Re: Increasing problems with geolocation/IPv4 access

[Crist Clark]

Are you sure it’s really geolocation blocks? Or is it anonymizer and VPN
service detection? The geoIP vendors typically sell both since one of
anonymizers’ top applications is to evade geolocation. Have customers using
peer-to-peer anonymizers wittingly or unwittingly? Customers with malware
or other PUPs hosting anonymizer services?


On Fri, Jan 20, 2023 at 5:16 PM Owen DeLong via NANOG 
wrote:

> What I’m actually looking for isn’t so much a soapbox but to find where
> the [bad] data is coming from so it can be updated as appropriate.  I’m
> also fine with telling the customer to phone the service/bank/whatnot
> (which is what I did in other cases and as much as I also personally
> dislike the centralization of the internet etc) - my customers do seem to
> really have good experience with a modern service like YoutubeTV (for
> example) - oh and it does IPv6 too.
>
>
> Tragically, there’s no license necessary to stand up a geolocation service
> and the only enforcement of quality standards comes from losing business if
> enough of their clients complain. Tragically, their clients don’t know that
> they need to complain because their customers don’t know to blame the
> appropriate service. All they know is that stuff is broken. (Sure, a few
> know that broken because bad Geo-IP, but we are in the minority).
>
> Since companies don’t generally disclose their Geo-IP source, there’s no
> ability to coordinate fixing stuff.
>
> If you see this and go back to the original post, I am interested if you
> have seen that prefix or any IP space within it, and if it comes from a
> feed or set of aggregated feeds etc, even the name of the company or
> source/resources there so I can try knocking on the door.
>
>
> I don’t see it in any of the few block-list feeds that I subscribe to.
> Best of luck in your search.
>
> I don’t use IP geo-location (for the very same reasons stated in my
> previous post), so I can’t help you there.
>
> Owen
>
>

Re: Increasing problems with geolocation/IPv4 access

[Owen DeLong via NANOG]

> What I’m actually looking for isn’t so much a soapbox but to find where the 
> [bad] data is coming from so it can be updated as appropriate.  I’m also fine 
> with telling the customer to phone the service/bank/whatnot (which is what I 
> did in other cases and as much as I also personally dislike the 
> centralization of the internet etc) - my customers do seem to really have 
> good experience with a modern service like YoutubeTV (for example) - oh and 
> it does IPv6 too.

Tragically, there’s no license necessary to stand up a geolocation service and 
the only enforcement of quality standards comes from losing business if enough 
of their clients complain. Tragically, their clients don’t know that they need 
to complain because their customers don’t know to blame the appropriate 
service. All they know is that stuff is broken. (Sure, a few know that broken 
because bad Geo-IP, but we are in the minority).

Since companies don’t generally disclose their Geo-IP source, there’s no 
ability to coordinate fixing stuff.

> If you see this and go back to the original post, I am interested if you have 
> seen that prefix or any IP space within it, and if it comes from a feed or 
> set of aggregated feeds etc, even the name of the company or source/resources 
> there so I can try knocking on the door.

I don’t see it in any of the few block-list feeds that I subscribe to. Best of 
luck in your search.

I don’t use IP geo-location (for the very same reasons stated in my previous 
post), so I can’t help you there.

Owen

Re: Increasing problems with geolocation/IPv4 access

[Jared Mauch]

> On Jan 20, 2023, at 8:02 PM, Owen DeLong  wrote:
> 
> I will repeat what I have been saying since the first discussions of the 
> concept of ip geo-location some decades ago…
> 
> An IP address is not tied to any of the following:
>   Location
>   Person
> 
> An IP address may be transiently tied to a host. The definition of transient 
> in this case can vary widely from a few seconds to multiple years.
> IP Addresses may be tied to an organization (though this is also usually some 
> level of transient).
> 
> Trying to pretend otherwise in any useful way is fraught.


I think sadly the counterbalance item is that there is some insurance 
underwriter or similar that wants a checkbox saying “yes there is a firewall” 
or “you do X,Y,Z”.

Or: Sure, I agree with you, and when I’m in Europe or similar and can’t access 
my (home) government stuff because they just have off-continent blocked is also 
an issue.

Also: water wet.

What I’m actually looking for isn’t so much a soapbox but to find where the 
[bad] data is coming from so it can be updated as appropriate.  I’m also fine 
with telling the customer to phone the service/bank/whatnot (which is what I 
did in other cases and as much as I also personally dislike the centralization 
of the internet etc) - my customers do seem to really have good experience with 
a modern service like YoutubeTV (for example) - oh and it does IPv6 too.

If you see this and go back to the original post, I am interested if you have 
seen that prefix or any IP space within it, and if it comes from a feed or set 
of aggregated feeds etc, even the name of the company or source/resources there 
so I can try knocking on the door.

- Jared

Re: Increasing problems with geolocation/IPv4 access

[Daniel Marks via NANOG]

Even worse, some don’t even bother taking you off a list or correcting their 
records. In these cases I’ve had great luck once our lawyers get involved, but 
that really only works for US-based companies.

Pretty sure the last company who used our IP space was just wrecking the 
internet for fun, took a while to get off of some large blocklists. At least it 
was an easy business justification to rapidly deploy IPv6…

Sent from my iPhone

> On Jan 20, 2023, at 19:50, Mike Lyon  wrote:
> 
> I’ve come to the conclusion that the geo-ip feed companies don’t give a damn 
> about the legitimacy of their information and don’t research any of it. They 
> just wait for the end user to complain to make the change.
> 
> Had one today, in fact.
> 
> They’re lame.
> 
> -Mike
> 
> 
> 
>> On Jan 20, 2023, at 16:33, Jared Mauch  wrote:
>> 
>> I’ve been seeing an increasing problem with IP space not having the ability 
>> to be used due to the behaviors of either geolocation or worse, people 
>> blocking IP space after it’s been in-use for a period of time.
>> 
>> Before I go back to someone at ARIN and say “your shiny unused 4.10 IP 
>> space” is non-functional and am at a place where I need to 
>> start/restart/respawn the timer, I have a few questions for people:
>> 
>> 1) Do you see 23.138.114.0/24 in any feeds from a security provider that say 
>> it can/should be blocked?  If so, I’d love to hear from you to track this 
>> down.  Over the new year we had some local schools start to block this IP 
>> space.
>> 
>> 2) many companies have geolocation feeds and services that exist and pull in 
>> data.  The reputable people are easy to find, there are those that are 
>> problematic from time-to-time (I had a few customers leave Sling due to the 
>> issues with that service).
>> 
>> 3) Have you had similar issues?  How are you chasing all the issues?  We’ve 
>> seen things from everything works except uploading check images to banks, to 
>> other financial service companies block the space our customers are in.  If 
>> we move them to another range this solves the problem.
>> 
>> 4) We do IPv6, these places aren’t IPv6 modern at all, so that’s no help.
>> 
>> 5) IRR+geofeed are published of course.  I’m thinking that it might be 
>> worthwhile that IP space have published placeholders when it’s well 
>> understood, eg: ARIN 4.9 space, I can predict what our next allocation would 
>> be, it would be great to have it be pre-warmed. 
>> 
>> I’ve only seen a few complaints against all our IP space over time, so I 
>> don’t think there’s anything malicious coming from the IP space to justify 
>> it, but it’s also possible they didn’t make it through.
>> 
>> If you’re with the FKA Savvis side, can you also ping me, I’d like to see if 
>> you can reach out to our most recent complaint source to see if we can find 
>> who is publishing this.  Same if you’re with Merit or the Michigan Statewide 
>> Educational Network - your teachers stopped being able to post to 
>> powerschool for their students over the new year break.  They’ve fed it up 
>> to their tech people towards the ISD.  Details available off-list.
>> 
>> Any insights are welcome, and as I said, I’d like to understand where the 
>> source list is as it starts out working then gradually breaks, so someone is 
>> publishing things and they are going out further.
>> 
>> - Jared


smime.p7s
Description: S/MIME cryptographic signature

Re: Increasing problems with geolocation/IPv4 access

[Owen DeLong via NANOG]

I will repeat what I have been saying since the first discussions of the 
concept of ip geo-location some decades ago…

An IP address is not tied to any of the following:
Location
Person

An IP address may be transiently tied to a host. The definition of transient in 
this case can vary widely from a few seconds to multiple years.
IP Addresses may be tied to an organization (though this is also usually some 
level of transient).

Trying to pretend otherwise in any useful way is fraught.

Unfortunately, it is not fraught enough. It works well enough often enough that 
the times it doesn’t work usually don’t impact the people monetizing it.

Owen


> On Jan 20, 2023, at 16:48, Mike Lyon  wrote:
> 
> I’ve come to the conclusion that the geo-ip feed companies don’t give a damn 
> about the legitimacy of their information and don’t research any of it. They 
> just wait for the end user to complain to make the change.
> 
> Had one today, in fact.
> 
> They’re lame.
> 
> -Mike
> 
> 
> 
>> On Jan 20, 2023, at 16:33, Jared Mauch  wrote:
>> 
>> I’ve been seeing an increasing problem with IP space not having the ability 
>> to be used due to the behaviors of either geolocation or worse, people 
>> blocking IP space after it’s been in-use for a period of time.
>> 
>> Before I go back to someone at ARIN and say “your shiny unused 4.10 IP 
>> space” is non-functional and am at a place where I need to 
>> start/restart/respawn the timer, I have a few questions for people:
>> 
>> 1) Do you see 23.138.114.0/24 in any feeds from a security provider that say 
>> it can/should be blocked?  If so, I’d love to hear from you to track this 
>> down.  Over the new year we had some local schools start to block this IP 
>> space.
>> 
>> 2) many companies have geolocation feeds and services that exist and pull in 
>> data.  The reputable people are easy to find, there are those that are 
>> problematic from time-to-time (I had a few customers leave Sling due to the 
>> issues with that service).
>> 
>> 3) Have you had similar issues?  How are you chasing all the issues?  We’ve 
>> seen things from everything works except uploading check images to banks, to 
>> other financial service companies block the space our customers are in.  If 
>> we move them to another range this solves the problem.
>> 
>> 4) We do IPv6, these places aren’t IPv6 modern at all, so that’s no help.
>> 
>> 5) IRR+geofeed are published of course.  I’m thinking that it might be 
>> worthwhile that IP space have published placeholders when it’s well 
>> understood, eg: ARIN 4.9 space, I can predict what our next allocation would 
>> be, it would be great to have it be pre-warmed. 
>> 
>> I’ve only seen a few complaints against all our IP space over time, so I 
>> don’t think there’s anything malicious coming from the IP space to justify 
>> it, but it’s also possible they didn’t make it through.
>> 
>> If you’re with the FKA Savvis side, can you also ping me, I’d like to see if 
>> you can reach out to our most recent complaint source to see if we can find 
>> who is publishing this.  Same if you’re with Merit or the Michigan Statewide 
>> Educational Network - your teachers stopped being able to post to 
>> powerschool for their students over the new year break.  They’ve fed it up 
>> to their tech people towards the ISD.  Details available off-list.
>> 
>> Any insights are welcome, and as I said, I’d like to understand where the 
>> source list is as it starts out working then gradually breaks, so someone is 
>> publishing things and they are going out further.
>> 
>> - Jared

Re: Increasing problems with geolocation/IPv4 access

[Jim Troutman]

This is a real and growing problem. I have some networks that have
experienced lengthy “no service” issues with streaming services such as
Disney+ due to this, and it took many customer generated complaints  and
“NANOG hallway level” type human back channel escalations to actually get
it addressed. And it still took months.

It would be Really Nice if the major streaming and other cloud service
companies actually had any sort of NOC that was reachable to open tickets
and resolve the issue. But that would require employing people with clues.

It is also sad how many orgs need a NANOG posting prompt to get anyone to
look at existing tickets on issues that get ignored for weeks or months.

On Fri, Jan 20, 2023 at 19:32 Jared Mauch  wrote:

> I’ve been seeing an increasing problem with IP space not having the
> ability to be used due to the behaviors of either geolocation or worse,
> people blocking IP space after it’s been in-use for a period of time.
>
> Before I go back to someone at ARIN and say “your shiny unused 4.10 IP
> space” is non-functional and am at a place where I need to
> start/restart/respawn the timer, I have a few questions for people:
>
> 1) Do you see 23.138.114.0/24 in any feeds from a security provider that
> say it can/should be blocked?  If so, I’d love to hear from you to track
> this down.  Over the new year we had some local schools start to block this
> IP space.
>
> 2) many companies have geolocation feeds and services that exist and pull
> in data.  The reputable people are easy to find, there are those that are
> problematic from time-to-time (I had a few customers leave Sling due to the
> issues with that service).
>
> 3) Have you had similar issues?  How are you chasing all the issues?
> We’ve seen things from everything works except uploading check images to
> banks, to other financial service companies block the space our customers
> are in.  If we move them to another range this solves the problem.
>
> 4) We do IPv6, these places aren’t IPv6 modern at all, so that’s no help.
>
> 5) IRR+geofeed are published of course.  I’m thinking that it might be
> worthwhile that IP space have published placeholders when it’s well
> understood, eg: ARIN 4.9 space, I can predict what our next allocation
> would be, it would be great to have it be pre-warmed.
>
> I’ve only seen a few complaints against all our IP space over time, so I
> don’t think there’s anything malicious coming from the IP space to justify
> it, but it’s also possible they didn’t make it through.
>
> If you’re with the FKA Savvis side, can you also ping me, I’d like to see
> if you can reach out to our most recent complaint source to see if we can
> find who is publishing this.  Same if you’re with Merit or the Michigan
> Statewide Educational Network - your teachers stopped being able to post to
> powerschool for their students over the new year break.  They’ve fed it up
> to their tech people towards the ISD.  Details available off-list.
>
> Any insights are welcome, and as I said, I’d like to understand where the
> source list is as it starts out working then gradually breaks, so someone
> is publishing things and they are going out further.
>
> - Jared

-- 
Jim Troutman,
jamesltrout...@gmail.com
Pronouns: he/him/his
207-514-5676 (cell)

Re: Increasing problems with geolocation/IPv4 access

[Mike Lyon]

I’ve come to the conclusion that the geo-ip feed companies don’t give a damn 
about the legitimacy of their information and don’t research any of it. They 
just wait for the end user to complain to make the change.

Had one today, in fact.

They’re lame.

-Mike



> On Jan 20, 2023, at 16:33, Jared Mauch  wrote:
> 
> I’ve been seeing an increasing problem with IP space not having the ability 
> to be used due to the behaviors of either geolocation or worse, people 
> blocking IP space after it’s been in-use for a period of time.
> 
> Before I go back to someone at ARIN and say “your shiny unused 4.10 IP space” 
> is non-functional and am at a place where I need to start/restart/respawn the 
> timer, I have a few questions for people:
> 
> 1) Do you see 23.138.114.0/24 in any feeds from a security provider that say 
> it can/should be blocked?  If so, I’d love to hear from you to track this 
> down.  Over the new year we had some local schools start to block this IP 
> space.
> 
> 2) many companies have geolocation feeds and services that exist and pull in 
> data.  The reputable people are easy to find, there are those that are 
> problematic from time-to-time (I had a few customers leave Sling due to the 
> issues with that service).
> 
> 3) Have you had similar issues?  How are you chasing all the issues?  We’ve 
> seen things from everything works except uploading check images to banks, to 
> other financial service companies block the space our customers are in.  If 
> we move them to another range this solves the problem.
> 
> 4) We do IPv6, these places aren’t IPv6 modern at all, so that’s no help.
> 
> 5) IRR+geofeed are published of course.  I’m thinking that it might be 
> worthwhile that IP space have published placeholders when it’s well 
> understood, eg: ARIN 4.9 space, I can predict what our next allocation would 
> be, it would be great to have it be pre-warmed. 
> 
> I’ve only seen a few complaints against all our IP space over time, so I 
> don’t think there’s anything malicious coming from the IP space to justify 
> it, but it’s also possible they didn’t make it through.
> 
> If you’re with the FKA Savvis side, can you also ping me, I’d like to see if 
> you can reach out to our most recent complaint source to see if we can find 
> who is publishing this.  Same if you’re with Merit or the Michigan Statewide 
> Educational Network - your teachers stopped being able to post to powerschool 
> for their students over the new year break.  They’ve fed it up to their tech 
> people towards the ISD.  Details available off-list.
> 
> Any insights are welcome, and as I said, I’d like to understand where the 
> source list is as it starts out working then gradually breaks, so someone is 
> publishing things and they are going out further.
> 
> - Jared

Increasing problems with geolocation/IPv4 access

[Jared Mauch]

I’ve been seeing an increasing problem with IP space not having the ability to 
be used due to the behaviors of either geolocation or worse, people blocking IP 
space after it’s been in-use for a period of time.

Before I go back to someone at ARIN and say “your shiny unused 4.10 IP space” 
is non-functional and am at a place where I need to start/restart/respawn the 
timer, I have a few questions for people:

1) Do you see 23.138.114.0/24 in any feeds from a security provider that say it 
can/should be blocked?  If so, I’d love to hear from you to track this down.  
Over the new year we had some local schools start to block this IP space.

2) many companies have geolocation feeds and services that exist and pull in 
data.  The reputable people are easy to find, there are those that are 
problematic from time-to-time (I had a few customers leave Sling due to the 
issues with that service).

3) Have you had similar issues?  How are you chasing all the issues?  We’ve 
seen things from everything works except uploading check images to banks, to 
other financial service companies block the space our customers are in.  If we 
move them to another range this solves the problem.

4) We do IPv6, these places aren’t IPv6 modern at all, so that’s no help.

5) IRR+geofeed are published of course.  I’m thinking that it might be 
worthwhile that IP space have published placeholders when it’s well understood, 
eg: ARIN 4.9 space, I can predict what our next allocation would be, it would 
be great to have it be pre-warmed. 

I’ve only seen a few complaints against all our IP space over time, so I don’t 
think there’s anything malicious coming from the IP space to justify it, but 
it’s also possible they didn’t make it through.

If you’re with the FKA Savvis side, can you also ping me, I’d like to see if 
you can reach out to our most recent complaint source to see if we can find who 
is publishing this.  Same if you’re with Merit or the Michigan Statewide 
Educational Network - your teachers stopped being able to post to powerschool 
for their students over the new year break.  They’ve fed it up to their tech 
people towards the ISD.  Details available off-list.

Any insights are welcome, and as I said, I’d like to understand where the 
source list is as it starts out working then gradually breaks, so someone is 
publishing things and they are going out further.

- Jared

Re: txt.att.net outage?

[John Levine]

It appears that Simmons, Jay via NANOG  said:
>-=-=-=-=-=-
>This may be the issue

Sorry, but no.

>Here are some details on this Government protocol implemented by all Telecom 
>Carriers.
>
>Why it is being done? To support FCC mandate for STIR/SHAKEN, an industry set 
>of rules designed to authenticate
>and validate CallerID information associated with phone calls using digital 
>signatures.
>
>SHAKEN/STIR ...

STIR/SHAKEN only affects voice calls.  It has nothing to do with SMS.

As several other people have said, if you're sending safety critical SMS 
messages, use
a real SMS service, not a carrier's courtesy low volume e-mail gateway.

SMS services are not free, but they are not expensive, typically about 1/2 cent 
per message.

R's,
John

Weekly Global IPv4 Routing Table Report

[Routing Table Analysis Role Account]

This is an automated weekly mailing describing the state of the Global
IPv4 Routing Table as seen from APNIC's router in Japan.

The posting is sent to APOPS, NANOG, AfNOG, SANOG, PacNOG, SAFNOG
TZNOG, MENOG, BJNOG, SDNOG, CMNOG, LACNOG and the RIPE Routing WG.

Daily listings are sent to bgp-st...@lists.apnic.net.

For historical data, please see https://thyme.apnic.net.

If you have any comments please contact Philip Smith .

IPv4 Routing Table Report   04:00 +10GMT Sat 21 Jan, 2023

  BGP Table (Global) as seen in Japan.

Report Website: https://thyme.apnic.net
Detailed Analysis:  https://thyme.apnic.net/current/

Analysis Summary


BGP routing table entries examined:  919460
Prefixes after maximum aggregation (per Origin AS):  347315
Deaggregation factor:  2.65
Unique aggregates announced (without unneeded subnets):  444984
Total ASes present in the Internet Routing Table: 74112
Prefixes per ASN: 12.41
Origin-only ASes present in the Internet Routing Table:   63597
Origin ASes announcing only one prefix:   26170
Transit ASes present in the Internet Routing Table:   10515
Transit-only ASes present in the Internet Routing Table:430
Average AS path length visible in the Internet Routing Table:   4.2
Max AS path length visible:  55
Max AS path prepend of ASN (265020)  50
Prefixes from unregistered ASNs in the Routing Table:   953
Number of instances of unregistered ASNs:   962
Number of 32-bit ASNs allocated by the RIRs:  41079
Number of 32-bit ASNs visible in the Routing Table:   34073
Prefixes from 32-bit ASNs in the Routing Table:  166405
Number of bogon 32-bit ASNs visible in the Routing Table:29
Special use prefixes present in the Routing Table:1
Prefixes being announced from unallocated address space:502
Number of addresses announced to Internet:   3063801088
Equivalent to 182 /8s, 157 /16s and 229 /24s
Percentage of available address space announced:   82.8
Percentage of allocated address space announced:   82.8
Percentage of available address space allocated:  100.0
Percentage of address space in use by end-sites:   99.6
Total number of prefixes smaller than registry allocations:  312168

APNIC Region Analysis Summary
-

Prefixes being announced by APNIC Region ASes:   240538
Total APNIC prefixes after maximum aggregation:   68701
APNIC Deaggregation factor:3.50
Prefixes being announced from the APNIC address blocks:  235601
Unique aggregates announced from the APNIC address blocks:97720
APNIC Region origin ASes present in the Internet Routing Table:   13254
APNIC Prefixes per ASN:   17.78
APNIC Region origin ASes announcing only one prefix:   3844
APNIC Region transit ASes present in the Internet Routing Table:   1775
Average APNIC Region AS path length visible:4.5
Max APNIC Region AS path length visible: 27
Number of APNIC region 32-bit ASNs visible in the Routing Table:   8514
Number of APNIC addresses announced to Internet:  773715072
Equivalent to 46 /8s, 29 /16s and 244 /24s
APNIC AS Blocks4608-4864, 7467-7722, 9216-10239, 17408-18431
(pre-ERX allocations)  23552-24575, 37888-38911, 45056-46079, 55296-56319,
   58368-59391, 63488-64098, 64297-64395, 131072-151865
APNIC Address Blocks 1/8,  14/8,  27/8,  36/8,  39/8,  42/8,  43/8,
49/8,  58/8,  59/8,  60/8,  61/8, 101/8, 103/8,
   106/8, 110/8, 111/8, 112/8, 113/8, 114/8, 115/8,
   116/8, 117/8, 118/8, 119/8, 120/8, 121/8, 122/8,
   123/8, 124/8, 125/8, 126/8, 133/8, 150/8, 153/8,
   163/8, 171/8, 175/8, 180/8, 182/8, 183/8, 202/8,
   203/8, 210/8, 211/8, 218/8, 219/8, 220/8, 221/8,
   222/8, 223/8,

ARIN Region Analysis Summary


Prefixes being announced by ARIN Region ASes:267202
Total ARIN prefixes after maximum aggregation:   121273
ARIN Deaggregation factor: 2.20
Prefixes being announced from the ARIN address blocks:   269209
Unique aggregates announced from the ARIN address blocks:129792
ARIN Region origin ASes present in the Internet Routing Table:19076
ARIN Prefixes per ASN:  

Level 3 A and B DNS resolvers

[Josh Luthman]

I'm well aware these are not to be used by the public for DNS.  My only
concern is that it's used as one of several external hosts to look outside
of our network.  This is monitored through Spectrum (Charter) in southwest
Ohio.  Maybe a closer server was taken offline or it was unplugged for a
coffee maker.  Just reaching out to see if there's any insight at all.

Since ~Dec 8 it looks like we added a bit of latency:
[image: image.png]

DNS resolution has had quite some issues since then:
[image: image.png]


 410 ms 9 ms 8 ms  lag-15.troyoh0901h.netops.charter.com
[65.189.190.189]
  517 ms14 ms13 ms  lag-39.dytnoh5501r.netops.charter.com
[65.29.38.112]
  610 ms10 ms10 ms  lag-28.rcr01clevohek.netops.charter.com
[65.29.1.46]
  715 ms40 ms10 ms  lag-2-100.rpr01cleyohdh.netops.charter.com
[65.29.33.239]
  8 *** Request timed out.
  918 ms17 ms17 ms  ae2.3601.ear1.Washington12.level3.net
[4.69.148.45]
 1018 ms17 ms17 ms  a.resolvers.level3.net [4.2.2.1]


Josh Luthman
24/7 Help Desk: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

RE: txt.att.net outage?

[Simmons, Jay via NANOG]

This may be the issue

Here are some details on this Government protocol implemented by all Telecom 
Carriers.

Why it is being done? To support FCC mandate for STIR/SHAKEN, an industry set 
of rules designed to authenticate and validate CallerID information associated 
with phone calls using digital signatures.

SHAKEN/STIR is a framework of interconnected standards. SHAKEN/STIR are 
acronyms for Signature-based Handling of Asserted Information Using tokens 
(SHAKEN) and the Secure Telephone Identity Revisited (STIR) standards.

What is the benefit to the clients being impacted (what do they get as a 
result)? Provide a means to mitigate/eliminate illegally spoofed calls from 
RoboCallers.






From: NANOG  On Behalf Of 
Tim Burke
Sent: Friday, January 20, 2023 8:21 AM
To: Dan Walters ; nanog@nanog.org list 
Subject: Re: txt.att.net outage?

EXTERNAL EMAIL
FWIW, AT&T does not suggest using the txt.att.net email for 
anything critical. In a previous role I handled public safety CAD, and AT&T 
(and Verizon, if I remember correctly) made it very clear that if you want to 
be able to send anything other than a miniscule volume of texts through the 
email-to-SMS gateway, you would need to pay for their enterprise messaging 
service.

If the public safety agency/agencies in question subscribe to the FirstNet 
service, they should be able to reach out to their principal consultant 
(account team) and get a good resolution.

V/r
Tim


From: NANOG 
mailto:nanog-bounces+tim=mid@nanog.org>>
 on behalf of Dan Walters via NANOG mailto:nanog@nanog.org>>
Sent: Thursday, January 19, 2023 10:09 PM
To: nanog@nanog.org
Subject: txt.att.net outage?


Know this is a longshot, any chance anyone from the 
txt.att.net domain might be able to help us with what we 
believe is a blacklist block or possibly an outage?

We deal with 911 cad dispatching and is affecting first responders so looking 
to see if there is a faster way to resolution.



Thanks, in advance.





Daniel Walters

Sr. Systems Admin

Phone: 866.421.2374 ext.6213

daniel.walt...@omnigo.com

[cid:image001.png@01D92C52.BEDD12C0]

[cid:image002.png@01D92C52.BEDD12C0][cid:image003.png@01D92C52.BEDD12C0] 
[cid:image004.png@01D92C52.BEDD12C0]

Re: txt.att.net outage?

[Martin Hannigan]

On Fri, Jan 20, 2023 at 9:15 AM William Herrin  wrote:

> On Thu, Jan 19, 2023 at 8:09 PM Dan Walters via NANOG 
> wrote:
> > Know this is a longshot, any chance anyone from the txt.att.net domain
> might be able to help us with what we believe is a blacklist block or
> possibly an outage?
> > We deal with 911 cad dispatching and is affecting first responders so
> looking to see if there is a faster way to resolution.
>
> Hi Dan,
>
> As I understand it, txt.att.net is a low-volume courtesy service not
> intended for important communications. A paid service like Twilio can
> handle production-grade SMS delivery.
>
>
>
I think ChatGPT agrees with you:

txt.att.net is a domain owned by AT&T, a large American telecommunications
company. It is typically used to send and receive text messages, and it is
generally considered a reliable resource for this purpose. However, as with
any online service, it is possible for issues to arise, such as delays in
delivery or errors in sending messages. It is also worth noting that
txt.att.net is a free service, so it might not have the same level of
security or reliability as a paid service. If you have any specific
concerns or experience issues with txt.att.net, it's best to contact AT&T
customer service for assistance.

;-)

Warm regards,

-M<

Re: txt.att.net outage?

[Aaron de Bruyn via NANOG]

txt.att.net  is returning MX records and those machines 
don't have port 444 open...

Wouldn't you want to be sending something like a SNPP message instead? It's a 
much less convoluted delivery process and is almost real-time (no queuing).

I guess it's been a decade or so since I've dealt with emergency services and 
paging...is SNPP even a thing anymore?

I looked at some old code I wrote 
(https://github.com/darkpixel/snppsend/blob/master/more-providers 
), and it 
doesn't look like snpp.attws.net  exists.

-A

On Fri Jan 20, 2023, 02:12 PM GMT, William Herrin  wrote:
> On Thu, Jan 19, 2023 at 8:09 PM Dan Walters via NANOG  wrote:
>> Know this is a longshot, any chance anyone from the txt.att.net domain might 
>> be able to help us with what we believe is a blacklist block or possibly an 
>> outage?
>> We deal with 911 cad dispatching and is affecting first responders so 
>> looking to see if there is a faster way to resolution.
>
> Hi Dan,
>
> As I understand it, txt.att.net is a low-volume courtesy service not
> intended for important communications. A paid service like Twilio can
> handle production-grade SMS delivery.
>
> Regards,
> Bill Herrin
>
> --
> For hire. https://bill.herrin.us/resume/

Re: txt.att.net outage?

[Tim Burke]

FWIW, AT&T does not suggest using the txt.att.net email for anything critical. 
In a previous role I handled public safety CAD, and AT&T (and Verizon, if I 
remember correctly) made it very clear that if you want to be able to send 
anything other than a miniscule volume of texts through the email-to-SMS 
gateway, you would need to pay for their enterprise messaging service.

If the public safety agency/agencies in question subscribe to the FirstNet 
service, they should be able to reach out to their principal consultant 
(account team) and get a good resolution.

V/r
Tim


From: NANOG  on behalf of Dan Walters via 
NANOG 
Sent: Thursday, January 19, 2023 10:09 PM
To: nanog@nanog.org
Subject: txt.att.net outage?


Know this is a longshot, any chance anyone from the txt.att.net domain might be 
able to help us with what we believe is a blacklist block or possibly an outage?

We deal with 911 cad dispatching and is affecting first responders so looking 
to see if there is a faster way to resolution.



Thanks, in advance.





Daniel Walters

Sr. Systems Admin

Phone: 866.421.2374 ext.6213

daniel.walt...@omnigo.com

[cid:image001.png@01D92C52.BEDD12C0]

[cid:image002.png@01D92C52.BEDD12C0][cid:image003.png@01D92C52.BEDD12C0] 
[cid:image004.png@01D92C52.BEDD12C0]

Re: txt.att.net outage?

[William Herrin]

On Thu, Jan 19, 2023 at 8:09 PM Dan Walters via NANOG  wrote:
> Know this is a longshot, any chance anyone from the txt.att.net domain might 
> be able to help us with what we believe is a blacklist block or possibly an 
> outage?
> We deal with 911 cad dispatching and is affecting first responders so looking 
> to see if there is a faster way to resolution.

Hi Dan,

As I understand it, txt.att.net is a low-volume courtesy service not
intended for important communications. A paid service like Twilio can
handle production-grade SMS delivery.

Regards,
Bill Herrin

-- 
For hire. https://bill.herrin.us/resume/

txt.att.net outage?

[Dan Walters via NANOG]

Know this is a longshot, any chance anyone from the txt.att.net domain might be 
able to help us with what we believe is a blacklist block or possibly an outage?
We deal with 911 cad dispatching and is affecting first responders so looking 
to see if there is a faster way to resolution.

Thanks, in advance.


Daniel Walters
Sr. Systems Admin
Phone: 866.421.2374 ext.6213
daniel.walt...@omnigo.com
[cid:image001.png@01D92C52.BEDD12C0]
[cid:image002.png@01D92C52.BEDD12C0][cid:image003.png@01D92C52.BEDD12C0] 
[cid:image004.png@01D92C52.BEDD12C0]