ticketmaster.com 403 Forbidden

Tue Feb 7 17:05:31 UTC 2017

All,

Thank you for the suggestions. All (3) of the e-mail addresses associated with their ARIN records bounced back.

	Remote Server returned '< #5.7.133 smtp;550 5.7.133 RESOLVER.RST.SenderNotAuthenticatedForGroup; authentication required; Delivery restriction check failed because the sender was not authenticated when sending to this group>' 

It can be difficult for consumers to work these issues individually, so we reached out to the NANOG community for an assist. The problem seemed widespread and not isolated to single customers and referring them to a web form did not seem like an option.

Good news: I am making some progress with the Live Nation/Ticketmaster team.

	"Thank you for bringing this to our attention. We are conducting an investigation on suspicious activity that has been observed on the range of IP's are associated to your connectivity and will make every effort to do this as fast as possible."

Thank you all again for the help and I will keep the archive updated if we reach a repeatable resolution.

Regards,

Charles Manser | Principal Engineer I, Network Security 
Charles.Manser at charter.com

-----Original Message-----
From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of joel jaeggli
Sent: Monday, February 06, 2017 7:38 PM
To: Suresh Ramasubramanian <ops.lists at gmail.com>; mike.lyon at gmail.com; Ethan E. Dee <edee at globalvision.net>
Cc: Niels Bakker <niels=nanog at bakker.net>; nanog at nanog.org
Subject: Re: ticketmaster.com 403 Forbidden

On 2/6/17 8:49 AM, Suresh Ramasubramanian wrote:
> My guess is you have or had sometime in the long distant past a scalper operating on your network, using automated ticket purchase bots.
>
> If you still have that scalper around, you might want to turf him.  If he’s ancient history, saying so might induce them to remove the block.
Note that scalper bots benefit from pools of residential ip addresses to
work with in subverting the anti-bot countermeasures of ticket sale
platforms. so there are the legitimate possibility that subverted hosts
are being used for that sort of thing.
> --srs
>
> On 06/02/17, 8:45 AM, "nanog-bounces at nanog.org on behalf of mike.lyon at gmail.com" <nanog-bounces at nanog.org on behalf of mike.lyon at gmail.com> wrote:
>
>     Yup, i have a /22 that has the same problem. Support is useless...
>     
>     > On Feb 6, 2017, at 08:35, Ethan E. Dee <edee at globalvision.net> wrote:
>     > 
>     > It gives me a Forbidden error.
>     > It has for over a year.
>     > There support says they are not allowed to me why by their policy.
>     > it is across an entire /19.
>     > I gave up after the fifth time and encourage the customers to call them individually.
>     > 
>     >> On 02/06/2017 11:09 AM, Niels Bakker wrote:
>     >> * Charles.Manser at charter.com (Manser, Charles J) [Mon 06 Feb 2017, 16:21 CET]:
>     >>> It seems that browsing to ticketmaster.com or any of the associated IP addresses results in a 403 Forbidden for our customers today. Is anyone else having this issue?
>     >> 
>     >> http://help.ticketmaster.com/why-am-i-getting-a-blocked-forbidden-or-403-error-message/ 
>     >> 
>     >> 
>     >>    -- Niels.
>     > 
>     
>
>
>

E-MAIL CONFIDENTIALITY NOTICE: 
The contents of this e-mail message and any attachments are intended solely for the addressee(s) and may contain confidential and/or legally privileged information. If you are not the intended recipient of this message or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message and any attachments. If you are not the intended recipient, you are notified that any use, dissemination, distribution, copying, or storage of this message or any attachment is strictly prohibited.