FAQ

Posted by Adrian Alexdre (FurrIX, Network Operations Center) Posted on September 7, 2024

Frequently Asked Questions

Under this header, you’ll find the FAQs that pertain to those who are not a member of either Marbled Fennec Networks or FurrIX but may still be connecting to the network and making use of resources; or have noticed devices and endpoints from our networks connecting to their networks.

I was able to connect to your web server and now I am not?
There is a fair chance that someone within your /24 or /58 was aggressively crawling the website with back to back request and to cut back on traffic, we blocked the involved subnets at our edge router. We look at where the subnets come from, how often pages are requested, what URLs are being hit and the user agent when making decisions to block or not block an annoying subnet. Usually these subnet bans are temporarily and will self resolve after 48 hours.

I was able to view your webpage and now I get sent to a….rude YouTube clip?!

You probably have been soft blocked, or someone in your subnet was soft blocked. What is happening here is that our volunteers have grown tired of dealing with a select few end users and have deployed a method of soft blocking their access from our website, usually only on the IPv4 side of the stack. If you are soft blocked, your traffic will be redirected to crude and rude YouTube clip or some other nonsense.

As a private project, we reserve the right to configure our network as we see fit and sometimes this is the final stop for some end users who have pushed the limits or refused to stop abusing our platform and/or volunteers.

I know you guys once had an email server, but now I cannot see it… (Part One)
There is a fair chance that someone within your /24 or /58 was found to be trying to use us as a relay, trying to SASL login with ‘password’ or jumping ahead in the protocol and it showed up in the logs. We do not tolerate any abuse of the mail server at all and hand out subnet bans at our edge router in an effort to stop these connections and keep the log clean. If you are being prevented from delivering legitimate mail to our server, reach out to Adrian over Discord for help.

If our volunteer techs do unblock your subnet and you end up blocked a second time, you will not be unblocked from interacting with the email server. Clean up your network if its unshared or try to work with your host if it is shared.

I know you guys once had an email server, but now I cannot see it… (Part Two)
You might be getting dropped by the email server if you were found to be abusing the contact emails
for our Support Center or Network Operations Center. Individuals who abuse our contact emails will
find themselves added to our blacklist and will no longer be able to get into contact with either side
of our operations. We have three fwoofs working on support for our projects and they do not have time for dealing with non-sense emails coming in, not to mention that anything involving the NOC has to be ran by Adrian before being responded to.

I was able to reach and query your name servers, but now I get no response!

This is most likely due to our network engineers noticing a very large number of request coming from the /24 or /58 that your IP address is a part of or a large number of request for a certain domain spread across several IPs within the /24 or /58 your IP address is a part of. To combat this type of abuse and keep it from bogging down the name server, we put in drop rules for iptables that keep the traffic from reaching the name server service. If you feel you might have been blocked by accident, reach out to our support email for assistance.

Sometimes if we are noticing abuse of or attacks on the name servers, we may opt to temporarily drop all traffic from a certain geographical location at the router level. This is done to ensure that we can still provide reliable service to other users. Most of the time, subnet bans expire after 48 hours.

How do I read your PTR records?!

When we connect new project members or end users to the network, we collect a little bit of basic information about them and how their service may be used. Some of this information makes it into our PTR records to make easier on both our volunteers and external network operators to identify the origin of the traffic. For a quick tip on how to read our records, you can use the command “nslookup -q=ptr 2602:f992:f3::2 dns.marbledfennec.net’ and you will get information back on how these records are structured.

I cannot seem to reach your network or various services via TOR?

This is by design. Our routers make use of a public list to drop traffic from known TOR exit nodes. This action is automatic and is done to prevent some of the abuse of our resources that we were starting to see this year.