[cooperation-wg] Massive IP blockings in Russia

Jared Mauch jared at puck.nether.net
Thu Apr 19 18:22:00 UTC 2018


I know I saw a significant number of suspicious routes from 31133 in the past day or two as well.

There appears to be some pretty widespread bogus routing.

- jared

> On Apr 19, 2018, at 1:36 PM, Sandra Murphy <sandy at tislabs.com> wrote:
> 
> Of possible interest to this group.  
> 
> Forwarding at Alexander’s suggestion, who says he has already shared info in the NANOG facebook group "(with updated prefixlist)".
> 
> —Sandy
> 
>> Begin forwarded message:
>> 
>> From: Alexander Isavnin <isavnin at gmail.com>
>> Subject: [cooperation-wg] Massive IP blockings in Russia
>> Date: April 17, 2018 at 1:36:33 PM EDT
>> To: cooperation-wg at ripe.net
>> 
>> Dear colleagues!
>> 
>> I’m not pleased to inform you that RosComNadzor, a Russian Communication supervisory body, has started blocking huge ranges of IPs belonging to different cloud infrastructures, mostly Amazon and Google Cloud.
>> Those ranges include: 13.52.0.0/14, 13.56.0.0/14, 18.184.0.0/15, 18.194.0.0/15, 18.196.0.0/15, 34.192.0.0/10, 34.240.0.0/13, 34.248.0.0/13, 35.156.0.0/14, 35.160.0.0/13, 35.176.0.0/15, 52.0.0.0/11, 52.192.0.0/11, 52.208.0.0/13, 52.28.0.0/15, 52.58.0.0/15, 54.144.0.0/12, 54.160.0.0/12, 54.228.0.0/15, 54.72.0.0/15, 54.88.0.0/16.
>> 
>> Russian ISPs MUST fully block all traffic to such networks. The list is frequently updated and gets automatically propagated to ISP every once in a while, failure to block any address may result in 1500eur fine.  
>> The infrastructure listed above is being added to the blocklist under “counter-terrorist and counter-extremist” order of the General Prosecutor Office, #27-31-2015/Id4082-15, issued in 2015 and often used for blocking an arbitrary unwanted content.
>> The real reason for such blocking is an attempt to cut access to Telegram messenger, which refused to provide end-to-end encryption keys to the Federal Security Service (previously known as KGB). This is a case similar to San-Bernardino shooter’s, where the FBI was denied access to the shooter’s iPhone, but courts in Russia have made completely opposite decision.
>> Telegram’s infrastructure is being blocked by a different decision by RosKomNadzor, #2-1779/2018.
>> Cloud infrastructures are being blocked for massive proxy and VPN hosting used to dodge messenger blocking.
>> 
>> It is said, that more Apple and Google networks may be blocked soon for apps updates and push notifications delivery for Telegram.  
>> 
>> We hope to still have the global IP connectivity to keep you informed about how the situation develops.
>> Do not be surprised if some of your services placed in cloud infrastructures will miss Russian customers.
>> 
>> You can monitor the number of IP addresses, domains and URLs to be blocked in Russia at the https://2018.schors.spb.ru/ page (run by the famous ENOG community member Phil Kulin).
>> Detailed information (also via API) is available at the https://reestr.rublacklist.net run by RosKomSvoboda civil society group.
>> 
>> Kind regards,
>> Alexander Isavnin
>> 
>> Sent via RIPE Forum -- https://www.ripe.net/participate/mail/forum



More information about the NANOG mailing list