I've told all Cogent reps that have ever called me that I would never, under any circumstances, use their service. even if they provided it to me free of charge...
Friends don't let friends use Cogent. -Mike On Thu, Jul 20, 2023 at 10:02 AM Mike Hammett <na...@ics-il.net> wrote: > > If they (or anyone else) want to give me free service to use as I see fit > (well, legally), I'll gladly accept their offer. > > > > ----- > Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com > > Midwest-IX > http://www.midwest-ix.com > > ________________________________ > From: "Tom Beecher" <beec...@beecher.cc> > To: "Matthew Petach" <mpet...@netflight.com> > Cc: nanog@nanog.org > Sent: Thursday, July 20, 2023 11:38:50 AM > Subject: Re: Cogent Abuse - Bogus Propagation of ASN 36471 > >> In short--I'm having a hard time understanding how a non-paying entity still >> has working connectivity and BGP sessions, which makes me suspect there's a >> different side to this story we're not hearing yet. ^_^; > > > I know Cogent has long offered very cheap transit prices, but this seems very > aggressive! :) > > On Thu, Jul 20, 2023 at 12:28 PM Matthew Petach <mpet...@netflight.com> wrote: >> >> >> >> On Thu, Jul 20, 2023 at 8:09 AM Pete Rohrman <prohr...@stage2networks.com> >> wrote: >>> >>> Ben, >>> >>> Compromised as in a nefarious entity went into the router and changed >>> passwords and did whatever. Everything advertised by that comprised router >>> is bogus. The compromised router is owned by OrgID: S2NL (now defunct). >>> AS 36471 belongs to KDSS-23. The compromised router does not belong to >>> Kratos KDSS-23, and is causing routing problems. The compromised router >>> needs to be shut down. The owner of the compromised router ceased >>> business, and there isn't anyone around to address this at S2NL. The only >>> people that can resolve this is Cogent. Cogent's defunct customer's >>> router was compromised, and is spewing out bogus advertisements. >>> >>> Pete >> >> >> >> Hi Pete, >> >> This seems a bit confusing. >> >> So, S2NL was a bill-paying customer of Cogent with a BGP speaking router. >> They went out of business, and stopped paying their Cogent bills. >> Cogent, out of the goodness of their hearts, continued to let a non-paying >> customer keep their connectivity up and active, and continued to freely >> import prefixes across BGP neighbors from this non-paying defunct customer. >> Now, someone else has gained access to this non-paying, defunct customer's >> router (which Cogent is still providing free connectivity to, out of the >> goodness of their hearts), and is generating RPKI-valid announcements from >> it, which have somehow not caused a flurry of messages on the outages list >> about prefix hijackings. >> >> The elements to your claim don't really seem to add up. >> 1) ISPs aren't famous for letting non-bill-paying customers stay connected >> for very long past the grace period on their billing cycle, let alone long >> after the company has gone belly-up. >> 2) It's not impossible to generate RPKI-valid announcements from a hijacked >> network, but it's very difficult to generate *bogus* RPKI-valid >> announcements from a compromised router--that's the whole point of RPKI, to >> be able to validate that the prefixes being announced from an origin are >> indeed the ones that are owned by that origin. >> >> Can you provide specific prefix and AS_PATH combinations being originated by >> that router that are "bogus" and don't belong to the router's ASN? >> >> If, however, what you meant is that the router used to be ASN XXXXX, and is >> now suddenly showing up as ASN 36471, and Cogent happily changed their BGP >> neighbor statements to match the new ASN, even though the entity no longer >> exists and hasn't been paying their bills for some time, then that would >> imply a level of complicity on Cogent's part that would make them unlikely >> to respond to your abuse reports. That would be a very strong allegation to >> make, and the necessary level of documented proof of that level of >> malfeasance would be substantial. >> >> In short--I'm having a hard time understanding how a non-paying entity still >> has working connectivity and BGP sessions, which makes me suspect there's a >> different side to this story we're not hearing yet. ^_^; >> >> Thanks! >> >> Matt >> >> >> >> >> > > -- Mike Lyon mike.l...@gmail.com http://www.linkedin.com/in/mlyon