Mailing List Archive

So I should try again to get them to tell me what an "Account Takeover
Attempt" is? They ignored my last request.

It's easy to explain DMCA or spam to an end-user, but it's difficult to
explain to some soccer mom that her kids are doing something to make Sony
mad, when I can't explain to them what Sony is mad about.

On Sun, Sep 18, 2016 at 5:58 PM, <Valdis.Kletnieks@vt.edu> wrote:

> On Mon, 19 Sep 2016 10:41:59 +1200, "Tony Wicks" said:
> > Interestingly, Sony (SNEI-NOC-Abuse <SNEI-NOC-Abuse@am. sony dot com)
> jut
> > replied to being forwarded back one of their notification blocks
> requesting
> > more detailed information with a csv file in under an hour!
>
> So I guess name-and-shame *does* work? :)
>

So the last one we successfully managed to isolate, our customer they had more than one PC with multiple infections. It’s not Playstation’s, but Windows machines that are infected with I assume some malware that is trying to log into PSN.



cheers



From: Jason Baugher [mailto:jason@thebaughers.com]
Sent: Monday, 19 September 2016 12:09 PM
To: Valdis.Kletnieks@vt.edu
Cc: Tony Wicks <tony@wicks.co.nz>; NANOG <nanog@nanog.org>
Subject: Re: PlayStationNetwork blocking of CGNAT public addresses



So I should try again to get them to tell me what an "Account Takeover Attempt" is? They ignored my last request.



It's easy to explain DMCA or spam to an end-user, but it's difficult to explain to some soccer mom that her kids are doing something to make Sony mad, when I can't explain to them what Sony is mad about.



On Sun, Sep 18, 2016 at 5:58 PM, <Valdis.Kletnieks@vt.edu <mailto:Valdis.Kletnieks@vt.edu> > wrote:

On Mon, 19 Sep 2016 10:41:59 +1200, "Tony Wicks" said:
> Interestingly, Sony (SNEI-NOC-Abuse <SNEI-NOC-Abuse@am. <mailto:SNEI-NOC-Abuse@am. %20 sony%20dot%20com)%20jut%0b> sony dot com) jut
> replied to being forwarded back one of their notification blocks requesting
> more detailed information with a csv file in under an hour!

So I guess name-and-shame *does* work? :)

On Sun, Sep 18, 2016 at 03:56:30PM +0200, Florian Weimer wrote:
> * Rich Kulawiec:
>
> > For example: if the average number of outbound SSH connections
> > established per hour per host across all hosts behind CGNAT is 3.2,
> > and you see a host making 1100/hour: that's a problem. It might be
> > someone who botched a Perl script; or it might be a botted host
> > trying to brute-force its way into something.
>
> If you do this, you break Github.

1. I didn't know that: *how* does this break Github?

2. This is just an *example* of how to use the technique. It's not
meant to be literal. The general approach of determining the statistical
characteristics of "normal" and then flagging things that are "way
outside normal" works -- but of course it requires sufficient knowledge
to account for things like Github usage and/or infrequent events and/or
usage spikes triggered by real-world events, etc. The more you do it,
and the longer you do it, the better you'll get at it. (But of course
the false positive rate will never be zero. That's why the question
of what to do when anomalies happen isn't easy: poke a human? throttle?
block? further analysis?)

---rsk

* Rich Kulawiec:

> On Sun, Sep 18, 2016 at 03:56:30PM +0200, Florian Weimer wrote:
>> * Rich Kulawiec:
>>
>> > For example: if the average number of outbound SSH connections
>> > established per hour per host across all hosts behind CGNAT is 3.2,
>> > and you see a host making 1100/hour: that's a problem. It might be
>> > someone who botched a Perl script; or it might be a botted host
>> > trying to brute-force its way into something.
>>
>> If you do this, you break Github.
>
> 1. I didn't know that: *how* does this break Github?

Github users create several orders of magnitude more SSH connections
than average users because the most convenient way to set up
read/write access is to use SSH. Depending on how you use Github, you
might update lots and lots of local repositories from Github at
certain times of the day.

> 2. This is just an *example* of how to use the technique. It's not
> meant to be literal. The general approach of determining the statistical
> characteristics of "normal" and then flagging things that are "way
> outside normal" works -- but of course it requires sufficient knowledge
> to account for things like Github usage and/or infrequent events and/or
> usage spikes triggered by real-world events, etc.

Sure, and people already do this, and are not very flexible about it.
Support staff isn't briefed, and claim they do such stochastic
behavior adjustment across all (server) products, which I find
difficult to believe.

I'm worried that this leads to a future where tunnelling everything
over HTTP(S) is no longer sufficient. You have to make it look like a
web server or browser, too. Everything else risks triggering
automated countermeasures.

That's the anti-thesis of good protocol design.

Something similar happened to a local FantasyConon I was helping set up, we
had only two PS4 machines there and accounts provided by Blizzard for
Overwatch. Outside IP of the LAN (as it was NATed) was banned by PSN in
about 8h. There was no other traffic other then those two accounts playing
Overwatch so my guess is that they have some too aggressive checks. I've
managed to convince our ISP there to change the outside IP of the link so
we got them working the next day but it happened again in 8h.

--
*blap*

On Fri, Sep 16, 2016 at 3:12 PM, Simon Lockhart <simon@slimey.org> wrote:

> All,
>
> We operate an access network with several hundred thousand users.
> Increasingly
> we're putting the users behind CGNAT in order to continue to give them an
> IPv4
> service (we're all dual-stack, so they all get public IPv6 too). Due to the
> demographic of our users, many of them are gamers.
>
> We're hitting a problem with PlayStationNetwork 'randomly' blocking some
> of our
> CGNAT outside addresses, because they claim to have received anomalous, or
> 'attack' traffic from that IP. This obviously causes problems for the other
> legitimate users who end up behind the same public IPv4 address.
>
> Despite numerous attempts to engage with PSN, they are unwilling to give us
> any additional information which would allow us to identify the 'rogue'
> users
> on our network, or to identify the 'unwanted' traffic so that we could
> either
> block it, or use it to identify the rogue users ourselves.
>
> Has anyone else come up against the problem, and/or have any suggestions on
> how best to resolve it?
>
> Many thanks in advance,
>
> Simon
>
>

PSN is one reason I am not a fan of CGNAT. All they see are tons of connections from the same IP. This results in them banning folks. Due to them being hacked so many times getting them to actually communicate is almost impossible. My .02 is just get the gamers a true public if at all possible.

Justin Wilson
j2sw@mtin.net

---
http://www.mtin.net Owner/CEO
xISP Solutions- Consulting – Data Centers - Bandwidth

http://www.midwest-ix.com COO/Chairman
Internet Exchange - Peering - Distributed Fabric

> On Sep 20, 2016, at 8:24 AM, Danijel Starman <theghost101@gmail.com> wrote:
>
> Something similar happened to a local FantasyConon I was helping set up, we
> had only two PS4 machines there and accounts provided by Blizzard for
> Overwatch. Outside IP of the LAN (as it was NATed) was banned by PSN in
> about 8h. There was no other traffic other then those two accounts playing
> Overwatch so my guess is that they have some too aggressive checks. I've
> managed to convince our ISP there to change the outside IP of the link so
> we got them working the next day but it happened again in 8h.
>
> --
> *blap*
>
> On Fri, Sep 16, 2016 at 3:12 PM, Simon Lockhart <simon@slimey.org> wrote:
>
>> All,
>>
>> We operate an access network with several hundred thousand users.
>> Increasingly
>> we're putting the users behind CGNAT in order to continue to give them an
>> IPv4
>> service (we're all dual-stack, so they all get public IPv6 too). Due to the
>> demographic of our users, many of them are gamers.
>>
>> We're hitting a problem with PlayStationNetwork 'randomly' blocking some
>> of our
>> CGNAT outside addresses, because they claim to have received anomalous, or
>> 'attack' traffic from that IP. This obviously causes problems for the other
>> legitimate users who end up behind the same public IPv4 address.
>>
>> Despite numerous attempts to engage with PSN, they are unwilling to give us
>> any additional information which would allow us to identify the 'rogue'
>> users
>> on our network, or to identify the 'unwanted' traffic so that we could
>> either
>> block it, or use it to identify the rogue users ourselves.
>>
>> Has anyone else come up against the problem, and/or have any suggestions on
>> how best to resolve it?
>>
>> Many thanks in advance,
>>
>> Simon
>>
>>
>

In message <09342130-874F-4FA4-B410-B7B66A75FA4D@mtin.net>, Justin Wilson write
s:
> PSN is one reason I am not a fan of CGNAT. All they see are tons of
> connections from the same IP. This results in them banning folks. Due
> to them being hacked so many times getting them to actually communicate
> is almost impossible. My .02 is just get the gamers a true public if at
> all possible.
>
> Justin Wilson
> j2sw@mtin.net

What we need is business tech reporters to continually report on
these failures of content providers to deliver their services over
IPv6. 20 years lead time should be enough for any service.

Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka@isc.org

Mark Andrews writes:
>
> In message <09342130-874F-4FA4-B410-B7B66A75FA4D@mtin.net>, Justin Wilson wri
> te
> s:
> > PSN is one reason I am not a fan of CGNAT. All they see are tons of
> > connections from the same IP. This results in them banning folks. Due
> > to them being hacked so many times getting them to actually communicate
> > is almost impossible. My .02 is just get the gamers a true public if at
> > all possible.
> >
> > Justin Wilson
> > j2sw@mtin.net
>
> What we need is business tech reporters to continually report on
> these failures of content providers to deliver their services over
> IPv6. 20 years lead time should be enough for any service.

Additionally is the a role for the SEC in ensuring that companies
take IPv6 seriously? If I remember correctly they got involved
with Y2K. Just because there isn't a hard date it doesn't mean
that IPv6 is any less important than Y2K to your business's survival.

> Mark
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka@isc.org

On Wed, 21 Sep 2016 11:29:49 +1000, Mark Andrews said:

> What we need is business tech reporters to continually report on
> these failures of content providers to deliver their services over
> IPv6. 20 years lead time should be enough for any service.

Interestingly enough, the Playstation 4 has at least rudimentary IPv6
support - it will DHCPv6 and answer pings. Threw me for a loop first
time I saw it, I couldn't figure out what unaccounted-for gear I had
that was grabbing an IPv6 address... :)

Hi

We have the opposite problem with PSN: Sometimes they will send abuse
reports with several of our IP addresses listed. The problem with that
is that we can not give data about one customer to another customer. By
listing multiple IP addresses we are prevented from forwarding the email
to the customer. Which means we may ignore it instead.

Regards,

Baldur

On 21 Sep 2016, at 15:37, Baldur Norddahl wrote:

> Which means we may ignore it instead.

. . . copy/paste or awk/sed or whatever isn't an option? If not, have
you requested a) separate notifications per source and/or b) a more
textual-manipulation-friendly format? Unless they're sending .gifs or
something, surely this might be possible, yes?

It seems within the realm of possibility this sort of response - or lack
thereof - could result in some gaming network operators becoming a bit
jaded. And perhaps some customers, too.

-----------------------------------
Roland Dobbins <rdobbins@arbor.net>

I have a hard time accepting that service providers should re-engineer
their networks because other companies cannot properly engineer their abuse
tooling.

On Tue, Sep 20, 2016 at 11:33 AM, Justin Wilson <lists@mtin.net> wrote:

> PSN is one reason I am not a fan of CGNAT. All they see are tons of
> connections from the same IP. This results in them banning folks. Due to
> them being hacked so many times getting them to actually communicate is
> almost impossible. My .02 is just get the gamers a true public if at all
> possible.
>
> Justin Wilson
> j2sw@mtin.net
>
> ---
> http://www.mtin.net Owner/CEO
> xISP Solutions- Consulting – Data Centers - Bandwidth
>
> http://www.midwest-ix.com COO/Chairman
> Internet Exchange - Peering - Distributed Fabric
>
> > On Sep 20, 2016, at 8:24 AM, Danijel Starman <theghost101@gmail.com>
> wrote:
> >
> > Something similar happened to a local FantasyConon I was helping set up,
> we
> > had only two PS4 machines there and accounts provided by Blizzard for
> > Overwatch. Outside IP of the LAN (as it was NATed) was banned by PSN in
> > about 8h. There was no other traffic other then those two accounts
> playing
> > Overwatch so my guess is that they have some too aggressive checks. I've
> > managed to convince our ISP there to change the outside IP of the link so
> > we got them working the next day but it happened again in 8h.
> >
> > --
> > *blap*
> >
> > On Fri, Sep 16, 2016 at 3:12 PM, Simon Lockhart <simon@slimey.org>
> wrote:
> >
> >> All,
> >>
> >> We operate an access network with several hundred thousand users.
> >> Increasingly
> >> we're putting the users behind CGNAT in order to continue to give them
> an
> >> IPv4
> >> service (we're all dual-stack, so they all get public IPv6 too). Due to
> the
> >> demographic of our users, many of them are gamers.
> >>
> >> We're hitting a problem with PlayStationNetwork 'randomly' blocking some
> >> of our
> >> CGNAT outside addresses, because they claim to have received anomalous,
> or
> >> 'attack' traffic from that IP. This obviously causes problems for the
> other
> >> legitimate users who end up behind the same public IPv4 address.
> >>
> >> Despite numerous attempts to engage with PSN, they are unwilling to
> give us
> >> any additional information which would allow us to identify the 'rogue'
> >> users
> >> on our network, or to identify the 'unwanted' traffic so that we could
> >> either
> >> block it, or use it to identify the rogue users ourselves.
> >>
> >> Has anyone else come up against the problem, and/or have any
> suggestions on
> >> how best to resolve it?
> >>
> >> Many thanks in advance,
> >>
> >> Simon
> >>
> >>
> >
>
>

Both gamers and content providers do not care. The gamers as they only care about the game itself and don't care about the technical mumbo jumbo. And the makers coz they only care about making money by producing content the gamers want. And you service providers are left with the headache of attempts to please both sides.
If this wasn't the case, then why after 20 years, ipv6 ain't rolled out.
Hence again I'd be voting for an ipv6 only day, but that will never happen.....
Kind regards,
Alexander Maassen
- Technical Maintenance Engineer Parkstad Support BV- Maintainer DroneBL- Peplink Certified Engineer

-------- Oorspronkelijk bericht --------Van: Mark Andrews <marka@isc.org> Datum: 21-09-16 03:29 (GMT+01:00) Aan: Justin Wilson <lists@mtin.net> Cc: NANOG <nanog@nanog.org> Onderwerp: Re: PlayStationNetwork blocking of CGNAT public addresses

In message <09342130-874F-4FA4-B410-B7B66A75FA4D@mtin.net>, Justin Wilson write
s:
> PSN is one reason I am not a fan of CGNAT. All they see are tons of
> connections from the same IP.  This results in them banning folks.  Due
> to them being hacked so many times getting them to actually communicate
> is almost impossible.  My .02 is just get the gamers a true public if at
> all possible.
>
> Justin Wilson
> j2sw@mtin.net

What we need is business tech reporters to continually report on
these failures of content providers to deliver their services over
IPv6.  20 years lead time should be enough for any service.

Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org

So you ignore/don't deal with the abuse coz it's shipped in a format you refuse to handle?
And you don't even bother telling the reporter you would like it in a per ip format? Or make attempts to make it work the way they report it (split out the ip's and modify the to be forwarded mail to only contain the ip's belonging to that customer)????

Kind regards,
Alexander Maassen
- Technical Maintenance Engineer Parkstad Support BV- Maintainer DroneBL- Peplink Certified Engineer

-------- Oorspronkelijk bericht --------Van: Baldur Norddahl <baldur.norddahl@gmail.com> Datum: 21-09-16 10:37 (GMT+01:00) Aan: nanog@nanog.org Onderwerp: Re: PlayStationNetwork blocking of CGNAT public addresses
Hi

We have the opposite problem with PSN: Sometimes they will send abuse
reports with several of our IP addresses listed. The problem with that
is that we can not give data about one customer to another customer. By
listing multiple IP addresses we are prevented from forwarding the email
to the customer. Which means we may ignore it instead.

Regards,

Baldur

As long as their is no international accepted standard as to how to report abuse and everyone cooking up his/her own methods.. I think you have either the choice of adapting and thus be able to deal with the abuse. Or be lazy and stubborn, ignore it, wait for the bad reputation to say hi to your company and face the effects it might cause.


Kind regards,
Alexander Maassen
- Technical Maintenance Engineer Parkstad Support BV- Maintainer DroneBL- Peplink Certified Engineer

-------- Oorspronkelijk bericht --------Van: Tom Beecher <beecher@beecher.cc> Datum: 21-09-16 17:13 (GMT+01:00) Aan: Justin Wilson <lists@mtin.net> Cc: NANOG <nanog@nanog.org> Onderwerp: Re: PlayStationNetwork blocking of CGNAT public addresses
I have a hard time accepting that service providers should re-engineer
their networks because other companies cannot properly engineer their abuse
tooling.

On Tue, Sep 20, 2016 at 11:33 AM, Justin Wilson <lists@mtin.net> wrote:

> PSN is one reason I am not a fan of CGNAT. All they see are tons of
> connections from the same IP.  This results in them banning folks.  Due to
> them being hacked so many times getting them to actually communicate is
> almost impossible.  My .02 is just get the gamers a true public if at all
> possible.
>
> Justin Wilson
> j2sw@mtin.net
>
> ---
> http://www.mtin.net Owner/CEO
> xISP Solutions- Consulting – Data Centers - Bandwidth
>
> http://www.midwest-ix.com  COO/Chairman
> Internet Exchange - Peering - Distributed Fabric
>
> > On Sep 20, 2016, at 8:24 AM, Danijel Starman <theghost101@gmail.com>
> wrote:
> >
> > Something similar happened to a local FantasyConon I was helping set up,
> we
> > had only two PS4 machines there and accounts provided by Blizzard for
> > Overwatch. Outside IP of the LAN (as it was NATed) was banned by PSN in
> > about 8h. There was no other traffic other then those two accounts
> playing
> > Overwatch so my guess is that they have some too aggressive checks. I've
> > managed to convince our ISP there to change the outside IP of the link so
> > we got them working the next day but it happened again in 8h.
> >
> > --
> > *blap*
> >
> > On Fri, Sep 16, 2016 at 3:12 PM, Simon Lockhart <simon@slimey.org>
> wrote:
> >
> >> All,
> >>
> >> We operate an access network with several hundred thousand users.
> >> Increasingly
> >> we're putting the users behind CGNAT in order to continue to give them
> an
> >> IPv4
> >> service (we're all dual-stack, so they all get public IPv6 too). Due to
> the
> >> demographic of our users, many of them are gamers.
> >>
> >> We're hitting a problem with PlayStationNetwork 'randomly' blocking some
> >> of our
> >> CGNAT outside addresses, because they claim to have received anomalous,
> or
> >> 'attack' traffic from that IP. This obviously causes problems for the
> other
> >> legitimate users who end up behind the same public IPv4 address.
> >>
> >> Despite numerous attempts to engage with PSN, they are unwilling to
> give us
> >> any additional information which would allow us to identify the 'rogue'
> >> users
> >> on our network, or to identify the 'unwanted' traffic so that we could
> >> either
> >> block it, or use it to identify the rogue users ourselves.
> >>
> >> Has anyone else come up against the problem, and/or have any
> suggestions on
> >> how best to resolve it?
> >>
> >> Many thanks in advance,
> >>
> >> Simon
> >>
> >>
> >
>
>

If you told them they would have fewer NAT issues if they supported IPv6, they'd start to care. ;-) They know enough to hate NAT.




-----
Mike Hammett
Intelligent Computing Solutions

Midwest Internet Exchange

The Brothers WISP

----- Original Message -----

From: "Alexander Maassen" <outsider@scarynet.org>
Cc: "NANOG" <nanog@nanog.org>
Sent: Thursday, September 22, 2016 3:35:01 AM
Subject: Re: PlayStationNetwork blocking of CGNAT public addresses

Both gamers and content providers do not care. The gamers as they only care about the game itself and don't care about the technical mumbo jumbo. And the makers coz they only care about making money by producing content the gamers want. And you service providers are left with the headache of attempts to please both sides.
If this wasn't the case, then why after 20 years, ipv6 ain't rolled out.
Hence again I'd be voting for an ipv6 only day, but that will never happen.....
Kind regards,
Alexander Maassen
- Technical Maintenance Engineer Parkstad Support BV- Maintainer DroneBL- Peplink Certified Engineer

-------- Oorspronkelijk bericht --------Van: Mark Andrews <marka@isc.org> Datum: 21-09-16 03:29 (GMT+01:00) Aan: Justin Wilson <lists@mtin.net> Cc: NANOG <nanog@nanog.org> Onderwerp: Re: PlayStationNetwork blocking of CGNAT public addresses

In message <09342130-874F-4FA4-B410-B7B66A75FA4D@mtin.net>, Justin Wilson write
s:
> PSN is one reason I am not a fan of CGNAT. All they see are tons of
> connections from the same IP. This results in them banning folks. Due
> to them being hacked so many times getting them to actually communicate
> is almost impossible. My .02 is just get the gamers a true public if at
> all possible.
>
> Justin Wilson
> j2sw@mtin.net

What we need is business tech reporters to continually report on
these failures of content providers to deliver their services over
IPv6. 20 years lead time should be enough for any service.

Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka@isc.org

On 22 September 2016 at 10:42, Alexander Maassen <outsider@scarynet.org>
wrote:

> So you ignore/don't deal with the abuse coz it's shipped in a format you
> refuse to handle?
>
> And you don't even bother telling the reporter you would like it in a per
> ip format? Or make attempts to make it work the way they report it (split
> out the ip's and modify the to be forwarded mail to only contain the ip's
> belonging to that customer)????
>

You will have to remember that these are automated mails from the reporter.
If I write them back it goes into their bit bucket, because they do not
really care enough to bother replying. I am betting they are sending out
thousands mails each day and they can not handle manually replying to all
of that. In the same way we receive a large amount of automated mail so we
have to be able to handle it automatically. Send me something sane and I
will make a script that forwards it. Send me something unusable and I wont
- but I will not do manual handling of your automated mail.

All I am trying to do here is tell people that send abuse mails not to
combine multiple abuse complaints in one mail, because that makes it harder
for everybody and makes it more likely that your mail will be dropped as
too much work. Double so if your abuse mails is from an automated system,
because I will try to match your automated system with my own. However it
is much harder to make a system that can edit your complaint and duplicate
it to several recipients, than it is to run a simple filter that just
forwards the mail as is.

As to PSN they will usually send multiple mails if the abuse is ongoing. At
some point they will send a mail with just one IP and that one gets
forwarded. So we are dropping some of the mails, but the users eventually
get notified anyway. It is not ideal but it works.

Regards,

Baldur

Maybe its time then for a global accepted, unified way to send/report abuse? 
That should solve most of the issues and end points would be able to deal with it in a common way and only would need to think about how to integrate it in their crm's etc.
We are all using the same medium, but attempt to communicate issues using several methods. 
Perhaps iana can use those (m/b)illions they got from selling tld's and cook something up.



Kind regards,
Alexander Maassen
- Technical Maintenance Engineer Parkstad Support BV- Maintainer DroneBL- Peplink Certified Engineer

-------- Oorspronkelijk bericht --------Van: Baldur Norddahl <baldur.norddahl@gmail.com> Datum: 22-09-16 14:10 (GMT+01:00) Aan: nanog@nanog.org Onderwerp: Re: PlayStationNetwork blocking of CGNAT public addresses
On 22 September 2016 at 10:42, Alexander Maassen <outsider@scarynet.org>
wrote:

> So you ignore/don't deal with the abuse coz it's shipped in a format you
> refuse to handle?
>
> And you don't even bother telling the reporter you would like it in a per
> ip format? Or make attempts to make it work the way they report it (split
> out the ip's and modify the to be forwarded mail to only contain the ip's
> belonging to that customer)????
>

You will have to remember that these are automated mails from the reporter.
If I write them back it goes into their bit bucket, because they do not
really care enough to bother replying. I am betting they are sending out
thousands mails each day and they can not handle manually replying to all
of that. In the same way we receive a large amount of automated mail so we
have to be able to handle it automatically. Send me something sane and I
will make a script that forwards it. Send me something unusable and I wont
- but I will not do manual handling of your automated mail.

All I am trying to do here is tell people that send abuse mails not to
combine multiple abuse complaints in one mail, because that makes it harder
for everybody and makes it more likely that your mail will be dropped as
too much work. Double so if your abuse mails is from an automated system,
because I will try to match your automated system with my own. However it
is much harder to make a system that can edit your complaint and duplicate
it to several recipients, than it is to run a simple filter that just
forwards the mail as is.

As to PSN they will usually send multiple mails if the abuse is ongoing. At
some point they will send a mail with just one IP and that one gets
forwarded. So we are dropping some of the mails, but the users eventually
get notified anyway. It is not ideal but it works.

Regards,

Baldur

Ipv6 is there for 20+ years, cgnat is needed coz the net grows kinda exponentially due to stuff like IoT/mobiles/m2m, and isp's need to provide users with the ability to talk ipv4 simply because the other side refuses to deploy v6 abilities. Do the math if they really care.
Also the servers itself hosting the gameserver probably already are dual stacked. But the gamecode itself misses the support.
Then there is the issue of you as isp not being able or daring to show a fist and simply saying: screw you. Because you are risking to loose customers.
And as long as the company's earn plenty of money using outdated code, they won't change it, coz that would imply spending money that won't flow into fancy buildings, fast cars and all that other useless luxury.




Kind regards,
Alexander Maassen
- Technical Maintenance Engineer Parkstad Support BV- Maintainer DroneBL- Peplink Certified Engineer

-------- Oorspronkelijk bericht --------Van: Mike Hammett <nanog@ics-il.net> Datum: 22-09-16 13:23 (GMT+01:00) Aan: Alexander Maassen <outsider@scarynet.org> Cc: NANOG <nanog@nanog.org> Onderwerp: Re: PlayStationNetwork blocking of CGNAT public addresses
If you told them they would have fewer NAT issues if they supported IPv6, they'd start to care.  ;-) They know enough to hate NAT.



-----
Mike Hammett
Intelligent Computing Solutions

Midwest Internet Exchange

The Brothers WISP

From: "Alexander Maassen" <outsider@scarynet.org>
Cc: "NANOG" <nanog@nanog.org>
Sent: Thursday, September 22, 2016 3:35:01 AM
Subject: Re: PlayStationNetwork blocking of CGNAT public addresses

Both gamers and content providers do not care. The gamers as they only care about the game itself and don't care about the technical mumbo jumbo. And the makers coz they only care about making money by producing content the gamers want. And you service providers are left with the headache of attempts to please both sides.
If this wasn't the case, then why after 20 years, ipv6 ain't rolled out.
Hence again I'd be voting for an ipv6 only day, but that will never happen.....
Kind regards,
Alexander Maassen
- Technical Maintenance Engineer Parkstad Support BV- Maintainer DroneBL- Peplink Certified Engineer

-------- Oorspronkelijk bericht --------Van: Mark Andrews <marka@isc.org> Datum: 21-09-16  03:29  (GMT+01:00) Aan: Justin Wilson <lists@mtin.net> Cc: NANOG <nanog@nanog.org> Onderwerp: Re: PlayStationNetwork blocking of CGNAT public addresses

In message <09342130-874F-4FA4-B410-B7B66A75FA4D@mtin.net>, Justin Wilson write
s:
> PSN is one reason I am not a fan of CGNAT. All they see are tons of
> connections from the same IP.  This results in them banning folks.  Due
> to them being hacked so many times getting them to actually communicate
> is almost impossible.  My .02 is just get the gamers a true public if at
> all possible.
>
> Justin Wilson
> j2sw@mtin.net

What we need is business tech reporters to continually report on
these failures of content providers to deliver their services over
IPv6.  20 years lead time should be enough for any service.

Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org

On Thursday, September 22, 2016, Alexander Maassen <outsider@scarynet.org>
wrote:

> Both gamers and content providers do not care. The gamers as they only
> care about the game itself and don't care about the technical mumbo jumbo.
> And the makers coz they only care about making money by producing content
> the gamers want. And you service providers are left with the headache of
> attempts to please both sides.


Very much agree


> If this wasn't the case, then why after 20 years, ipv6 ain't rolled out.
> Hence again I'd be voting for an ipv6 only day, but that will never
> happen.....


Disagree. IPv6 is meaningfully rolled out. Half or comcast and at&t subs
are observably on ipv6

http://www.worldipv6launch.org/measurements/

And every (i think) iphone 7 ships with ipv6 default on from t-mobile,
sprint, T , and VZ. Same can be said of samsung phones 2 years ago.

Now, if abc isp and xyz gaming company don't deploy ipv6, they have nobody
to blame but themselves. Many of us have moved on, but it is sad when
you all need help tweeking your cgn or need help finding an IPv4 broker.

I feel your pain. But don't say ipv6 is not deployed. It is deployed, and
it carries more traffic than ipv4

http://www.internetsociety.org/deploy360/blog/2016/08/facebook-akamai-pass-major-milestone-over-50-ipv6-from-us-mobile-networks/

CB

Kind regards,
> Alexander Maassen
> - Technical Maintenance Engineer Parkstad Support BV- Maintainer DroneBL-
> Peplink Certified Engineer
>
> -------- Oorspronkelijk bericht --------Van: Mark Andrews <marka@isc.org
> <javascript:;>> Datum: 21-09-16 03:29 (GMT+01:00) Aan: Justin Wilson <
> lists@mtin.net <javascript:;>> Cc: NANOG <nanog@nanog.org <javascript:;>>
> Onderwerp: Re: PlayStationNetwork blocking of CGNAT public addresses
>
> In message <09342130-874F-4FA4-B410-B7B66A75FA4D@mtin.net <javascript:;>>,
> Justin Wilson write
> s:
> > PSN is one reason I am not a fan of CGNAT. All they see are tons of
> > connections from the same IP. This results in them banning folks. Due
> > to them being hacked so many times getting them to actually communicate
> > is almost impossible. My .02 is just get the gamers a true public if at
> > all possible.
> >
> > Justin Wilson
> > j2sw@mtin.net <javascript:;>
>
> What we need is business tech reporters to continually report on
> these failures of content providers to deliver their services over
> IPv6. 20 years lead time should be enough for any service.
>
> Mark
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
> <javascript:;>
>

On 9/22/2016 8:10 AM, Baldur Norddahl wrote:
> On 22 September 2016 at 10:42, Alexander Maassen <outsider@scarynet.org>
> wrote:
>
>> So you ignore/don't deal with the abuse coz it's shipped in a format you
>> refuse to handle?
>>
>> And you don't even bother telling the reporter you would like it in a per
>> ip format? Or make attempts to make it work the way they report it (split
>> out the ip's and modify the to be forwarded mail to only contain the ip's
>> belonging to that customer)????
>>
> You will have to remember that these are automated mails from the reporter.
> If I write them back it goes into their bit bucket, because they do not
> really care enough to bother replying. I am betting they are sending out
> thousands mails each day and they can not handle manually replying to all
> of that. In the same way we receive a large amount of automated mail so we
> have to be able to handle it automatically. Send me something sane and I
> will make a script that forwards it. Send me something unusable and I wont
> - but I will not do manual handling of your automated mail.
>
> All I am trying to do here is tell people that send abuse mails not to
> combine multiple abuse complaints in one mail, because that makes it harder
> for everybody and makes it more likely that your mail will be dropped as
> too much work. Double so if your abuse mails is from an automated system,
> because I will try to match your automated system with my own. However it
> is much harder to make a system that can edit your complaint and duplicate
> it to several recipients, than it is to run a simple filter that just
> forwards the mail as is.
>
> As to PSN they will usually send multiple mails if the abuse is ongoing. At
> some point they will send a mail with just one IP and that one gets
> forwarded. So we are dropping some of the mails, but the users eventually
> get notified anyway. It is not ideal but it works.
>
> Regards,
>
> Baldur

We've also started ignoring their abuse emails, for the same reason.
Their abuse emails at one point contained the line:

> P.S. If you would prefer an individual email for each IP address on
this list, please let us know.

But, they didn't respond after we contacted them requesting it (and that
line has since been removed).

Considering that there are likely to be many such emails - just how much time is it going to take your abuse desk staffer to just parse out those IPs from whatever log that they send you?

And how much time would processing say 50 individual emails take compared to 50 IPs in a single email?

--srs

> On 22-Sep-2016, at 6:58 PM, Brian Rak <brak@gameservers.com> wrote:
>
> We've also started ignoring their abuse emails, for the same reason. Their abuse emails at one point contained the line:
>
> > P.S. If you would prefer an individual email for each IP address on this list, please let us know.
>
> But, they didn't respond after we contacted them requesting it (and that line has since been removed).

Single IP per email: automated, zero time at all.

Multiple IPs per email: manual process, minutes per IP.


On 9/22/2016 9:34 AM, Suresh Ramasubramanian wrote:
> Considering that there are likely to be many such emails - just how
> much time is it going to take your abuse desk staffer to just parse
> out those IPs from whatever log that they send you?
>
> And how much time would processing say 50 individual emails take
> compared to 50 IPs in a single email?
>
> --srs
>
> On 22-Sep-2016, at 6:58 PM, Brian Rak <brak@gameservers.com
> <mailto:brak@gameservers.com>> wrote:
>
>> We've also started ignoring their abuse emails, for the same reason.
>> Their abuse emails at one point contained the line:
>>
>> > P.S. If you would prefer an individual email for each IP address on this list, please let us know.
>>
>> But, they didn't respond after we contacted them requesting it (and
>> that line has since been removed).

The format of the abuse complaint doesn't mean anything if it still doesn't
contain any relevant data to say what the abuse IS. (Or, even if it IS
abuse at all.)




On Thu, Sep 22, 2016 at 9:37 AM, Brian Rak <brak@gameservers.com> wrote:

> Single IP per email: automated, zero time at all.
>
> Multiple IPs per email: manual process, minutes per IP.
>
>
> On 9/22/2016 9:34 AM, Suresh Ramasubramanian wrote:
>
>> Considering that there are likely to be many such emails - just how much
>> time is it going to take your abuse desk staffer to just parse out those
>> IPs from whatever log that they send you?
>>
>> And how much time would processing say 50 individual emails take compared
>> to 50 IPs in a single email?
>>
>> --srs
>>
>> On 22-Sep-2016, at 6:58 PM, Brian Rak <brak@gameservers.com <mailto:
>> brak@gameservers.com>> wrote:
>>
>> We've also started ignoring their abuse emails, for the same reason.
>>> Their abuse emails at one point contained the line:
>>>
>>> > P.S. If you would prefer an individual email for each IP address on
>>> this list, please let us know.
>>>
>>> But, they didn't respond after we contacted them requesting it (and that
>>> line has since been removed).
>>>
>>
>

http://x-arf.org/ ?

--
Hugo Slabbert       | email, xmpp/jabber: hugo@slabnet.com
pgp key: B178313E   | also on Signal

On September 22, 2016 5:31:12 AM PDT, Alexander Maassen <outsider@scarynet.org> wrote:
>Maybe its time then for a global accepted, unified way to send/report
>abuse? 
>That should solve most of the issues and end points would be able to
>deal with it in a common way and only would need to think about how to
>integrate it in their crm's etc.
>We are all using the same medium, but attempt to communicate issues
>using several methods. 
>Perhaps iana can use those (m/b)illions they got from selling tld's and
>cook something up.
>
>
>
>Kind regards,
>Alexander Maassen
>- Technical Maintenance Engineer Parkstad Support BV- Maintainer
>DroneBL- Peplink Certified Engineer
>