backbones filtering unsanctioned sites

Alistair Mackenzie magicsata at gmail.com
Sat Feb 11 20:44:23 UTC 2017


Cogent confirmed on the phone that they are the ones who put the blackhole
in place. This is after they closed our ticket twice without response.

Purposely didn't mention a website in the ticket yet they asked on the
phone if it was regarding thepiratebay so they are very aware of this...

On 11 February 2017 at 15:18, Bryan Holloway <bryan at shout.net> wrote:

> Yup, they do indeed. And for fun, I black-listed one of our IPs, and sure
> enough, the next-hop shows up as 10.255.255.255, and the communities are
> the same aside from what appear to be regional things.
>
> --
>
> BGP routing table entry for 66.253.214.90/32, version 638637516
> Paths: (1 available, best #1, table Default-IP-Routing-Table)
> Flag: 0x820
>   23473
>     10.255.255.255 (metric 10177050) from 154.54.66.21 (154.54.66.21)
>       Origin IGP, localpref 150, valid, internal, best
>       Community: 174:990 174:20912 174:21001 174:22013
>       Originator: 66.28.1.228, Cluster list: 154.54.66.21, 66.28.1.9
>
>
>
> On 2/10/17 1:49 PM, Alistair Mackenzie wrote:
>
>> Cogent also have a blackhole route-server that they will provide to you to
>> announce /32's for blackholing.
>>
>> The address for this is 66.28.1.228 which is the originator for the
>> 104.31.19.30/3 <http://104.31.19.30/32>2 and 104.31.18.30/32 routes.
>>
>>
>> On 10 February 2017 at 18:46, Jason Rokeach <jason at rokeach.net> wrote:
>>
>> This looks pretty intentional to me.  From
>>> http://www.cogentco.com/en/network/looking-glass:
>>>
>>> BGP routing table entry for 104.31.18.30/32, version 611495773
>>> Paths: (1 available, best #1, table Default-IP-Routing-Table)
>>>   Local
>>>     10.255.255.255 (metric 10177050) from 154.54.66.21 (154.54.66.21)
>>>       Origin IGP, metric 0, localpref 150, valid, internal, best
>>>       Community: 174:990 174:20912 174:21001
>>>       Originator: 66.28.1.228, Cluster list: 154.54.66.21, 66.28.1.9
>>>
>>> BGP routing table entry for 104.31.19.30/32, version 611495772
>>> Paths: (1 available, best #1, table Default-IP-Routing-Table)
>>>   Local
>>>     10.255.255.255 (metric 10177050) from 154.54.66.21 (154.54.66.21)
>>>       Origin IGP, metric 0, localpref 150, valid, internal, best
>>>       Community: 174:990 174:20912 174:21001
>>>       Originator: 66.28.1.228, Cluster list: 154.54.66.21, 66.28.1.9
>>>
>>>
>>> Call it a "hunch" but I doubt 10.255.255.255 is a valid next-hop router.
>>>
>>> On Fri, Feb 10, 2017 at 1:39 PM, Mike Hammett <nanog at ics-il.net> wrote:
>>>
>>> Have we determined that this is intentional vs. some screw up?
>>>>
>>>>
>>>>
>>>>
>>>> -----
>>>> Mike Hammett
>>>> Intelligent Computing Solutions
>>>> http://www.ics-il.com
>>>>
>>>> Midwest-IX
>>>> http://www.midwest-ix.com
>>>>
>>>> ----- Original Message -----
>>>>
>>>> From: "Brielle Bruns" <bruns at 2mbit.com>
>>>> To: nanog at nanog.org
>>>> Sent: Friday, February 10, 2017 12:28:53 PM
>>>> Subject: Re: backbones filtering unsanctioned sites
>>>>
>>>> On 2/9/17 9:18 PM, Ken Chase wrote:
>>>>
>>>>> https://torrentfreak.com/internet-backbone-provider-
>>>>>
>>>> cogent-blocks-pirate-bay-and-other-pirate-sites-170209/
>>>>
>>>>>
>>>>> /kc
>>>>>
>>>>>
>>>> Funny. Someone else got back:
>>>>
>>>> "Abuse cannot not provide you a list of websites that may be
>>>> encountering reduced visibility via Cogent"
>>>>
>>>> I almost wish I had a Cogent circuit just to bring this up with an
>>>> account rep. Almost.
>>>>
>>>> I'd very much so view this as a contractual violation on Cogent's part.
>>>>
>>>> Cogent keeps contacting me every year wanting to sell me service. This
>>>> will be a good one to bring up when they call me next time.
>>>>
>>>> --
>>>> Brielle Bruns
>>>> The Summit Open Source Development Group
>>>> http://www.sosdg.org / http://www.ahbl.org
>>>>
>>>>
>>>>
>>>


More information about the NANOG mailing list