[server-admins] Fwd: Re: routes
Troy A. Griffitts
scribe at crosswire.org
Wed May 19 12:47:29 MST 2010
-------- Original Message --------
Subject: Re: [server-admins] routes
Date: Wed, 19 May 2010 12:40:33 -0700
From: Troy A. Griffitts <scribe at crosswire.org>
To: Extreme Internet Support <support at extremezone.com>,
tdean at extremezone.com
Dear Tim and Extreme Internet Support,
Thank you for the response below and for opening these large B and C
blocks of IP addresses.
I am still concerned regarding this new policy which blocks large chunks
of the world from our server. What happened last month to warrant such
a change in policy? It is affecting us negatively, as we serve software
to these countries.
May I at least suggest some simple rules which would be acceptable for us.
Please understand we are not asking for blind removal of all filtering.
Individual IP addresses and small subnets are certainly fine.
1) remove all blocks wider than /24-- class C subnets.
2) provide us with a list of what blocks remain in place which filter
/28 or wider.
3) remove rules which have attack history older than a reasonable amount
of time.
The above rules basically say: /29 - /32 filters for which you have
reasonably current attack data are certainly acceptable and we don't
need to know about it. Anything above class C is not acceptable. And if
you find the need to filter the middle ground (/24 - /28), then we'd
like to be aware of it.
I certainly understand your need to protect your servers; we are just
trying to fix this real problem with the current overly-broad ruleset
which prevents our real users from accessing our services.
Thank you for your assistance.
Troy A. Griffitts
On 05/19/2010 09:52 AM, Extreme Internet Support wrote:
> The following netblocks were removed from the edge router:
>
> 93.141.0.0 Croatia T-Com Croatia Internet network
> 81.199.0.0 United Kingdom IP Planet Networks Ltd.
> 201.40.0.0 Brazil Brasil Telecom S/A - Filial Distrito Federal
> 201.255.0.0 Argentina Telefonica de Argentina
> 200.128.0.0 Brazil Associao Rede Nacional de Ensino e Pesquisa
> 197.0.0.0 Tunisia Agence Tunisienne Internet - ATI
> 190.71.64.0 Colombia EPM Telecomunicaciones S.A. E.S.P.
> 190.59.0.0 Trinidad And Tobago Telecommunication Services of
> Trinidad and Tobago
> 190.51.0.0 Argentina Telefonica de Argentina
> 190.50.0.0 Argentina Telefonica de Argentina
> 190.3.192.0 Colombia EDATEL S.A. E.S.P
> 190.247.0.0 Argentina CABLEVISION S.A.
> 190.24.0.0 Colombia ETB - Colombia
> 190.232.32.0 Peru PE-TDPERX12-LACNIC
> 190.220.0.0 Argentina B&B Consultora
> 190.209.0.0 Chile Telmex Chile S.A HFC
> 190.201.0.0 Venezuela CANTV Servicios, Venezuela
> 190.178.0.0 Argentina Telefonica de Argentina
> 190.176.0.0 Argentina Telefonica de Argentina
> 190.156.0.0 Colombia Telmex Colombia S.A.
> 190.149.0.0 Guatemala Telgua
> 190.126.0.0 Colombia COMCEL S.A.
> 190.0.0.0 Colombia EPM Telecomunicaciones S.A. E.S.P.
> 189.0.0.0 Brazil Vivo S.A.
> 187.0.0.0 Brazil Adylnet Acesso A internet Ltda
> 186.58.0.0 Argentina Telefonica de Argentina
> 154.0.0.0 Mauritius AfriNIC - www.afrinic.net
>
> Until I get specific examples of people still being blocked, there
> isn't anything else I can do.
>
>
> Thank you for writing us here at Extreme Internet Technical Support, and
> please let us know if we may be of assistance to you in the future by
> contacting us at the different options listed below...
>
> We want to hear from you!
>
> Extreme Support
> \\ - - //
> ( 0 0 )
> -----------------------------------------oOOo-(_)-oOOo----------
> Extreme Internet / \
> Technical Support
> 8655 East Via de Ventura G-181 o
> Scottsdale, Arizona 85258-3321 o
> Phone : (480) 368-4638 Opt #1 o
> Fax : (480) 368-4637
> E-mail: support at extremezone.com
> Web : www.extremezone.com
>
> Technical Support Hours:
> Monday-Friday 9:00am to 5:30pm
> Sat-Sun/Holidays 10:00am to 6:00pm
> --------------------------------------------------Ooo-----------
> ooO ( )
> ( ) ) /
> \ ( (_/
> \_)
>
> On Thu, 13 May 2010, Troy A. Griffitts wrote:
>
>> Would it be possible for us to speak on the phone to resolve this
>> issue? You can reach me at:
>>
>> +1.602.628.7771
>>
>> Troy A. Griffitts
>>
>>
>>
>> On 05/11/2010 03:30 PM, Extreme Internet Support wrote:
>>> Its not that we are denying them to your server only or have special
>>> rules. These are IPs that were hacking us/spamming us/etc.... I have 8
>>> pages of "ip route 46.1.0.0 0.0.0.255 null0".
>>>
>>> All I need are countries, so I can sort through this list.
>>> Again, I have this to work with:
>>> ip route 150.135.40.100 255.255.255.255 null0
>>> ip route 77.238.198.226 255.255.255.255 null0
>>> ip route 189.12.9.210 255.255.255.255 null0
>>> ip route 201.51.105.104 255.255.255.255 null0
>>> ip route 201.76.39.214 255.255.255.255 null0
>>> ip route 201.89.130.151 255.255.255.255 null0
>>> ip route 187.79.18.31 255.255.255.255 null0
>>> ip route 200.103.31.194 255.255.255.255 null0
>>> ip route 200.90.248.251 255.255.255.255 null0
>>> ip route 123.112.81.40 255.255.255.255 null0
>>> ip route 222.170.178.191 255.255.255.255 null0
>>> ip route 186.98.181.6 255.255.255.255 null0
>>> ip route 190.125.197.198 255.255.255.255 null0
>>> ip route 190.71.255.81 255.255.255.255 null0
>>> ip route 190.3.212.189 255.255.255.255 null0
>>> ip route 201.232.18.46 255.255.255.255 null0
>>> ip route 84.42.172.186 255.255.255.255 null0
>>> ip route 190.80.235.171 255.255.255.255 null0
>>> ip route 186.120.51.125 255.255.255.255 null0
>>> ip route 190.167.5.7 255.255.255.255 null0
>>> ip route 190.167.92.111 255.255.255.255 null0
>>> ip route 190.80.202.85 255.255.255.255 null0
>>> ip route 190.166.51.36 255.255.255.255 null0
>>> ip route 200.88.97.158 255.255.255.255 null0
>>> ip route 78.46.79.178 255.255.255.255 null0
>>> ip route 190.149.60.210 255.255.255.255 null0
>>> ip route 200.13.177.251 255.255.255.255 null0
>>> ip route 59.92.105.59 255.255.255.255 null0
>>> ip route 78.38.120.250 255.255.255.255 null0
>>> ip route 93.91.206.181 255.255.255.255 null0
>>>
>>> and this goes on and on and on and on for 8 more pages. I have _no
>>> way_ of
>>> knowing which of these are causing you problems. I _can_ however,
>>> add all
>>> 8 pages of IPs to a text file then reverse each IP so I can see the
>>> IP/coutnry its coming from. I can then match them up to the troubled
>>> countries and find out _where_ its being blocked exactly.
>>>
>>> Id rather not have to blindly remove all of those. You said you had
>>> complaints from all over the world, you must have some country names
>>> to work with or you wouldnt know its "all over the world".
>>>
>>> I cant unblock "everything to your server" because these are being
>>> stopped from coming into our _entire_ network. If you want, I can jsut
>>> randomly rmeove IPs but I dont think that will help you at all.
>>>
>>> At least give me some idea of _what_ I need to unblock.
>>>
>>> At best right now, without any feedback from you as to who or what is
>>> being blocked, I can go through and look for any subnets that are
>>> being blocked.
>>>
>>> Also, Lee Burton is no longer with us. He was let go last year in Jan.
>>>
>>> Thank you for writing us here at Extreme Internet Technical Support,
>>> and
>>> please let us know if we may be of assistance to you in the future by
>>> contacting us at the different options listed below...
>>>
>>> We want to hear from you!
>>>
>>> Extreme Support
>>> \\ - - //
>>> ( 0 0 )
>>> -----------------------------------------oOOo-(_)-oOOo----------
>>> Extreme Internet / \
>>> Technical Support
>>> 8655 East Via de Ventura G-181 o
>>> Scottsdale, Arizona 85258-3321 o
>>> Phone : (480) 368-4638 Opt #1 o
>>> Fax : (480) 368-4637
>>> E-mail: support at extremezone.com
>>> Web : www.extremezone.com
>>>
>>> Technical Support Hours:
>>> Monday-Friday 9:00am to 5:30pm
>>> Sat-Sun/Holidays 10:00am to 6:00pm
>>> --------------------------------------------------Ooo-----------
>>> ooO ( )
>>> ( ) ) /
>>> \ ( (_/
>>> \_)
>>>
>>> On Sat, 8 May 2010, Troy A. Griffitts wrote:
>>>
>>>> Not to be a jerk or anything-- you guys have been wonderful to us for
>>>> the number of years we've housed our server at Extreme Internet,
>>>> but we
>>>> are an international organization. It's not a straightforward task to
>>>> respond to your request for us to supply countries and IP addresses
>>>> for
>>>> you to unblock. We supply software for 100s of languages used in
>>>> remote
>>>> parts of the world-- some of which are home to less than savory
>>>> people.
>>>>
>>>> We don't want to wait for a creative person from each of these blocked
>>>> countries to find our public IRC channel and report that they can no
>>>> longer access our tools, and then send their IP address to you to
>>>> unblock.
>>>>
>>>> We can manage our own security on CrossWire. Please do not block
>>>> traffic to our server.
>>>>
>>>> Thank you,
>>>>
>>>> Troy A. Griffitts
>>>>
>>>>
>>>>
>>>> Extreme Internet Support wrote:
>>>>> Can you give me country domains from these people complaining? All
>>>>> I've
>>>>> got are tens of pages worth of IP address on our EDGE router and I
>>>>> have
>>>>> no idea which ones you'd like to be removed but I can't remoeve
>>>>> all of
>>>>> them because some of these are here for good reason.
>>>>>
>>>>> If I get a list of domains or countries, I can start resolving
>>>>> these IP
>>>>> address' hundreds at a time and match them up for you.
>>>>>
>>>>> Thank you for writing us here at Extreme Internet Technical Support,
>>>>> and
>>>>> please let us know if we may be of assistance to you in the future by
>>>>> contacting us at the different options listed below...
>>>>>
>>>>> We want to hear from you!
>>>>>
>>>>> Extreme Support
>>>>> \\ - - //
>>>>> ( 0 0 )
>>>>> -----------------------------------------oOOo-(_)-oOOo----------
>>>>> Extreme Internet / \
>>>>> Technical Support
>>>>> 8655 East Via de Ventura G-181 o
>>>>> Scottsdale, Arizona 85258-3321 o
>>>>> Phone : (480) 368-4638 Opt #1 o
>>>>> Fax : (480) 368-4637
>>>>> E-mail: support at extremezone.com
>>>>> Web : www.extremezone.com
>>>>>
>>>>> Technical Support Hours:
>>>>> Monday-Friday 9:00am to 5:30pm
>>>>> Sat-Sun/Holidays 10:00am to 6:00pm
>>>>> --------------------------------------------------Ooo-----------
>>>>> ooO ( )
>>>>> ( ) ) /
>>>>> \ ( (_/
>>>>> \_)
>>>>>
>>>>> On Sat, 1 May 2010, Troy A. Griffitts wrote:
>>>>>
>>>>>> Dear Extremezone Support,
>>>>>>
>>>>>> We are still receiving complaints from populations all over the
>>>>>> world
>>>>>> who are blocked from our server.
>>>>>>
>>>>>> Could you please unblock all IP addresses from our server.
>>>>>>
>>>>>> Thank you,
>>>>>>
>>>>>> Troy A. Griffitts
>>>>>>
>>>>>>
>>>>>>
>>>>>> Troy A. Griffitts wrote on 04/26/2010 05:25 PM:
>>>>>>> Could you please confirm that there are no longer any blocks
>>>>>>> banned from
>>>>>>> accessing our server?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Extreme Internet Support wrote:
>>>>>>>> We were having issues with, for the most part, with ALL of
>>>>>>>> Africa. I
>>>>>>>> banned several netblocks to prevent them from their continued
>>>>>>>> hacking/spamming attacks.
>>>>>>>>
>>>>>>>> I removed the one for .zw and now those should resolve.
>>>>>>>>
>>>>>>>> Thank you for writing us here at Extreme Internet Technical
>>>>>>>> Support,
>>>>>>>> and
>>>>>>>> please let us know if we may be of assistance to you in the
>>>>>>>> future by
>>>>>>>> contacting us at the different options listed below...
>>>>>>>>
>>>>>>>> We want to hear from you!
>>>>>>>>
>>>>>>>> Extreme Support
>>>>>>>> \\ - - //
>>>>>>>> ( 0 0 )
>>>>>>>> -----------------------------------------oOOo-(_)-oOOo----------
>>>>>>>> Extreme Internet / \
>>>>>>>> Technical Support
>>>>>>>> 8655 East Via de Ventura G-181 o
>>>>>>>> Scottsdale, Arizona 85258-3321 o
>>>>>>>> Phone : (480) 368-4638 Opt #1 o
>>>>>>>> Fax : (480) 368-4637
>>>>>>>> E-mail: support at extremezone.com
>>>>>>>> Web : www.extremezone.com
>>>>>>>>
>>>>>>>> Technical Support Hours:
>>>>>>>> Monday-Friday 9:00am to 5:30pm
>>>>>>>> Sat-Sun/Holidays 10:00am to 6:00pm
>>>>>>>> --------------------------------------------------Ooo-----------
>>>>>>>> ooO ( )
>>>>>>>> ( ) ) /
>>>>>>>> \ ( (_/
>>>>>>>> \_)
>>>>>>>>
>>>>>>>> On Mon, 26 Apr 2010, Troy A. Griffitts wrote:
>>>>>>>>
>>>>>>>>> Dear Support at Extreme Internet,
>>>>>>>>>
>>>>>>>>> Within the past few weeks CrossWire.org has seen routing
>>>>>>>>> problems from
>>>>>>>>> various parts of the world. We've had problems reported from
>>>>>>>>> Mexico,
>>>>>>>>> Brazil, and Africa / Zimbabwe among others. Below is a
>>>>>>>>> traceroute
>>>>>>>>> from
>>>>>>>>> our server to IPs which are reporting problems, and one from the
>>>>>>>>> IP to
>>>>>>>>> our server. Any help would be appreciated.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Traceroute away from crosswire.org toward any of the addresses in
>>>>>>>>> question dies, not on crosswire.org itself, but 2 hops away:
>>>>>>>>>
>>>>>>>>> [charcoal at www ~]$ traceroute 196.215.26.11
>>>>>>>>> traceroute to 196.215.26.11 (196.215.26.11), 30 hops max, 60 byte
>>>>>>>>> packets
>>>>>>>>> 1 ip-140-154-249.phx.extremezone.com (64.140.154.249) 2.332 ms
>>>>>>>>> 2.748
>>>>>>>>> ms 3.204 ms
>>>>>>>>> 2 fe1-0-0.phx.extremezone.com (208.129.255.1) 1.432 ms
>>>>>>>>> 1.426 ms
>>>>>>>>> 1.382 ms
>>>>>>>>> 3 * * *
>>>>>>>>> 4 * * *
>>>>>>>>> 5 * * *
>>>>>>>>>
>>>>>>>>> -------------------------------------------------------------------------------
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> [scribe at www ~]$ traceroute 196.201.23.53
>>>>>>>>> traceroute to 196.201.23.53 (196.201.23.53), 30 hops max, 60 byte
>>>>>>>>> packets
>>>>>>>>> 1 ip-140-154-249.phx.extremezone.com (64.140.154.249) 1.638 ms
>>>>>>>>> 2.048
>>>>>>>>> ms 2.529 ms
>>>>>>>>> 2 fe1-0-0.phx.extremezone.com (208.129.255.1) 1.536 ms
>>>>>>>>> 1.521 ms
>>>>>>>>> 1.497 ms
>>>>>>>>> 3 * * *
>>>>>>>>> 4 * * *
>>>>>>>>> 5 * * *
>>>>>>>>>
>>>>>>>>> -------------------------------------------------------------------------------
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> teus at 2530p:~$ tracepath www.crosswire.org
>>>>>>>>> 1: 2530p.local (192.168.0.1)
>>>>>>>>> 0.271ms
>>>>>>>>> pmtu
>>>>>>>>> 1500
>>>>>>>>> 1: 192.168.0.8 (192.168.0.8)
>>>>>>>>> 5.689ms
>>>>>>>>> 1: 192.168.0.8 (192.168.0.8)
>>>>>>>>> 2.449ms
>>>>>>>>> 2: 10.2.4.1 (10.2.4.1)
>>>>>>>>> 14.829ms
>>>>>>>>> 3: 192.168.221.2 (192.168.221.2)
>>>>>>>>> 48.459ms
>>>>>>>>> 4: transmedia-byo-transit-gateway.zol.co.zw (196.201.23.53)
>>>>>>>>> 140.769ms
>>>>>>>>> 5: transit-mercury-bulgaria.zol.co.zw (196.201.1.181)
>>>>>>>>> 145.678ms
>>>>>>>>> 6: earth.zol.co.zw (196.201.1.113)
>>>>>>>>> 96.517ms
>>>>>>>>> 7: pt-btc.zol.co.zw (196.201.1.234)
>>>>>>>>> 94.104ms
>>>>>>>>> 8: 41.78.76.145 (41.78.76.145)
>>>>>>>>> 190.166ms
>>>>>>>>> 9: 168.167.255.69 (168.167.255.69)
>>>>>>>>> 92.135ms
>>>>>>>>> 10: bw-gbe-msu1-pr2.btc.net.bw (168.167.253.12)
>>>>>>>>> 87.636ms
>>>>>>>>> 11: 168.167.255.73 (168.167.255.73)
>>>>>>>>> 448.305ms
>>>>>>>>> 12: 166.49.170.45 (166.49.170.45)
>>>>>>>>> 383.748ms
>>>>>>>>> asymm 20
>>>>>>>>> 13: 166-49-135-229.eu.bt.net (166.49.135.229)
>>>>>>>>> 401.982ms
>>>>>>>>> asymm 19
>>>>>>>>> 14: t2c1-p9-2.uk-eal.eu.bt.net (166.49.195.202)
>>>>>>>>> 523.328ms
>>>>>>>>> asymm 19
>>>>>>>>> 15: t2c1-p5-0-0.us-ash.eu.bt.net (166.49.164.65)
>>>>>>>>> 521.726ms
>>>>>>>>> asymm 20
>>>>>>>>> 16: 166-49-151-134.eu.bt.net (166.49.151.134)
>>>>>>>>> 443.469ms
>>>>>>>>> asymm 19
>>>>>>>>> 17: phx-core-02.inet.qwest.net (67.14.32.162)
>>>>>>>>> 477.319ms
>>>>>>>>> asymm 22
>>>>>>>>> 18: phx-edge-10.inet.qwest.net (205.171.129.38)
>>>>>>>>> 491.561ms
>>>>>>>>> asymm 22
>>>>>>>>> 19: no reply
>>>>>>>>> 20: no reply
>>>>>>>>> 21: no reply
>>>>>>>>> 22: no reply
>>>>>>>>> 23: no reply
>>>>>>>>> 24: no reply
>>>>>>>>> 25: no reply
>>>>>>>>> 26: no reply
>>>>>>>>> 27: no reply
>>>>>>>>> 28: no reply
>>>>>>>>> 29: no reply
>>>>>>>>> 30: no reply
>>>>>>>>> 31: no reply
>>>>>>>>> Too many hops: pmtu 1500
>>>>>>>>> Resume: pmtu 1500
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> If there's a firewall with a bias against South Africa, it's in
>>>>>>>>>> the
>>>>>>>>>> middle of, or perhaps at the edge of, extremezone.com.
>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> server-admins mailing list
>>>>>>>>>> server-admins at crosswire.org
>>>>>>>>>> http://www.crosswire.org/mailman/listinfo/server-admins
>>>>>>>
>>>>>>>
>>>>>>
>>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.crosswire.org/pipermail/server-admins/attachments/20100519/a87eceb6/attachment-0001.html>
More information about the server-admins
mailing list