Re: [EXTERNAL] DNS filtering in practice, Re: Charter DNS servers returning malware filtered IP addresses

> On Nov 1, 2023, at 13:28, Michael Thomas wrote: > > > On 10/28/23 3:13 AM, John Levine wrote: >> It appears that Michael Thomas said: If you're one of the small minority of retail users that knows enough about the technology to pick your own resolver, go ahead. But it's a r

Re: [EXTERNAL] DNS filtering in practice, Re: Charter DNS servers returning malware filtered IP addresses

On 10/28/23 3:13 AM, John Levine wrote: It appears that Michael Thomas said: If you're one of the small minority of retail users that knows enough about the technology to pick your own resolver, go ahead. But it's a reasonable default to keep malware out of Grandma's iPad. How does this lin

Re: Charter DNS servers returning invalid IP addresses

This is very interesting. I did some poking-around and found other Squarespace customers with similar issues (in their case it was Google complaining that their sites were suspicious and therefore couldn't serve Google ads). The leading theory is that the "canned" Squarespace sites are using

Re: [EXTERNAL] Charter DNS servers returning malware filtered IP addresses

Agreed, it should be 100% opt-in… and I don’t even like the idea of providing filtered DNS at all. But sadly, judging by the number of neighborhood Facebook group posts I see from people complaining about “their wifi being down” during yet another fiber cut, there are an increasingly large num

Re: [EXTERNAL] Charter DNS servers returning malware filtered IP addresses

> On Oct 30, 2023, at 07:58, Livingood, Jason > wrote: > > On 10/27/23, 19:01, "NANOG on behalf of Owen DeLong wrote: > >> If it’s such a reasonable default, why don’t any of the public resolvers >> (e.g. 1.1.1.1, 8.8.8.8, 9.9.9.9, etc.) do so? >> DNS isn’t the right place to attack this, I

Re: [EXTERNAL] Charter DNS servers returning malware filtered IP addresses

No, Charter doesn't use those. Charter runs its own anycasted recursive nameservers. On 10/30/23, 2:46 PM, "NANOG on behalf of Livingood, Jason via NANOG" mailto:charter@nanog.org> on behalf of nanog@nanog.org > wrote: CAUTION: The e-mail below is from an externa

Re: [EXTERNAL] Charter DNS servers returning malware filtered IP addresses

On 10/30/23, 16:02, "John R. Levine" mailto:jo...@iecc.com>> wrote: > I have no idea whether Charter uses one of these, some other third party, or their own. They don't use those providers as far as I am aware. I've alerted someone from CHTR of this thread. JL

Re: [EXTERNAL] Charter DNS servers returning malware filtered IP addresses

On Mon, 30 Oct 2023, Livingood, Jason wrote: On 10/27/23, 19:01, "NANOG on behalf of Owen DeLong wrote: If it’s such a reasonable default, why don’t any of the public resolvers (e.g. 1.1.1.1, 8.8.8.8, 9.9.9.9, etc.) do so? DNS isn’t the right place to attack this, IMHO. Are we sure that the

Re: [EXTERNAL] Charter DNS servers returning malware filtered IP addresses

On 10/27/23, 19:01, "NANOG on behalf of Owen DeLong wrote: > If it’s such a reasonable default, why don’t any of the public resolvers > (e.g. 1.1.1.1, 8.8.8.8, 9.9.9.9, etc.) do so? > DNS isn’t the right place to attack this, IMHO. Are we sure that the filtering is done in the default view - I w

Re: [EXTERNAL] Re: Charter DNS servers returning malware filtered IP addresses

I agree it actually is wise for them to offer a filtered service for those that want it but opt in for sure On Fri, Oct 27, 2023, 12:35 PM Bryan Fields wrote: > On 10/27/23 7:49 AM, John Levine wrote: > > But for obvious good reasons, > > the vast majority of their customers don't > > I'd argue

Re: Charter DNS servers returning malware filtered IP addresses

> > DNS isn’t the right place to attack this, IMHO. > ... > I’ve seen plenty of situations where the filters were just plain wrong and > if the end user didn’t actively choose that filtration, the target site may > be victimized without anyone knowing where to go to complain. Not much different

Re: Charter DNS servers returning malware filtered IP addresses

It appears that said: >* Owen DeLong [Sat 28 Oct 2023, 01:00 CEST]: >>If it’s such a reasonable default, why don’t any of the public >>resolvers (e.g. 1.1.1.1, 8.8.8.8, 9.9.9.9, etc.) do so? > >It's generally a service that's offered for money. Quad9 definitely >offer it: https://www.quad9.net/

Re: [EXTERNAL] DNS filtering in practice, Re: Charter DNS servers returning malware filtered IP addresses

It appears that Michael Thomas said: >> If you're one of the small minority of retail users that knows enough >> about the technology to pick your own resolver, go ahead. But it's >> a reasonable default to keep malware out of Grandma's iPad. > >How does this line up with DoH? Aren't they using h

Re: [EXTERNAL] Charter DNS servers returning malware filtered IP addresses

If it’s such a reasonable default, why don’t any of the public resolvers (e.g. 1.1.1.1, 8.8.8.8, 9.9.9.9, etc.) do so? Oh my, you walked right into that one. https://www.quad9.net/service/threat-blocking/ https://blog.cloudflare.com/introducing-1-1-1-1-for-families/ I'm also surprised nobody

Re: [EXTERNAL] Charter DNS servers returning malware filtered IP addresses

> On Oct 28, 2023, at 10:28, Jay R. Ashworth wrote: > > - Original Message - >> From: "Owen DeLong via NANOG" > >>> For a network feeding a data center, sure. For a network like >>> Charter's which is feeding unsophisticated nontechnical users, they >>> need all the messing they can

Re: [EXTERNAL] Re: Charter DNS servers returning malware filtered IP addresses

I'd agree and disagree, filtering the default isp provided dns server for consumer and possibly small business, reasonable, not without some issues, but reasonable. Comcast style filter servers and intercept all dns headed to other dns servers and redirect them to your own servers and make it

Re: [EXTERNAL] Charter DNS servers returning malware filtered IP addresses

- Original Message - > From: "Owen DeLong via NANOG" >> For a network feeding a data center, sure. For a network like >> Charter's which is feeding unsophisticated nontechnical users, they >> need all the messing they can get. >> >> If you're one of the small minority of retail users tha

Re: Charter DNS servers returning malware filtered IP addresses

>> DNS isn’t the right place to attack this, IMHO. > > Why not (apart from a purity argument), and where should it happen instead? > As others pointed out, network operators have a vested interest in protecting > their customers from becoming victims to malware. Takedowns of the hostile target

Re: Charter DNS servers returning malware filtered IP addresses

* Owen DeLong [Sat 28 Oct 2023, 01:00 CEST]: If it’s such a reasonable default, why don’t any of the public resolvers (e.g. 1.1.1.1, 8.8.8.8, 9.9.9.9, etc.) do so? It's generally a service that's offered for money. Quad9 definitely offer it: https://www.quad9.net/service/threat-blocking DN

Re: [EXTERNAL] Re: Charter DNS servers returning malware filtered IP addresses

When you have a sufficiently large mass of non-technical end users, inevitably some percentage of them will end up doing something like enabling WAN-interface-facing remote admin access,which then gets pwned and turned into a botnet. It's a real problem at scale. Compromised CPE routers in addition

Re: [EXTERNAL] Re: Charter DNS servers returning malware filtered IP addresses

On 10/27/23 2:20 PM, John Levine wrote: It appears that Bryan Fields said: -=-=-=-=-=- -=-=-=-=-=- On 10/27/23 7:49 AM, John Levine wrote: But for obvious good reasons, the vast majority of their customers don't I'd argue that as a service provider deliberately messing with DNS is an obviou

Re: [EXTERNAL] Charter DNS servers returning malware filtered IP addresses

> On Oct 27, 2023, at 14:20, John Levine wrote: > > It appears that Bryan Fields said: >> -=-=-=-=-=- >> -=-=-=-=-=- >> On 10/27/23 7:49 AM, John Levine wrote: >>> But for obvious good reasons, >>> the vast majority of their customers don't >> >> I'd argue that as a service provider delibera

Re: [EXTERNAL] Re: Charter DNS servers returning malware filtered IP addresses

It appears that Bryan Fields said: >-=-=-=-=-=- >-=-=-=-=-=- >On 10/27/23 7:49 AM, John Levine wrote: >> But for obvious good reasons, >> the vast majority of their customers don't > >I'd argue that as a service provider deliberately messing with DNS is an >obvious bad thing. They're there to de

Re: [EXTERNAL] Re: Charter DNS servers returning malware filtered IP addresses

On 10/27/23 7:49 AM, John Levine wrote: But for obvious good reasons, the vast majority of their customers don't I'd argue that as a service provider deliberately messing with DNS is an obvious bad thing. They're there to deliver packets. -- Bryan Fields 727-409-1194 - Voice http://bryanfie

Re: [EXTERNAL] Re: Charter DNS servers returning malware filtered IP addresses

According to Bryan Fields : >On 10/25/23 4:58 PM, Compton, Rich A wrote: >> Charter uses threat intel from Akamai to block certain "malicious" domains. > >Does charter do this on signed domains too? Of course. If you want to run your own DNSSEC resolver and bypass their malware protection, you ar

Re: Charter DNS servers returning invalid IP addresses

It appears that J. Hellenthal via NANOG said: >-=-=-=-=-=- > >Maybe the site "has/had" a shopping cart infection at one point that has been >found and eradicated at one point ? Virustotal reported it four days ago, which suggests that whatever was wrong with it is still wrong with it, The usual

Re: Charter DNS servers returning invalid IP addresses

"Jason J. Gullickson via NANOG" writes: > I've been working for a week or so to solve a problem with DNS > resolution for Charter customers for our domain bonesinjars.com. I've > reached-out to Charter directly but since I'm not a customer I > couldn't get any help from them. I was directed by

Re: Charter DNS servers returning invalid IP addresses

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 10/25/23 8:24 PM, Greg Dickinson wrote: > He didn’t, I was just referencing Mimecast to indicate it was probably > larger than Charter’s DNS. Given the reports that someone else gave from > Virustotal, it seems it’s more widespread than first rep

Re: [EXTERNAL] Re: Charter DNS servers returning invalid IP addresses

On 10/25/23 4:58 PM, Compton, Rich A wrote: > Charter uses threat intel from Akamai to block certain "malicious" domains. Does charter do this on signed domains too? -- Bryan Fields 727-409-1194 - Voice http://bryanfields.net

RE: Charter DNS servers returning invalid IP addresses

[mid:ac0798f5d04aec2c4c40f9c44056646c8ba72bfb332f7f64d451d99665886...@getboxer.com/image001.png@01D2DDE3.06E76B70] From: NANOG On Behalf Of Bryan Fields Sent: Wednesday, October 25, 2023 2:51 PM To: nanog@nanog.org Subject: Re: Charter DNS servers returning invalid IP addresses This Message originates from outside Bryant Bank. Please use

Charter DNS servers returning invalid IP addresses

Dear NANOG-er, Hope this email finds you in good health! Please see my comments below, inline... Thanks, Le 25/10/2023 à 18:50, Jason J. Gullickson via NANOG a écrit : I've been working for a week or so to solve a problem with DNS resolution for Charter customers for our domain bonesinjars

Re: [EXTERNAL] Re: Charter DNS servers returning invalid IP addresses

VirusTotal and other domain reputation sites say the domain is malicious. Specifically there have been multiple malware samples that were scanned (latest was 10-09-2023) that had this domain hard coded in it. https://www.virustotal.com/gui/domain/bonesinjars.com You may want to get a new domain

Re: Charter DNS servers returning invalid IP addresses

On 10/25/23 2:41 PM, Greg Dickinson wrote: If it helps troubleshooting, when I click the domain in the email Mimecast tells me: “We checked the website you are trying to access for malicious and spear-phishing content and found it likely to be unsafe.” I saw nothing referencing Mimecast in the

Re: Charter DNS servers returning invalid IP addresses

malicious and spear-phishing content and found it likely to be unsafe." Greg Dickinson, CCNA Network Engineer From: NANOG On Behalf Of Mark Andrews Sent: Wednesday, October 25, 2023 1:27 PM To: Jason J. Gullickson Cc: nanog@nanog.org Subject: Re: Charter DNS servers returning invalid I

RE: Charter DNS servers returning invalid IP addresses

[mid:ac0798f5d04aec2c4c40f9c44056646c8ba72bfb332f7f64d451d99665886...@getboxer.com/image001.png@01D2DDE3.06E76B70] From: NANOG On Behalf Of Mark Andrews Sent: Wednesday, October 25, 2023 1:27 PM To: Jason J. Gullickson Cc: nanog@nanog.org Subject: Re: Charter DNS servers returning invalid IP addresses This Message originates from

Re: Charter DNS servers returning invalid IP addresses

It’s being filtered. Only Charter can tell you why. -- Mark Andrews > On 26 Oct 2023, at 05:07, Jason J. Gullickson via NANOG > wrote: > >  > I've been working for a week or so to solve a problem with DNS resolution for > Charter customers for our domain bonesinjars.com. I've reached-out

Charter DNS servers returning invalid IP addresses

I've been working for a week or so to solve a problem with DNS resolution for Charter customers for our domain bonesinjars.com. I've reached-out to Charter directly but since I'm not a customer I couldn't get any help from them. I was directed by a friend to this list in hopes that there m

Re: SentryPeer: A distributed peer to peer list of bad IP addresses and phone numbers collected via a SIP Honeypot

Hi, I've just released https://sentrypeer.com About SentryPeerHQ -> https://sentrypeer.com/about Fully Open Source -> https://github.com/SentryPeer/SentryPeerHQ Always free -> https://sentrypeer.com/pricing (for those that contribute data by running an official SentryPeer node or their own honeyp

Re: What's a "normal" ratio of web sites to IP addresses...

approximately 248.3 million domain names. It is a complex question because the use of IP addresses for websites has been changing. Some of the IPs with large numbers of websites are actually registrar/hoster holding page websites, sales or Pay Per Click parking, DDoS protection, redirectors or load

Re: What's a "normal" ratio of web sites to IP addresses...

> On Mar 31, 2022, at 16:47 , Bill Woodcock wrote: > > > >> On Apr 1, 2022, at 12:15 AM, Bill Woodcock wrote: >> …in a run-of-the-mill web hoster? >> I’m happy to take private replies and summarize/anonymize back to the list, >> if people prefer. > > I asked the same question on Twitter, a

Re: What's a "normal" ratio of web sites to IP addresses...

> On Apr 1, 2022, at 12:15 AM, Bill Woodcock wrote: > …in a run-of-the-mill web hoster? > I’m happy to take private replies and summarize/anonymize back to the list, > if people prefer. I asked the same question on Twitter, and got quite a lot of answers in both places pretty quickly. Thus f

Re: What's a "normal" ratio of web sites to IP addresses...

I don't know that there is a normal as it likely depends heavily on the revenue per customer and the service's tolerance for giving out IP addresses. It also depends heavily on the back end infrastructhre and what kind of service is being provided. There's probably massi

What's a "normal" ratio of web sites to IP addresses...

…in a run-of-the-mill web hoster? This is really a question specifically for folks with web-site-hosting businesses. If you had, say, ten million web site customers, each with their own unique domain name, how many IPv4 addresses would you think was a reasonable number to host those on? HTTP

Re: SentryPeer: A distributed peer to peer list of bad IP addresses and phone numbers collected via a SIP Honeypot

Hi all, Come a long way since Nov: https://github.com/SentryPeer/SentryPeer/releases/tag/v1.4.0 Peer to peer bad_actor replication is now released. Deutsche Telekom "T-Pot - The All In One Honeypot Platform" included SentryPeer (https://github.com/telekom-security/tpotce/tree/22.x) and Kali Linu

Re: SentryPeer: A distributed peer to peer list of bad IP addresses and phone numbers collected via a SIP Honeypot

This should help https://github.com/SentryPeer/SentryPeer/blob/aea3b3762c7df9e4d19901fa2dd82fe93a38f4cf/CHANGELOG.md#unreleased

Re: SentryPeer: A distributed peer to peer list of bad IP addresses and phone numbers collected via a SIP Honeypot

On Fri, 26 Nov 2021, 18:59 Max Tulyev, wrote: > Hi Gavin, > Hi Max, > I thought to do something similar ;) > What stopped you creating something? Or did you? Interested :) > As I can see in the code, you count somebody as a bad actor just because > of one UDP packet is received. It is a ba

Re: SentryPeer: A distributed peer to peer list of bad IP addresses and phone numbers collected via a SIP Honeypot

Hi Gavin, I thought to do something similar ;) As I can see in the code, you count somebody as a bad actor just because of one UDP packet is received. It is a bad idea, because it is easy to spoof that packet and make a DoS against some good actor. Right way: you have to simulate a SIP dialo

Re: SentryPeer: A distributed peer to peer list of bad IP addresses and phone numbers collected via a SIP Honeypot

On Thu, 25 Nov 2021 at 00:53, Eric Kuhnke wrote: > > Anecdotally, anyone that's had reason to manually go through logs for port > 5060 SIP for any public facing ipv4 /32 will see the vast amounts of random > "things" out there on the internet trying common extension password combos to > registe

Re: SentryPeer: A distributed peer to peer list of bad IP addresses and phone numbers collected via a SIP Honeypot

Anecdotally, anyone that's had reason to manually go through logs for port 5060 SIP for any public facing ipv4 /32 will see the vast amounts of random "things" out there on the internet trying common extension password combos to register. It's been a large amount of background noise on the interne

SentryPeer: A distributed peer to peer list of bad IP addresses and phone numbers collected via a SIP Honeypot

Hi all, I hope you don't mind the post, but thought this might be of use and in the spirit of release early, release often I've done an alpha release: https://github.com/SentryPeer/SentryPeer There's a presentation too if you'd like to watch/read where I hope to go with this: https://blog.tadsu

RE: IP addresses on subnet edge (/24)

t;, etc., with not enough detail to track it down. The > problem would disappear when we moved it to another IP address. > > Because of this, we stopped allocating customer websites on .0 and .255 IP > addresses about 10 years ago, instead using them for internal / controlled > a

RE: IP addresses on subnet edge (/24)

versus TCP test or something else), but you can also connect to those IPs (at least the two that I just tested) over port 80, to test the full handshake. You mentioned ClientHello/ServerHello, these nodes don't respond over port 443 (only saw SYN). Kinda makes sense given they're IP

Re: IP addresses on subnet edge (/24)

On Tue, Sep 15, 2020 at 8:26 AM Töma Gavrichenkov wrote: > Also .0 and .1. > > Yes, there was some kind of a strange behavior with those addresses > before. We excluded those from rotation back in 2011 when that was really > biting us. There's an impression that this issue has become much less

Re: IP addresses on subnet edge (/24)

l to track it down. The problem would disappear when we moved it to another IP address. Because of this, we stopped allocating customer websites on .0 and .255 IP addresses about 10 years ago, instead using them for internal / controlled access purposes where we could investigate any problems. (Whi

Re: IP addresses on subnet edge (/24)

You may want to do traceroute using syn/ack packets to find the offending piece of equipment (may require modifying traceroute to set the syn and ack). > On 15 Sep 2020, at 07:25, Andrey Khomyakov wrote: > > TL;DR I suspect there are middle boxes that don't like IPs ending in .255. > Anyone se

Re: IP addresses on subnet edge (/24)

Peacez On Tue, Sep 15, 2020, 12:26 AM Andrey Khomyakov wrote: > TL;DR I suspect there are middle boxes that don't like IPs ending in .255. > Anyone seen that? > Also .0 and .1. Yes, there was some kind of a strange behavior with those addresses before. We excluded those from rotation back in

Re: IP addresses on subnet edge (/24)

On 14/09/2020 22:25, Andrey Khomyakov wrote: > TL;DR I suspect there are middle boxes that don't like IPs ending in > .255. Anyone seen that? Yes, but not for many, MANY years. I would expect that this service might not like addresses ending in .0 either? It was ca. 2010, when I started receiving

Re: IP addresses on subnet edge (/24)

On Mon, Sep 14, 2020 at 5:28 PM Andrey Khomyakov wrote: > > TL;DR I suspect there are middle boxes that don't like IPs ending in .255. > Anyone seen that? Windows XP/Windows 2003 both had an issue where addresses ending in .255 wouldn't work, regardless of the mask. It seems unlikely that there

IP addresses on subnet edge (/24)

TL;DR I suspect there are middle boxes that don't like IPs ending in .255. Anyone seen that? Folks, We are troubleshooting a strange issue where some of our customers cannot establish a successful connection with our HTTP front end. In addition to checking the usual things like routing and interfa

Re: Hulu thinks all my IP addresses are "business class", how to reach them?

* NANOG *On >> Behalf Of *Eric Fulton >> *Sent:* Thursday, December 5, 2019 2:37 PM >> *To:* Mark Tinka >> *Cc:* nanog@nanog.org >> *Subject:* Re: Hulu thinks all my IP addresses are "business class", how >> to reach them? >> >> >> &

Re: Hulu thinks all my IP addresses are "business class", how to reach them?

the tiny range of > applicable IPs as not being “cloud”. > > > > *From:* NANOG *On Behalf > Of *Eric Fulton > *Sent:* Thursday, December 5, 2019 2:37 PM > *To:* Mark Tinka > *Cc:* nanog@nanog.org > *Subject:* Re: Hulu thinks all my IP addresses are "business cla

RE: Hulu thinks all my IP addresses are "business class", how to reach them?

We’ve had success contacting Hulu and having them mark the tiny range of applicable IPs as not being “cloud”. From: NANOG On Behalf Of Eric Fulton Sent: Thursday, December 5, 2019 2:37 PM To: Mark Tinka Cc: nanog@nanog.org Subject: Re: Hulu thinks all my IP addresses are "business class&

Re: Hulu thinks all my IP addresses are "business class", how to reach them?

This happened to us as well. We've had probably over 100 requests over the last few years, but thankfully most of our customers are fine with just not purchasing Hulu. We've only lost below 5 customers from this issue. EF Treasure State Internet & Telegraph 406.204.4777 http://tsi.io On Wed

Re: Hulu thinks all my IP addresses are "business class", how to reach them?

On 21/Nov/19 12:32, t...@pelican.org wrote: > If I, as a UK citizen, buy region 2 DVDs at home, take them on my trip to the > US and watch them on my laptop, no-one is screaming that I'm violating > someone's geographic distribution rights by doing so. They would if it was possible to track

Re: Hulu thinks all my IP addresses are "business class", how to reach them?

On 19/Nov/19 20:17, Doug McIntyre wrote: > > If I knew why they considered my IP addresses "business" IP addresses, > I could possibly change something? Perhaps because it's static :-)? Also, why are business people on Hulu during business hours :-). Mark <= w

Re: Hulu thinks all my IP addresses are "business class", how to reach them?

On 19/Nov/19 20:38, Blake Hudson wrote: > > > Thanks Doug. I'm interested in following your thread because we have > some IP ranges we intentionally wanted to be classified as static or > non-residential by other entities so that our customers on these > ranges could operate their own email ser

Re: Hulu thinks all my IP addresses are "business class", how to reach them?

reasonable or "good enough" assumption >> > > Talk to someone who has been sued for downloading or sharing movies. > They'll swear on their own grave that one IP can never equal one user. ;) > > -A > > > I’ll swear it’s a horrible assumption. > >

Re: Hulu thinks all my IP addresses are "business class", how to reach them?

On Fri, Nov 22, 2019 at 05:05:20AM +, Mike Lewinski wrote: > Question: is anyone who is currently suffering this issue also doing 1:many > NAT? Or running a proxy server that might cause multiple clients to all > appear from the same IP address? I believe NAT might be the cause of one of > o

Re: Hulu thinks all my IP addresses are "business class", how to reach them?

swear on their own grave that one IP can never equal one user. ;) > > -A I’ll swear it’s a horrible assumption. Personally, I use many IP addresses each day. Some of them are also used by others. Some of them are not. Equating IP Address <-> Person relationships as being anything re

Re: Hulu thinks all my IP addresses are "business class", how to reach them?

On Fri, Nov 22, 2019 at 8:52 AM Blake Hudson wrote: > This is absolutely an issue with Xbox Live/Sony PSN or RBLs used by mail > servers for reputation purposes. For better or worse these systems equate > one IPv4 address == one user (and possibly one IPv6 /64 == one user). My > opinion is that t

Re: Hulu thinks all my IP addresses are "business class", how to reach them?

This is absolutely an issue with Xbox Live/Sony PSN or RBLs used by mail servers for reputation purposes. For better or worse these systems equate one IPv4 address == one user (and possibly one IPv6 /64 == one user). My opinion is that this may be a reasonable or "good enough" assumption as lon

Re: Hulu thinks all my IP addresses are "business class", how to reach them?

Question: is anyone who is currently suffering this issue also doing 1:many NAT? Or running a proxy server that might cause multiple clients to all appear from the same IP address? I believe NAT might be the cause of one of our customer's complaints wrt content provider blocking.

Re: Hulu thinks all my IP addresses are "business class", how to reach them?

Probably because a market would quickly pop up to sell or rent accounts created in one region to others. On Thu, Nov 21, 2019, 2:32 AM t...@pelican.org wrote: > On Wednesday, 20 November, 2019 21:25, "William Herrin" > said: > > > This is why you don't go after Hulu. You go after the content ow

Re: Hulu thinks all my IP addresses are "business class", how to reach them?

On Thu, Nov 21, 2019 at 10:22 AM Blake Hudson wrote: > t...@pelican.org wrote on 11/21/2019 4:32 AM: > > Or am I woefully naive, and it's actually trivial for a non-US resident to come up with a US credit card and billing address to pay for the service? 1. Buy a prepaid debit card. 2. Rent a mail

Re: Hulu thinks all my IP addresses are "business class", how to reach them?

t...@pelican.org wrote on 11/21/2019 4:32 AM: On Wednesday, 20 November, 2019 21:25, "William Herrin" said: This is why you don't go after Hulu. You go after the content owners who conspired to compel Hulu to limit distribution in a way that tortiously interferes with your contract with your

Re: Hulu thinks all my IP addresses are "business class", how to reach them?

> > If I, as a UK citizen, buy region 2 DVDs at home, take them on my trip to > the US and watch them on my laptop, no-one is screaming that I'm violating > someone's geographic distribution rights by doing so. If a US citizen is > paying for Hulu, from a US billing address, on a US credit card, b

Re: Hulu thinks all my IP addresses are "business class", how to reach them?

On Thursday, 21 November, 2019 12:00, "Rob Seastrom" said: >> On Nov 21, 2019, at 05:33, "t...@pelican.org" wrote: >> >> Or am I woefully naive, and it's actually trivial for a non-US resident to >> come >> up with a US credit card and billing address to pay for the service? > > It’s a thing.

Re: Hulu thinks all my IP addresses are "business class", how to reach them?

On Wednesday, 20 November, 2019 21:25, "William Herrin" said: > This is why you don't go after Hulu. You go after the content owners who > conspired to compel Hulu to limit distribution in a way that tortiously > interferes with your contract with your eyeball customers. Am I the only one who's

Re: Hulu thinks all my IP addresses are "business class", how to reach them?

> On Nov 20, 2019, at 12:44 , Brandon Martin wrote: > > On 11/20/19 3:31 PM, Owen DeLong wrote: >> As an ISP, there might be something there, but, you’d have to prove that you >> had a significant number of customers that left for that specific reason and >> you’d have to show the actual dam

Re: Hulu thinks all my IP addresses are "business class", how to reach them?

This is why you don't go after Hulu. You go after the content owners who conspired to compel Hulu to limit distribution in a way that tortiously interferes with your contract with your eyeball customers. Then, before Which in many cases is groups like the Screen Actors Guild and the music indus

Re: Hulu thinks all my IP addresses are "business class", how to reach them?

On Wed, Nov 20, 2019 at 12:32 PM Owen DeLong wrote: > The problem here is that identifying class members is very hard (most class members wouldn’t realize why they were not getting Hulu, and Hulu probably either quickly corrects the problem on their end or blames the ISP), meaning they wouldn’t re

Re: Hulu thinks all my IP addresses are "business class", how to reach them?

On 11/20/19 3:31 PM, Owen DeLong wrote: As an ISP, there might be something there, but, you’d have to prove that you had a significant number of customers that left for that specific reason and you’d have to show the actual damages that resulted. Easy to estimate, very hard to prove. Not only

Re: Hulu thinks all my IP addresses are "business class", how to reach them?

>> > I suppose a Hulu subscriber could dispute the charge or file a suit (class > action?) for damages: "Hulu took my money, but didn't provide the services > they advertised." As an ISP, some of us might even be in a position where we > encounter losses due to Hulu's (mis)classification result

Re: Hulu thinks all my IP addresses are "business class", how to reach them?

Owen DeLong wrote on 11/20/2019 11:51 AM: On Nov 20, 2019, at 07:38 , Tom Beecher > wrote: Never did figure out if it was stupidity or malice driving that. Personally I think it's neither; it's just $. They could invest in a robust system to accurate

Re: Hulu thinks all my IP addresses are "business class", how to reach them?

> On Nov 20, 2019, at 07:38 , Tom Beecher wrote: > > Never did figure out if it was stupidity > or malice driving that. > > Personally I think it's neither; it's just $. > > They could invest in a robust system to accurately identify what they chose > not to allow to access the service

Re: Hulu thinks all my IP addresses are "business class", how to reach them?

> > Never did figure out if it was stupidity > or malice driving that. > Personally I think it's neither; it's just $. They could invest in a robust system to accurately identify what they chose not to allow to access the service. Or, they can choose to run with a 'close enough' system with s

Re: Hulu thinks all my IP addresses are "business class", how to reach them?

On Tue, 19 Nov 2019 13:39:56 -0500, Tom Beecher said: > They are essentially equating 'business' with 'VPN provider'. Not at all surprised. Many moons ago, I had a Tor *relay* running on one machine in my home network, and Hulu decided that my connections from a *different* home machine were "VP

Re: Hulu thinks all my IP addresses are "business class", how to reach them?

hen to whitelist them, they have to have > > a "residential" IP address and not the "business" IP address we are > > giving them, and won't go any further. Or they just say they can't > > connect from the "business" IP addresses. > > >

Re: Hulu thinks all my IP addresses are "business class", how to reach them?

sidential" IP address and not the "business" IP address we are giving them, and won't go any further. Or they just say they can't connect from the "business" IP addresses. If I knew why they considered my IP addresses "business" IP addresses, I could

Re: Hulu thinks all my IP addresses are "business class", how to reach them?

g Sent: Monday, November 18, 2019 10:41:06 AM Subject: Hulu thinks all my IP addresses are "business class", how to reach them? I've been offering residential and business ISP services for a long time. Hulu recently blocked my customers from accessing their service, because

Re: Hulu thinks all my IP addresses are "business class", how to reach them?

t), and then to whitelist them, they have to have a "residential" IP address and not the "business" IP address we are giving them, and won't go any further. Or they just say they can't connect from the "business" IP addresses. If I knew why they considered my I

Re: Hulu thinks all my IP addresses are "business class", how to reach them?

nd not the "business" IP address we are giving them, and won't go any further. Or they just say they can't connect from the "business" IP addresses. If I knew why they considered my IP addresses "business" IP addresses, I could possibly change something? But

Re: Hulu thinks all my IP addresses are "business class", how to reach them?

in NANOG previously is just an autoresponder that says open a ticket online (once you are logged into your account). Does anybody have a contact for them that I can discuss what they are looking at to determine if my IP addresses are "residential" vs. "business" class? Thanks.

Re: Hulu thinks all my IP addresses are "business class", how to reach them?

t; an autoresponder that says open a ticket online (once you are logged into > your account). > > Does anybody have a contact for them that I can discuss what they are > looking at to determine if my IP addresses are "residential" > vs. "business" class? > > Thanks. > > smime.p7s Description: S/MIME cryptographic signature

Hulu thinks all my IP addresses are "business class", how to reach them?

mer, the supportrequ...@hulu.com address mentioned in NANOG previously is just an autoresponder that says open a ticket online (once you are logged into your account). Does anybody have a contact for them that I can discuss what they are looking at to determine if my IP addresses are "r

Re: IP addresses being attacked in Krebs DDoS?

Onderwerp: IP addresses being attacked in Krebs DDoS? As an ISP who is pro-active when it comes to security, I'd like to know what IP address(es) are being hit by the Krebs on Security DDoS attack. If we know, we can warn customers that they are harboring infected PCs and/or IoT devices. (A

Re: IP addresses being attacked in Krebs DDoS?

promised because of default user/pass settings. >> Publishing a list of IP addresses which are so trivially compromised is >> handing the miscreants a gift. > > I think you may have misunderstood my request. I am not asking for the IP > addresses of the bots, but the address

Re: IP addresses being attacked in Krebs DDoS?

On Sun, Sep 25, 2016 at 1:01 PM, Brett Glass wrote: > As an ISP who is pro-active when it comes to security, I'd like to know > what IP address(es) are being hit by the Krebs on Security DDoS attack. If > we know, we can warn customers that they are harboring infected PCs and/or > IoT devices. (A

Re: IP addresses being attacked in Krebs DDoS?

At 03:50 PM 9/25/2016, Patrick W. Gilmore wrote: What Brett is asking seems reasonable, even useful. Unfortunately, it is not as simple as posting a list of addresses on a website. Many devices are compromised because of default user/pass settings. Publishing a list of IP addresses which are

Re: IP addresses being attacked in Krebs DDoS?

rett is asking seems reasonable, even useful. Unfortunately, it is not as simple as posting a list of addresses on a website. Many devices are compromised because of default user/pass settings. Publishing a list of IP addresses which are so trivially compromised is handing the miscreants a gift. We h

  1   2   3   4   5   6   >