrote:
Russian ISPs MUST fully block all traffic to such networks. The list is frequently updated and gets automatically propagated to ISP every once in a while, failure to block any address may result in 1500eur fine.
Per day? That's a cost of doing business. Can we donate to pay it somewhere?
The infrastructure listed above is being added to the blocklist under “counter-terrorist and counter-extremist” order of the General Prosecutor Office, #27-31-2015/Id4082-15, issued in 2015 and often used for blocking an arbitrary unwanted content. The real reason for such blocking is an attempt to cut access to Telegram messenger, which refused to provide end-to-end encryption keys to the Federal Security Service (previously known as KGB).
Necessity is the plea for every infringement of human liberty. It is the argument of tyrants; it is the creed of slaves. -- William Pitt -- Bryan Fields
727-409-1194 - Voice http://bryanfields.net
-- Taking challenges one by one. http://yurisk.info
participants (5)
-
Alejandro Acosta -
Bryan Fields -
Jared Mauch -
Sandra Murphy -
Yuri Slobodyanyuk