Re: Cloudflare blocking Cogent again

[Tom Beecher via NANOG <nanog () lists nanog org>]

> Surely multiple Cloudflare customers aren’t blocking whole ASNs, right?
> Or can an entire ASN end up on a RBL because of a few bad actors?


Yes, and yes.

Plenty of CF customers will block entire ASNs because of a small volume of
bot traffic. In fact, "just block the ASN" is a common piece of advice
given to people in CF's community forums.

This of course is rarely the CORRECT answer for their problem, and they
often don't understand the ramifications of what they're doing, but yes
this happens all the time.

On Mon, Aug 11, 2025 at 3:52 PM Miller, Jon via NANOG <nanog () lists nanog org>
wrote:

> We are seeing Cloudflare “you have been blocked” messages from three
> different IP ranges but all on the Cogent ASN.  Surely multiple Cloudflare
> customers aren’t blocking whole ASNs, right?  Or can an entire ASN end up
> on a RBL because of a few bad actors?
>
> Jon Miller | Chief Information Officer
> Bose McKinney & Evans LLP
>
>
> From: David Hubbard <dhubbard () dino hostasaurus com>
> Sent: Monday, August 11, 2025 2:49 PM
> To: North American Network Operators Group <nanog () lists nanog org>
> Cc: Miller, Jon <JMiller () boselaw com>
> Subject: Re: Cloudflare blocking Cogent again
>
> Are you sure it’s not the Cloudflare customers choosing to block the
> Cogent ASN?  i.e. are you seeing a CF blocking message rather than just a
> transit failure?
>
> Reason I ask is because we see a reasonable number of bot attacks sourced
> from AS174 end customers, so I could see sites like the ones you mentioned
> choosing to block rather than challenge.  Cloudflare’s challenges seem to
> be getting bypassed by bots more and more lately, and their support doesn’t
> seem to care, so some users may resort to blocking.
>
> From: Miller, Jon via NANOG <nanog () lists nanog org>
> Date: Monday, August 11, 2025 at 2:01 PM
> To: nanog () lists nanog org <nanog () lists nanog org>
> Cc: Miller, Jon <JMiller () boselaw com>
> Subject: Cloudflare blocking Cogent again
> We are seeing multiple Cloudflare sites blocked on our Cogent circuits.
> Three Cogent circuits from two clients in two states are blocked.  I opened
> a ticket with Cogent, but the last time this happened, they just shrugged
> and said "not our fault."  Are any other Cogent customers seeing this?  Any
> advice on how to resolve?  Here are the sites we see blocked by Cloudflare.
>
> https://www.americanbar.org/<https://www.americanbar.org/>
> https://www.ballys.com/<https://www.ballys.com/>
> https://investor.fanatics.com/investor-relations/default.aspx<
> https://investor.fanatics.com/investor-relations/default.aspx>
>
>
> Jon Miller
> Bose McKinney & Evans LLP
>
> This message and any attachments may contain legally privileged or
> confidential information,
> and are intended only for the individual or entity identified above as the
> addressee.
>
> If you are not the addressee, or if this message has been addressed to you
> in error,
> you are not authorized to read, copy, or distribute this message and any
> attachments, and we
> ask that you please delete this message and attachments (including all
> copies) and notify the
> sender. Delivery of this message and any attachments to any person other
> than the intended
> recipient(s) is not intended in any way to waive confidentiality or a
> privilege.
>
> All personal messages express views only of the individual sender, and may
> not be copied or distributed without this statement.
>
> _______________________________________________
> NANOG mailing list
>
> https://lists.nanog.org/archives/list/nanog () lists nanog org/message/X5VL4CRGDK6A4PTG6TETN3NW34JJYFDF/
> <
> https://lists.nanog.org/archives/list/nanog () lists nanog org/message/X5VL4CRGDK6A4PTG6TETN3NW34JJYFDF/
> >
> _______________________________________________
> NANOG mailing list
>
> https://lists.nanog.org/archives/list/nanog () lists nanog org/message/FURY3KOZEZMWTH4CMCVCRPEVQJHCNKQ2/
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/RAREKWULGR5WIO266S3FWRFV4SXRMDX7/