[cooperation-wg] Massive IP blockings in Russia
jared at puck.nether.net
Thu Apr 19 18:22:00 UTC 2018
I know I saw a significant number of suspicious routes from 31133 in the past day or two as well.
There appears to be some pretty widespread bogus routing.
> On Apr 19, 2018, at 1:36 PM, Sandra Murphy <sandy at tislabs.com> wrote:
> Of possible interest to this group.
> Forwarding at Alexander’s suggestion, who says he has already shared info in the NANOG facebook group "(with updated prefixlist)".
>> Begin forwarded message:
>> From: Alexander Isavnin <isavnin at gmail.com>
>> Subject: [cooperation-wg] Massive IP blockings in Russia
>> Date: April 17, 2018 at 1:36:33 PM EDT
>> To: cooperation-wg at ripe.net
>> Dear colleagues!
>> I’m not pleased to inform you that RosComNadzor, a Russian Communication supervisory body, has started blocking huge ranges of IPs belonging to different cloud infrastructures, mostly Amazon and Google Cloud.
>> Those ranges include: 126.96.36.199/14, 188.8.131.52/14, 184.108.40.206/15, 220.127.116.11/15, 18.104.22.168/15, 22.214.171.124/10, 126.96.36.199/13, 188.8.131.52/13, 184.108.40.206/14, 220.127.116.11/13, 18.104.22.168/15, 22.214.171.124/11, 126.96.36.199/11, 188.8.131.52/13, 184.108.40.206/15, 220.127.116.11/15, 18.104.22.168/12, 22.214.171.124/12, 126.96.36.199/15, 188.8.131.52/15, 184.108.40.206/16.
>> Russian ISPs MUST fully block all traffic to such networks. The list is frequently updated and gets automatically propagated to ISP every once in a while, failure to block any address may result in 1500eur fine.
>> The infrastructure listed above is being added to the blocklist under “counter-terrorist and counter-extremist” order of the General Prosecutor Office, #27-31-2015/Id4082-15, issued in 2015 and often used for blocking an arbitrary unwanted content.
>> The real reason for such blocking is an attempt to cut access to Telegram messenger, which refused to provide end-to-end encryption keys to the Federal Security Service (previously known as KGB). This is a case similar to San-Bernardino shooter’s, where the FBI was denied access to the shooter’s iPhone, but courts in Russia have made completely opposite decision.
>> Telegram’s infrastructure is being blocked by a different decision by RosKomNadzor, #2-1779/2018.
>> Cloud infrastructures are being blocked for massive proxy and VPN hosting used to dodge messenger blocking.
>> It is said, that more Apple and Google networks may be blocked soon for apps updates and push notifications delivery for Telegram.
>> We hope to still have the global IP connectivity to keep you informed about how the situation develops.
>> Do not be surprised if some of your services placed in cloud infrastructures will miss Russian customers.
>> You can monitor the number of IP addresses, domains and URLs to be blocked in Russia at the https://2018.schors.spb.ru/ page (run by the famous ENOG community member Phil Kulin).
>> Detailed information (also via API) is available at the https://reestr.rublacklist.net run by RosKomSvoboda civil society group.
>> Kind regards,
>> Alexander Isavnin
>> Sent via RIPE Forum -- https://www.ripe.net/participate/mail/forum
More information about the NANOG