nanog mailing list archives
Re: Help with removing DNS shinkhole FP from Charter/Spectrum
From: Validin Axon <axon () validin com>
Date: Mon, 22 Apr 2024 20:54:35 -0400
Hi Bill, I'm not sure where you saw that message, but I got this message via email after I submitted an unblock request with Spectrum Shield:
We have reviewed your request to unblock validin.com. This site was not
found to be blocked by Spectrum Shield and should be accessible from your browser.
Thank you, Spectrum
My company's domain got caught up in some lazy copy/pasting from this blog post last year that cited my company as a source for the data. Someone copy/pasted the whole page, which included my company's domain name, and that made it to a few AV OTX pulses and VT collections: https://gi7w0rm.medium.com/uncovering-ddgroup-a-long-time-threat-actor-d3b3020625a4 I've cleaned up everything I could from that botched blocklist aggregation. However, there's no correction process for Spectrum's DNS sinkhole, and I'm not even sure that's how our domain got mixed up there. The support staff I've spoken with have denied the existence of DNS sinkholing at Spectrum, and demonstrated they lack the basic technical sophistication needed to understand the concept. They've each ultimately told me that each affected customer would need to reach out to the Spectrum customer service, which would then help that customer change their DNS settings to another DNS provider. Of course, the last thing I'd want to do with a potential customer is ask them to go through that painful process. I also have no idea how many potential users or customers can't reach me and simply give up without letting me know. Lastly, I AM a Spectrum customer. My home internet service is Spectrum. If it weren't for that, I'd be truly SOL because support would just ignore me. But, they they claim the issue is resolved from their perspective because I can simply change my DNS settings. But back to the topic: someone mentioned to me that Spectrum may not be the direct providers for the DNS services they provide to their customers. If anyone knows anything about how I might discover and reach out to the people responsible, please let me know. :-) Regards, Kenneth On Mon, Apr 22, 2024 at 8:07 PM Christopher Morrow <morrowc.lists () gmail com> wrote:
“We checked the website you are trying to access for malicious and spear-phishing content and found it likely to be unsafe.” perhaps charter thinks there's a reason to not permit folks to access a possibly dangerous site? (it's also possible it just got cough up amongst some other stuff in the hosting provider's space, nothing jumps out in passive-dns lokoups.) On Mon, Apr 22, 2024 at 7:39 PM William Herrin <bill () herrin us> wrote:On Mon, Apr 22, 2024 at 4:00 PM John Levine <johnl () iecc com> wrote:It appears that William Herrin <bill () herrin us> said:If you can't reach a technical POC, use the legal one. Your lawyer canThe only response to a letter like that is "we run our network to serve our customers and manage it the way we think is best" and you know what, they're right.Hi John, Respectfully, you're mistaken. Look up "tortious interference." Operators have considerable legal leeway to block traffic for cause, or even by mistake if corrected upon notification, but a lawyer who blows off a cease-and-desist letter without investigating it with the tech staff has committed malpractice. The lawyer doesn't want to commit malpractice. You write the lawyer via certified mail, he's going to talk to the tech staff and you're going to get a response. At that point, you have an open communication pathway to get things fixed. Which was the problem to be solved.Having said that, I suspect the least bad alternative if you can't find an out of band contact is to get some of the Spectrum customers who can't reach you to complain. They're customers, you aren't.My results going through the support front-door at large companies for oddball problems have been less than stellar. Has your experience truly been different? Regards, Bill Herrin -- William Herrin bill () herrin us https://bill.herrin.us/
Current thread:
- Help with removing DNS shinkhole FP from Charter/Spectrum Validin Axon (Apr 22)
- Re: Help with removing DNS shinkhole FP from Charter/Spectrum William Herrin (Apr 22)
- Re: Help with removing DNS shinkhole FP from Charter/Spectrum John Levine (Apr 22)
- Re: Help with removing DNS shinkhole FP from Charter/Spectrum William Herrin (Apr 22)
- Re: Help with removing DNS shinkhole FP from Charter/Spectrum Christopher Morrow (Apr 22)
- Re: Help with removing DNS shinkhole FP from Charter/Spectrum Validin Axon (Apr 22)
- Re: Help with removing DNS shinkhole FP from Charter/Spectrum William Herrin (Apr 22)
- Re: Help with removing DNS shinkhole FP from Charter/Spectrum John R. Levine (Apr 22)
- Re: Help with removing DNS shinkhole FP from Charter/Spectrum Livingood, Jason via NANOG (Apr 23)
- Re: Help with removing DNS shinkhole FP from Charter/Spectrum Validin Axon (Apr 23)
- Re: Help with removing DNS shinkhole FP from Charter/Spectrum Tom Beecher (Apr 23)
- Re: Help with removing DNS shinkhole FP from Charter/Spectrum Validin Axon (Apr 23)
- Re: [EXTERNAL] Re: Help with removing DNS shinkhole FP from Charter/Spectrum Rampley, Jim F (Apr 23)
- Re: [EXTERNAL] Re: Help with removing DNS shinkhole FP from Charter/Spectrum Validin Axon (Apr 23)
- Re: Help with removing DNS shinkhole FP from Charter/Spectrum John Levine (Apr 22)
- Re: Help with removing DNS shinkhole FP from Charter/Spectrum William Herrin (Apr 22)
- Re: Help with removing DNS shinkhole FP from Charter/Spectrum John R. Levine (Apr 22)
- Re: Help with removing DNS shinkhole FP from Charter/Spectrum William Herrin (Apr 22)