Re: PlayStationNetwork blocking of CGNAT public addresses

On Thu, Sep 22, 2016 at 02:31:12PM +0200, Alexander Maassen wrote: > Maybe its time then for a global accepted, unified way to send/report abuse??? There are -- see Valdis's followup. But there's still no viable substitute for a working abuse@ address with clueful eyeballs on the other side of it

Re: PlayStationNetwork blocking of CGNAT public addresses

On Mon, Sep 19, 2016 at 09:55:56PM +0200, Florian Weimer wrote: > Github users create several orders of magnitude more SSH connections > [snip] Ah. I didn't know that. Thanks! > Sure, and people already do this, and are not very flexible about it. > Support staff isn't briefed, and claim they d

Re: PlayStationNetwork blocking of CGNAT public addresses

font. Personally I don’t trash abuse reports that are valid. --srs From: Tom Beecher Date: Thursday, 22 September 2016 at 7:35 PM To: Brian Rak Cc: Suresh Ramasubramanian , "nanog@nanog.org" Subject: Re: PlayStationNetwork blocking of CGNAT public addresses The for

Re: PlayStationNetwork blocking of CGNAT public addresses

http://x-arf.org/ ? -- Hugo Slabbert   | email, xmpp/jabber: h...@slabnet.com pgp key: B178313E   | also on Signal On September 22, 2016 5:31:12 AM PDT, Alexander Maassen wrote: >Maybe its time then for a global accepted, unified way to send/report >abuse?  >That should solve most of the i

Re: PlayStationNetwork blocking of CGNAT public addresses

On Thu, 22 Sep 2016 14:31:12 +0200, Alexander Maassen said: > Maybe its time then for a global accepted, unified way to send/report abuse? YOu mean ike these RFCs? (OK, so it's an XML schema. Just be glad it isn't ASN.1 :) 5070 The Incident Object Description Exchange Format. R. Danyliw, J.

Re: PlayStationNetwork blocking of CGNAT public addresses

The format of the abuse complaint doesn't mean anything if it still doesn't contain any relevant data to say what the abuse IS. (Or, even if it IS abuse at all.) On Thu, Sep 22, 2016 at 9:37 AM, Brian Rak wrote: > Single IP per email: automated, zero time at all. > > Multiple IPs per email: m

Re: PlayStationNetwork blocking of CGNAT public addresses

Single IP per email: automated, zero time at all. Multiple IPs per email: manual process, minutes per IP. On 9/22/2016 9:34 AM, Suresh Ramasubramanian wrote: Considering that there are likely to be many such emails - just how much time is it going to take your abuse desk staffer to just parse

Re: PlayStationNetwork blocking of CGNAT public addresses

Considering that there are likely to be many such emails - just how much time is it going to take your abuse desk staffer to just parse out those IPs from whatever log that they send you? And how much time would processing say 50 individual emails take compared to 50 IPs in a single email? --s

Re: PlayStationNetwork blocking of CGNAT public addresses

On 9/22/2016 8:10 AM, Baldur Norddahl wrote: On 22 September 2016 at 10:42, Alexander Maassen wrote: So you ignore/don't deal with the abuse coz it's shipped in a format you refuse to handle? And you don't even bother telling the reporter you would like it in a per ip format? Or make attemp

Re: PlayStationNetwork blocking of CGNAT public addresses

> Peplink Certified Engineer > > Oorspronkelijk bericht Van: Mark Andrews > Datum: 21-09-16 03:29 (GMT+01:00) Aan: Justin Wilson < > li...@mtin.net > Cc: NANOG > > Onderwerp: Re: PlayStationNetwork blocking of CGNAT public addresses > > In message &

Re: PlayStationNetwork blocking of CGNAT public addresses

er DroneBL- Peplink Certified Engineer Oorspronkelijk bericht Van: Mike Hammett Datum: 22-09-16 13:23 (GMT+01:00) Aan: Alexander Maassen Cc: NANOG Onderwerp: Re: PlayStationNetwork blocking of CGNAT public addresses If you told them they would have fewer NAT issues if they sup

Re: PlayStationNetwork blocking of CGNAT public addresses

d Engineer Oorspronkelijk bericht Van: Baldur Norddahl Datum: 22-09-16 14:10 (GMT+01:00) Aan: nanog@nanog.org Onderwerp: Re: PlayStationNetwork blocking of CGNAT public addresses On 22 September 2016 at 10:42, Alexander Maassen wrote: > So you ignore/don't deal with the abuse coz it

Re: PlayStationNetwork blocking of CGNAT public addresses

On 22 September 2016 at 10:42, Alexander Maassen wrote: > So you ignore/don't deal with the abuse coz it's shipped in a format you > refuse to handle? > > And you don't even bother telling the reporter you would like it in a per > ip format? Or make attempts to make it work the way they report it

Re: PlayStationNetwork blocking of CGNAT public addresses

er Maassen" Cc: "NANOG" Sent: Thursday, September 22, 2016 3:35:01 AM Subject: Re: PlayStationNetwork blocking of CGNAT public addresses Both gamers and content providers do not care. The gamers as they only care about the game itself and don't care about the technical mumbo j

Re: PlayStationNetwork blocking of CGNAT public addresses

Cc: NANOG Onderwerp: Re: PlayStationNetwork blocking of CGNAT public addresses I have a hard time accepting that service providers should re-engineer their networks because other companies cannot properly engineer their abuse tooling. On Tue, Sep 20, 2016 at 11:33 AM, Justin Wilson wrote

Re: PlayStationNetwork blocking of CGNAT public addresses

(GMT+01:00) Aan: nanog@nanog.org Onderwerp: Re: PlayStationNetwork blocking of CGNAT public addresses Hi We have the opposite problem with PSN: Sometimes they will send abuse reports with several of our IP addresses listed. The problem with that is that we can not give data about one custome

Re: PlayStationNetwork blocking of CGNAT public addresses

er DroneBL- Peplink Certified Engineer Oorspronkelijk bericht Van: Mark Andrews Datum: 21-09-16 03:29 (GMT+01:00) Aan: Justin Wilson Cc: NANOG Onderwerp: Re: PlayStationNetwork blocking of CGNAT public addresses In message <09342130-874f-4fa4-b410-b7b66a75f...@mtin.net&

Re: PlayStationNetwork blocking of CGNAT public addresses

I have a hard time accepting that service providers should re-engineer their networks because other companies cannot properly engineer their abuse tooling. On Tue, Sep 20, 2016 at 11:33 AM, Justin Wilson wrote: > PSN is one reason I am not a fan of CGNAT. All they see are tons of > connections f

Re: PlayStationNetwork blocking of CGNAT public addresses

On 21 Sep 2016, at 15:37, Baldur Norddahl wrote: Which means we may ignore it instead. . . . copy/paste or awk/sed or whatever isn't an option? If not, have you requested a) separate notifications per source and/or b) a more textual-manipulation-friendly format? Unless they're sending .gi

Re: PlayStationNetwork blocking of CGNAT public addresses

Hi We have the opposite problem with PSN: Sometimes they will send abuse reports with several of our IP addresses listed. The problem with that is that we can not give data about one customer to another customer. By listing multiple IP addresses we are prevented from forwarding the email to t

Re: PlayStationNetwork blocking of CGNAT public addresses

On Wed, 21 Sep 2016 11:29:49 +1000, Mark Andrews said: > What we need is business tech reporters to continually report on > these failures of content providers to deliver their services over > IPv6. 20 years lead time should be enough for any service. Interestingly enough, the Playstation 4 has

Re: PlayStationNetwork blocking of CGNAT public addresses

Mark Andrews writes: > > In message <09342130-874f-4fa4-b410-b7b66a75f...@mtin.net>, Justin Wilson wri > te > s: > > PSN is one reason I am not a fan of CGNAT. All they see are tons of > > connections from the same IP. This results in them banning folks. Due > > to them being hacked so many tim

Re: PlayStationNetwork blocking of CGNAT public addresses

In message <09342130-874f-4fa4-b410-b7b66a75f...@mtin.net>, Justin Wilson write s: > PSN is one reason I am not a fan of CGNAT. All they see are tons of > connections from the same IP. This results in them banning folks. Due > to them being hacked so many times getting them to actually communica

Re: PlayStationNetwork blocking of CGNAT public addresses

PSN is one reason I am not a fan of CGNAT. All they see are tons of connections from the same IP. This results in them banning folks. Due to them being hacked so many times getting them to actually communicate is almost impossible. My .02 is just get the gamers a true public if at all possibl

Re: PlayStationNetwork blocking of CGNAT public addresses

Something similar happened to a local FantasyConon I was helping set up, we had only two PS4 machines there and accounts provided by Blizzard for Overwatch. Outside IP of the LAN (as it was NATed) was banned by PSN in about 8h. There was no other traffic other then those two accounts playing Overwa

Re: PlayStationNetwork blocking of CGNAT public addresses

* Rich Kulawiec: > On Sun, Sep 18, 2016 at 03:56:30PM +0200, Florian Weimer wrote: >> * Rich Kulawiec: >> >> > For example: if the average number of outbound SSH connections >> > established per hour per host across all hosts behind CGNAT is 3.2, >> > and you see a host making 1100/hour: that's a

Re: PlayStationNetwork blocking of CGNAT public addresses

On Sun, Sep 18, 2016 at 03:56:30PM +0200, Florian Weimer wrote: > * Rich Kulawiec: > > > For example: if the average number of outbound SSH connections > > established per hour per host across all hosts behind CGNAT is 3.2, > > and you see a host making 1100/hour: that's a problem. It might be >

RE: PlayStationNetwork blocking of CGNAT public addresses

...@thebaughers.com] Sent: Monday, 19 September 2016 12:09 PM To: valdis.kletni...@vt.edu Cc: Tony Wicks ; NANOG Subject: Re: PlayStationNetwork blocking of CGNAT public addresses So I should try again to get them to tell me what an "Account Takeover Attempt" is? They ignored my last request

Re: PlayStationNetwork blocking of CGNAT public addresses

So I should try again to get them to tell me what an "Account Takeover Attempt" is? They ignored my last request. It's easy to explain DMCA or spam to an end-user, but it's difficult to explain to some soccer mom that her kids are doing something to make Sony mad, when I can't explain to them what

Re: PlayStationNetwork blocking of CGNAT public addresses

On Mon, 19 Sep 2016 10:41:59 +1200, "Tony Wicks" said: > Interestingly, Sony (SNEI-NOC-Abuse replied to being forwarded back one of their notification blocks requesting > more detailed information with a csv file in under an hour! So I guess name-and-shame *does* work? :) pgp2syZkWt95D.pgp Desc

RE: PlayStationNetwork blocking of CGNAT public addresses

Interestingly, Sony (SNEI-NOC-Abuse - Sony say no, either through silence, or explicitly.

Re: PlayStationNetwork blocking of CGNAT public addresses

On 9/18/2016 16:26, Larry Sheldon wrote: On 9/18/2016 08:19, Mike Hammett wrote: People love to hate incumbent telcos because of their arrogance (and frankly it's deserved), but people forget that big content can be just as arrogant and just as deserving of hatred. I never did see the bene

Re: PlayStationNetwork blocking of CGNAT public addresses

On 9/18/2016 08:19, Mike Hammett wrote: People love to hate incumbent telcos because of their arrogance (and frankly it's deserved), but people forget that big content can be just as arrogant and just as deserving of hatred. I never did see the benefit or the approach. To anybody. -- "Ever

Re: PlayStationNetwork blocking of CGNAT public addresses

On Sun Sep 18, 2016 at 05:17:33PM +0200, Florian Weimer wrote: > Okay, then perhaps my guess of the ISP involved is wrong. It's not hard to find out who I work for :) > Out of curiosity, how common is end-to-end reporting of > source/destination port information (in addition to source IP > addre

Re: PlayStationNetwork blocking of CGNAT public addresses

* Simon Lockhart: > On Sun Sep 18, 2016 at 03:58:57PM +0200, Florian Weimer wrote: >> * Tom Beecher: >> > Simon's getting screwed because he's not being given any information to try >> > and solve the problem, and because his customers are likely blaming him >> > because he's their ISP. >> >> We

Re: PlayStationNetwork blocking of CGNAT public addresses

* Tom Beecher: > An email to a user notifying them they're likely compromised costs > basically nothing. If this increases the probability that the customer contacts customer support, in some markets, there is a risk that the account will never turn profitable during the current contract period.

Re: PlayStationNetwork blocking of CGNAT public addresses

An email to a user notifying them they're likely compromised costs basically nothing. An email to their entire subscriber base also costs nothing. If you find me an ISP that can't afford to notify users, I'll show you one that shouldn't be in business anyways. There's this presumption of guilt her

Re: PlayStationNetwork blocking of CGNAT public addresses

On Sun Sep 18, 2016 at 03:58:57PM +0200, Florian Weimer wrote: > * Tom Beecher: > > Simon's getting screwed because he's not being given any information to try > > and solve the problem, and because his customers are likely blaming him > > because he's their ISP. > > We don't know that for sure.

Re: PlayStationNetwork blocking of CGNAT public addresses

* Tom Beecher: > Simon's getting screwed because he's not being given any information to try > and solve the problem, and because his customers are likely blaming him > because he's their ISP. We don't know that for sure. Another potential issue is that the ISP just cannot afford to notify its c

Re: PlayStationNetwork blocking of CGNAT public addresses

* Rich Kulawiec: > For example: if the average number of outbound SSH connections > established per hour per host across all hosts behind CGNAT is 3.2, > and you see a host making 1100/hour: that's a problem. It might be > someone who botched a Perl script; or it might be a botted host > trying t

Re: PlayStationNetwork blocking of CGNAT public addresses

WISP - Original Message - From: "Tom Beecher" To: "Tom Smyth" Cc: "NANOG" Sent: Sunday, September 18, 2016 8:15:08 AM Subject: Re: PlayStationNetwork blocking of CGNAT public addresses This is, as many things are, a huge problem in communication. Sony

Re: PlayStationNetwork blocking of CGNAT public addresses

This is, as many things are, a huge problem in communication. Sony tells ISP 'Hey, you have customers abusing us. Fix it!'. ISP says 'Oh crap, sorry, what's going on? We'll run it down.' Sony says nothing. Let's just stop here for a second. This is fundamentally no different then the 'I have a pr

Re: PlayStationNetwork blocking of CGNAT public addresses

On Sun, Sep 18, 2016 at 01:30:52PM +0100, Tom Smyth wrote: > 2)do some "canary in the mine" monitoring for obviously malicious traffic > (loads of SMTP traffic outbound) and lots of connection requests to SSH > servers ... if you see that traffic from behind your CGNAT device .. just > temporaril

Re: PlayStationNetwork blocking of CGNAT public addresses

Hi Simon, as other responders have said it is an inherent issue with NAT in general, on workaround is to limit the ratio of actual users to an external IPv4 address, the other thing we have seen from our Abuse contact emails from PSN, is that malicious activity towards the PSN is often accompanie

Re: PlayStationNetwork blocking of CGNAT public addresses

Simon Lockhart wrote: Has anyone else come up against the problem, and/or have any suggestions on how best to resolve it? The best solution is to have a common practice on a set of public port numbers assigned to a host behind NAT. For example, with a practice that, if a port in a range betwe

RE: PlayStationNetwork blocking of CGNAT public addresses

gamers 2-3% ? Which might be relatively small amount to give public IPv4. Michalis -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Roland Dobbins Sent: Friday, September 16, 2016 4:32 PM To: nanog@nanog.org Subject: Re: PlayStationNetwork blocking of CGNAT

RE: PlayStationNetwork blocking of CGNAT public addresses

So the pain has finally flowed down to other parts of the world. (APNIC ran out of IP's a long time ago, so CGN has been in use here for a lot longer) This issue is one I have been dealing with for the last four years. Only with Sony, no other company has caused such a headache in regard to CGNAT.

Re: PlayStationNetwork blocking of CGNAT public addresses

On Friday, September 16, 2016, Simon Lockhart wrote: > All, > > We operate an access network with several hundred thousand users. > Increasingly > we're putting the users behind CGNAT in order to continue to give them an > IPv4 > service (we're all dual-stack, so they all get public IPv6 too). Du

Re: PlayStationNetwork blocking of CGNAT public addresses

Hi, as others have said, need to engage with one of their other units to get this sorted out - as a network provider, their customers are relying on YOU to access their service, PSN should care. technically, you could start looking at netflows to the PSN and see if anyone is engaged in DDoS v

Re: PlayStationNetwork blocking of CGNAT public addresses

On 16 Sep 2016, at 20:38, Simon Lockhart wrote: Unless we know what to look for, it's hard to detect and stop it. It's not just application-layer stuff - they're subject to all sorts of attacks. Screening out the obvious stuff would certainly help. The main issue is a dearth of engagemen

Re: PlayStationNetwork blocking of CGNAT public addresses

On Fri Sep 16, 2016 at 08:32:12PM +0700, Roland Dobbins wrote: > Another aspect is ensuring that one has the ability to detect, classify, > traceback, and mitigate outbound badness southbound of the CGN. Unless PSN can tell us what traffic they consider bad, how can we detect and classify it? We c

Re: PlayStationNetwork blocking of CGNAT public addresses

On 16 Sep 2016, at 20:12, Simon Lockhart wrote: Has anyone else come up against the problem, and/or have any suggestions on how best to resolve it? I'm pretty sure that at least part of it has to do with DDoS-related activity. The best bet is to try and identify and engage with the relevan

Re: PlayStationNetwork blocking of CGNAT public addresses

A network that doesn't support IPv6, yet discriminates against CGNAT? That seems like a promising future. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Simon Lockhart" To: nanog@nanog.org Sent: Fr