This is why it is included in the Spamhaus Bad Reputation RPZ blocklist https://check.spamhaus.org/listed/?searchterm=mnihyc.com
Rick Wanner MSISE Enterprise CyberSecurity 2121 Saskatchewan Drive Regina, SK S4P 3Y2 c: 306.533.1812 e: [email protected]<mailto:[email protected]> SecURITy - Security You Are It! <https://www.twitter.com/namedeplume/> ________________________________ From: Slav Messetchkov <[email protected]> Sent: November 28, 2022 5:58 PM To: [email protected] <[email protected]> Cc: Takaya Ono <[email protected]>; Kim Huartson <[email protected]>; Rick Wanner <[email protected]> Subject: Routinator repository blacklisted Hello, We have been using Routinator as RPKI ROA proxy for several months now. Recently we noticed that the following sites, which are listed amongst Routinator’s repositories, have been blacklisted on Gremlins, and access to them is being blocked by our Spamhaus RPZ: rpki-rrdp.mnihyc.com rpki-rsync.mnihyc.com They are currently being blocked approximately 1000 times per day. List of Blacklists: List: DRBL vote node gremlin.ru Host: vote.drbl.gremlin.ru Rating: 3 List: DRBL work node gremlin.ru Host: work.drbl.gremlin.ru Rating: 3 Apparently this has been happening on and off for at least six months. Has anyone else run into that? Are these sites trustworthy? And more broadly, how is the Repositories’ security posture validated? In our experience the Spamhaus feed has a very low false-positive count, so for now we’re treating this as a threat and blocking it. If a site is compromised, is there a way to drop it from the list of Repositories, so that Routinator doesn’t send 1000s of unnecessary requests daily? Thanks in advance for any advice on this matter! Slav Messetchkov Sr. Engineer Core Network & Service Development SaskTel, TSI/NSD NOTICE: This confidential e-mail message is only for the intended recipients. If you are not the intended recipient, be advised that disclosing, copying, distributing, or any other use of this message, is strictly prohibited. In such case, please destroy this message and notify the sender.
-- RPKI mailing list [email protected] https://lists.nlnetlabs.nl/mailman/listinfo/rpki
