Re: Cloudflare blocking Cogent again

[David Hubbard via NANOG <nanog () lists nanog org>]

Yup that’s not uncommon, because often times when a cloud computing provider inhabits numerous netblocks all over the 
ASN, allows their customers to have dynamic exit IP’s, and doesn’t act on abuse reports, people end up dropping an 
ASN-based rule into Cloudflare.  Blocking is aggressive, vs “managed challenge” which attempts to at least let humans 
through, but sometimes you’re stuck between a rock and a hard place if the bots in question are able to bypass the 
challenge, the attack continues, Cogent or their customer do nothing, and your app/site is impacted.

I don’t see that as much with 174 as I do with malicious traffic from OVH, Digital Ocean, Hetzner, etc., but it happens.



From: Miller, Jon <JMiller () boselaw com>
Date: Monday, August 11, 2025 at 3:52 PM
To: David Hubbard <dhubbard () dino hostasaurus com>, North American Network Operators Group <nanog () lists nanog org>
Subject: RE: Cloudflare blocking Cogent again
We are seeing Cloudflare “you have been blocked” messages from three different IP ranges but all on the Cogent ASN.  
Surely multiple Cloudflare customers aren’t blocking whole ASNs, right?  Or can an entire ASN end up on a RBL because 
of a few bad actors?

Jon Miller | Chief Information Officer
Bose McKinney & Evans LLP

From: David Hubbard <dhubbard () dino hostasaurus com>
Sent: Monday, August 11, 2025 2:49 PM
To: North American Network Operators Group <nanog () lists nanog org>
Cc: Miller, Jon <JMiller () boselaw com>
Subject: Re: Cloudflare blocking Cogent again

Are you sure it’s not the Cloudflare customers choosing to block the Cogent ASN?  i.e. are you seeing a CF blocking 
message rather than just a transit failure?

Reason I ask is because we see a reasonable number of bot attacks sourced from AS174 end customers, so I could see 
sites like the ones you mentioned choosing to block rather than challenge.  Cloudflare’s challenges seem to be getting 
bypassed by bots more and more lately, and their support doesn’t seem to care, so some users may resort to blocking.

From: Miller, Jon via NANOG <nanog () lists nanog org>
Date: Monday, August 11, 2025 at 2:01 PM
To: nanog () lists nanog org <nanog () lists nanog org>
Cc: Miller, Jon <JMiller () boselaw com>
Subject: Cloudflare blocking Cogent again
We are seeing multiple Cloudflare sites blocked on our Cogent circuits.  Three Cogent circuits from two clients in two 
states are blocked.  I opened a ticket with Cogent, but the last time this happened, they just shrugged and said "not 
our fault."  Are any other Cogent customers seeing this?  Any advice on how to resolve?  Here are the sites we see 
blocked by Cloudflare.

https://www.americanbar.org/
https://www.ballys.com/
https://investor.fanatics.com/investor-relations/default.aspx


Jon Miller
Bose McKinney & Evans LLP

This message and any attachments may contain legally privileged or confidential information,
and are intended only for the individual or entity identified above as the addressee.

If you are not the addressee, or if this message has been addressed to you in error,
you are not authorized to read, copy, or distribute this message and any attachments, and we
ask that you please delete this message and attachments (including all copies) and notify the
sender. Delivery of this message and any attachments to any person other than the intended
recipient(s) is not intended in any way to waive confidentiality or a privilege.

All personal messages express views only of the individual sender, and may not be copied or distributed without this 
statement.

_______________________________________________
NANOG mailing list
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/X5VL4CRGDK6A4PTG6TETN3NW34JJYFDF/
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/YNGTUJIW3DUDS5HZFZHIKKBQ6N4NRBK5/