Skynet Skynet blocking microsoft CIDR blocks

  • ATTENTION! You'll notice a Prefix dropdown when you create a thread. If your post applies to one of the topics listed, please use that Prefix for your post. When browsing the thread list you can use the Prefix to filter the view.
  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

agilani

Very Senior Member
Ok this is my 4th problem with Skynet since Adam left.

I checked and it looked like Firehol is reporting microft CIDR block as bad and its blocking linkedin. Shouldn't this be whitelisted by skynet already?


13.107.246.10 is NOT in set Skynet-Whitelist.
13.107.246.10 is in set Skynet-Blacklist.
13.107.246.10 is NOT in set Skynet-BlockedRanges.

Blacklist Reason;
"BanMalware: firehol_level3.netset"


Part of the following Microsoft Blocks

13.64.0.0/11, 13.96.0.0/13, 13.104.0.0/14

I manually whitelisted the whole range.
 

dave14305

Part of the Furniture
Seems like that IP is iffy right now. Skynet doing its job based on the public lists. Your prerogative to whitelist, but not all of Microsoft's IP space can necessarily be trusted outright.

 

Wallace_n_Gromit

Senior Member
Ok this is my 4th problem with Skynet since Adam left.

I checked and it looked like Firehol is reporting microft CIDR block as bad and its blocking linkedin. Shouldn't this be whitelisted by skynet already?


13.107.246.10 is NOT in set Skynet-Whitelist.
13.107.246.10 is in set Skynet-Blacklist.
13.107.246.10 is NOT in set Skynet-BlockedRanges.

Blacklist Reason;
"BanMalware: firehol_level3.netset"


Part of the following Microsoft Blocks

13.64.0.0/11, 13.96.0.0/13, 13.104.0.0/14

I manually whitelisted the whole range.

...but not all of Microsoft's IP space can necessarily be trusted outright.


I seem to recall that it is possible, and some nefarious entities have, hijacked internet space/IP range(s) that is not being used by it's current legitimate owners and have claimed it (perhaps?) illegally as their own to achieve some credibility that the true owners have and thus many Internet traffic filters will allow.

Part of the current issue is that with the limited availability of IPV4 space/ranges that, such space is very valuable and is being sold by their legitimate owners for big bucks. Some entities have found ways to hijack this limited IPV4 space. I remember a past Security Now episode mentioning a European ISP that was "stealing" IPV4 ranges for its own use.

Years of watching Security Now have filled my head with all these bits of trivia.

So I cannot immediately back up my claim, does anyone know what this phenomenon is called?

EDIT: Though I haven't been able to find the specific SN episode that mentions this issue... this Stackexchange thread mentions how one "good" ISP could have an IP range stolen by a "EvilCo" ISP because of their unique position and capabilities that ISP's have using BGP.

[https://security.stackexchange.com/...-my-ip-address-and-use-it-as-their-own#224017]

"... Many (most?) BGP hijacking incidents are “operator error” rather than intentional. In some cases companies find IPv4 address space that is assigned to a no-longer-operational entity and use that for business operations. IPv4 address space is scarce and expensive due to IP address depletion. "
 
Last edited:

agilani

Very Senior Member
Its called BGP highjacking. Happens all the time especially when tier 1 ISP's accept and advertise someone else's block without any checking or approval. Typically larger companies like Microsoft and google actively monitor for this however.
 
Last edited:

Kingp1n

Very Senior Member
My son was having issues connecting to GoW (Microsoft exclusive game) servers but once I whitelisted 13.107.246.10 all is working right now.
 

SpasilliumNexus

New Around Here
Sure enough this was why on my phone I couldn't not launch any games in the Xbox Game Pass app, nor could use Remote Play on the Series X from the Xbox app.

Not to mention that anything tied to managing my Microsoft Account was slow to browse, or didn't load at all.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top