Re: Spectrum technical contact
Is this the right Spectrum? There's one that's aka Wave and are pretty good and incredibly responsive to abuse reports, and then there's Spectrum Cable/Charter, which is on par with residential Comcast service. On Fri, Dec 21, 2018, at 2:01 PM, Bryan Holloway wrote: > http://as11404.net/communities.html > > 11404:666 is probably what you want.
Re: Facebook doesn't have a route to my ISP's (Cogeco) IPv6 space?
Cogeco is not related to Cogent On Thu, Dec 20, 2018, at 0:0.366 AM, David Guo via NANOG写: > It's problem from Cogentco, they do not have IPv6 peer with HE.net and Google
Re: Google Captcha
- Not being signed in to a Google account with a verified phone number
- Searching complex things that look like dorks ("powered by vbulletin",
"xxx v0.0.1", etc), can trigger within a page or two sometimes
- Does this end user lease any IPs from brokers or otherwise? - on
extremely, very, very dirty/dangerous/bad netblocks used almost
entirely for fraud, bots, ddos, etc before (google Methbot; example of
a few that almost certainly gets high risk penalized on everything:
https://bgp.he.net/search?search%5Bsearch%5D=%22Cloud+innovation%22+or+%22cloudinnovation%22+or+%22larus%22+or+%22netstack%22+or+%22DET+Africa%22+or+%22Digital+Energy%22+or+%22GZ+Systems%22&commit=Search
)
- Blocking cookies
- Malware using you as a proxy is also a thing - a lot of the proxy
sellers (google for backconnect, reverse backconnect, etc) entirely
run off malware, botnet, etc. They are often used for checkout/stolen
credit cards/"carding"/L7 http flooding services such as Shopify and
Nike. This will result in extremely persistent "bans" from recaptcha
because virtually all of these checkout sites utilise it
On Fri, Sep 14, 2018, at 9:31 AM, Justin Wilson wrote:
> In the experience of the community what causes the “Unusual traffic”
> messages when doing google searches? This ISP network hands out public
> IP addresses to each and every customer. No batting going on. Does
> Google typically drop entire /24’s into this if they see an issue?
> The initial troubleshooting we have done involves disconnecting the
> customer router and going direct with a laptop. Still the same
> captcha. We clock “I am not a robot” and the search goes through, but
> it re-appaers the next search.>
> Looking for a direction to look. What typically causes this? I know
> what the page says, but looking for specifics.>
> Thanks
>
>
> Justin Wilson
> j...@mtin.net
>
> www.mtin.net
> www.midwest-ix.com
Re: Avast / Privax abuse contact
On Wed, Aug 1, 2018, at 10:11 AM, Matt Harris wrote: > Anybody know anyone at or anything about Privax or Avast? AS 198605 is > announcing the problem networks. Chances are slim you'll get a useful response. Crappy "HIDE YOUR ACTIVITY TORRENT FREELY" VPN provider that has a TON of abusive traffic, tons of IP space with falsified whois data and falsified country/geolocation info.
Re: Blizzard, Battle.net connectivity issues
Out of curiosity, are you using one of those cheap dirty "misused outside of region" Afrinic blocks? They keep trying (and spamming the crap out of a few forums) to offload them to ISPs temporarily for cheap so that the ISPs will get them cleaned up and marked as residential, then resold/abused afterward for fraud/vpn/bots. On Tue, Jul 17, 2018, at 7:39 PM, Michael Crapse wrote: > Could I get an off list reply from blizzard engineers. Your email system is > blocking our emails as spam, and I'm trying to resolve some geolocation > issues that disallow our mutual customers to access your services. Thank you > > Michael Crapse > Wi-Fiber, Inc.
Re: Cloudflare 1.1.1.1 public DNS broken w/ AT&T CPE
On Mon, Apr 2, 2018, at 8:35 AM, Simon Lockhart wrote: > quad-digit IP. They must have known that this would cause routing issues, and > now suddenly it's our responsibility to make significant changes to live > infrastructures just so they can continue to look clever with the IP address. In this case, one only broke their own infrastructure by doing bad things or "being clever" by misusing space that isn't theirs in unintended ways; people doing things correctly would not have this issue...
Re: Yet another Quadruple DNS?
On Sat, Mar 31, 2018, at 2:18 PM, Mehmet Akcin wrote: > Very disappointing to see a popular prefix being allocated/reseved for > research then being allocated to a company without public consultation. I > am sure APNIC community will ask APNIC Sr. management for an explanation. > > This prefix , if it will be given to any business , should go thru a > transparent bidding process OR regular APNIC allocation process > transprently. > >From what I can tell, this has not been "allocated" (probably closer to a >LOA)? All contacts and maintainers on the inetnum object are still APNIC's, >Cloudflare does not have free access to do whatever they want here.
Re: Proof of ownership; when someone demands you remove a prefix
I've seen this type of situation come up more than a few times with the shadier IP brokers that lease and don't care who they lease to, for example Logicweb, Cloudinnovation ( see bgp.he.net/search?search[search]=cloudinnovation+OR+%22cloud+innovation%22 ), Digital Energy-host1plus. The ranges get abused to hell and back for garbage traffic selling, rate limit bypassing, scraping, proxies, banned from youtube/google/etc for view and like farms, and then thrown away, and the leaser tries to get them unannounced quickly for further resale. On Mon, Mar 12, 2018, at 11:57 AM, Matt Harris wrote: > On Mon, Mar 12, 2018 at 1:46 PM, Sean Pedersen > wrote: > > > We recently received a demand to stop announcing a "fraudulent" prefix. Is > > there an industry best practice when handling these kind of requests? Do > > you > > have personal or company-specific preferences or requirements? To the best > > of my knowledge, we've rarely, if ever, received such a request. This is > > relatively new territory. > > > > This could definitely be an attempt at a DoS attack, and wouldn't be the > first time I've heard of something like this being done as such. > > I thought about requesting they make changes to their RIR database objects > > to confirm ownership, but all that does is verify that person has access to > > the account tied to the ORG/resource, not ownership. Current entries in the > > database list the same ORG and contact that signed the LOA. When do you get > > to the point where things look "good enough" to believe someone? > > > > They may also be leasing one chunk of space from an organization without > actually having access to the RIR db too - in that case, they could ask the > org they are leasing from to put in a SWIP with the RIR, but if they don't > choose to, then that's not a hard requirement. > > On the same token, having access to the org account at the RIR pretty much > makes you as legitimate as you're going to be as far as any of us can > really tell. If there's an issue where the RIR account has been > compromised, then that issue lies between the RIR and their customer, and > isn't really your business because you have no way to know whatsoever. > > > > Has anyone gone so far as to make the requestor provide something like a > > notarized copy stating ownership? Have you ever gotten legal departments > > involved? The RIR? > > > > A notarized copy stating *ownership* seems overboard. Lots of > organizations lease IPv4 space, and lots more now since depletion in many > regions, and their use of it is entirely legitimate in accordance with > their contractual rights established in the lease agreement with the > owner. I'd probably think about looking at the contact info in the RIR > whois and ask them, if I had a situation like this myself. Ultimately, the > RIR's contact which would be in their whois db should be authoritative more > so than anyone else. I doubt the RIR would be able to say much if you > contacted them beyond that everything that isn't in whois isn't something > they'd share publicly. > > Take care, > Matt
