On 25 Apr 2025, at 20:49, Eric Schechter <ericschechterhh@gmail.com> wrote:
Hello, there is a cloud provider with RIPE ASNs that is hosting all kinds of abusive content from port scanning to malware and doesnt respond to any abuse emails, they have been outed but pretend they are innocent I'm currently being port scanned by pfcloud.io IPs and they havent responded to a single abuse report in months can anything be done about this malicious host? https://x.com/pfcloudio/status/1877064925262012466
The great thing about Autonomous Systems is that they are Autonomous and so are you. As such, if you dislike an ASN, you can opt to filter that away. There are ready made lists for these kind of problems (as that above link is about), as those kind of providers end up on eg: https://www.spamhaus.org/blocklists/do-not-route-or-peer/ Complaining to ISPs who are setup to be hosting abuse content, who have "companies" in Seychelles and other such locations, is not going to work, as their whole "business" is that of being abusive. Them ending up on such lists and then having issues because of it might change their business case, maybe, but do not hold your breath, this is a decades long problem already. Thus if you have issues with a prefix or a whole ASN, either use the above lists and you automatically avoid these kind of "companies" or lookup the information: https://bgp.tools/as/51396#prefixes And filter them out per prefix. ah yes WHOIS has: mnt-ref: WHITELABEL-MNT https://bgp.tools/as/214497#whois Yep, that is an obvious bad seed, anything related to it seems to be setup as small shell companies but seem to be the same entity anyway. Logical that they end up on DROP. RIPE NCC does no enforcement of this, they verify that the company is "valid", and that is it. Just a shame that all that IPv4 space is being used for these purposes instead of legit companies who want to enter the market. Oh well, there is IPv6 right... Greets, Jeroen