Help with removing DNS shinkhole FP from Charter/Spectrum

• Previous message (by thread): Help with removing DNS shinkhole FP from Charter/Spectrum
• Next message (by thread): Help with removing DNS shinkhole FP from Charter/Spectrum
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Bill,

I'm not sure where you saw that message, but I got this message via email
after I submitted an unblock request with Spectrum Shield:

> We have reviewed your request to unblock validin.com. This site was not
found to be blocked by Spectrum Shield and should be accessible from your
browser.
>
> Thank you,
>
> Spectrum

My company's domain got caught up in some lazy copy/pasting from this blog
post last year that cited my company as a source for the data. Someone
copy/pasted the whole page, which included my company's domain name, and
that made it to a few AV OTX pulses and VT collections:
https://gi7w0rm.medium.com/uncovering-ddgroup-a-long-time-threat-actor-d3b3020625a4

I've cleaned up everything I could from that botched blocklist aggregation.
However, there's no correction process for Spectrum's DNS sinkhole, and I'm
not even sure that's how our domain got mixed up there. The support staff
I've spoken with have denied the existence of DNS sinkholing at Spectrum,
and demonstrated they lack the basic technical sophistication needed to
understand the concept. They've each ultimately told me that each affected
customer would need to reach out to the Spectrum customer service, which
would then help that customer change their DNS settings to another DNS
provider. Of course, the last thing I'd want to do with a potential
customer is ask them to go through that painful process. I also have no
idea how many potential users or customers can't reach me and simply give
up without letting me know.

Lastly, I AM a Spectrum customer. My home internet service is Spectrum. If
it weren't for that, I'd be truly SOL because support would just ignore me.
But, they they claim the issue is resolved from their perspective because I
can simply change my DNS settings.

But back to the topic: someone mentioned to me that Spectrum may not be the
direct providers for the DNS services they provide to their customers. If
anyone knows anything about how I might discover and reach out to the
people responsible, please let me know. :-)

Regards,

Kenneth

On Mon, Apr 22, 2024 at 8:07 PM Christopher Morrow <morrowc.lists at gmail.com>
wrote:

> “We checked the website you are trying to access for malicious and
> spear-phishing content and found it likely to be unsafe.”
>
> perhaps charter thinks there's a reason to not permit folks to access
> a possibly dangerous site?
> (it's also possible it just got cough up amongst some other stuff in
> the hosting provider's space, nothing jumps out in passive-dns
> lokoups.)
>
> On Mon, Apr 22, 2024 at 7:39 PM William Herrin <bill at herrin.us> wrote:
> >
> > On Mon, Apr 22, 2024 at 4:00 PM John Levine <johnl at iecc.com> wrote:
> > > It appears that William Herrin <bill at herrin.us> said:
> > > >If you can't reach a technical POC, use the legal one. Your lawyer can
> >
> > > The only response to a letter like that is "we run our network to
> > > serve our customers and manage it the way we think is best" and you
> > > know what, they're right.
> >
> > Hi John,
> >
> > Respectfully, you're mistaken. Look up "tortious interference."
> >
> > Operators have considerable legal leeway to block traffic for cause,
> > or even by mistake if corrected upon notification, but a lawyer who
> > blows off a cease-and-desist letter without investigating it with the
> > tech staff has committed malpractice. The lawyer doesn't want to
> > commit malpractice. You write the lawyer via certified mail, he's
> > going to talk to the tech staff and you're going to get a response. At
> > that point, you have an open communication pathway to get things
> > fixed. Which was the problem to be solved.
> >
> >
> > > Having said that, I suspect the least bad alternative if you can't
> > > find an out of band contact is to get some of the Spectrum customers
> > > who can't reach you to complain. They're customers, you aren't.
> >
> > My results going through the support front-door at large companies for
> > oddball problems have been less than stellar. Has your experience
> > truly been different?
> >
> > Regards,
> > Bill Herrin
> >
> >
> > --
> > William Herrin
> > bill at herrin.us
> > https://bill.herrin.us/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20240422/fac0308c/attachment.html>

• Previous message (by thread): Help with removing DNS shinkhole FP from Charter/Spectrum
• Next message (by thread): Help with removing DNS shinkhole FP from Charter/Spectrum
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]