FAQ for External Network Operators
Under this header, you’ll find the FAQs that pertain to those who are not a member of either Marbled Fennec Networks or FurrIX but may still be connecting to the network and making use of resources; or have noticed devices and endpoints from our networks connecting to their networks.
I was able to connect to your web server and now I am not?
There is a fair chance that someone within your /24 or /60 was aggressively crawling the website with back to back request and to cut back on traffic, we blocked the involved subnets at the upstream router. We look at where the subnets come from, how often pages are requested, what URLs are being hit and the user agent when making decisions to block or not block an annoying subnet.
I know you guys once had an email server, but now I cannot see it…
There is a fair chance that someone within your /24 or /60 was found to be trying to use us as a relay, trying to SASL login with ‘password’ or jumping ahead in the protocol and it showed up in the logs. We do not tolerate any abuse of the mail server at all and hand out subnet bans at the upstream router in an effort to stop these connections and keep the log clean. If you are being prevented from delivering legitimate mail to our server, reach out to the support desk for help.
If our volunteer techs do unblock your subnet and you end up blocked a second time, you will not be unbalocked from accessing the email server. Clean up your network if its unshared or try to work with your host if it is shared.
I was able to reach and query your name servers, but now I get no response!
This is most likely due to our network engineers noticing a very large number of request coming from the /24 or /60 that your IP address is a part of or a large number of request for a certain domain spread across several IPs within the /24 or /60 your IP address is a part of. To combat this type of abuse and keep it from bogging down the name server, we put in drop rules for iptables that keep the traffic from reaching the name server service. If you feel you might have been blocked by accident, reach out to our support desk for assistance. Most of the time, subnet bans expire after 48 hours.
There are devices hitting my network, possible abuse and I can’t find a host name for them; but they come from your network!
These most likely came from our leased /48. You can perform PTR lookups against ‘multi.dns.marbledfennec.net’ to find the host name of the IP that is bothering you and then use that information to email ‘abuse at marbledfennec dot net’ to report the traffic and our volunteers will deal with the offending project member as soon as possible. We take these kinds of reports very seriously and appreciate external network operators bringing bad actors to light.
Some of your PTR records differ when using a different name server than when using your name servers…
We directly manage the reverse zones on our name servers. In the case of our ‘2604:4300:f03::/48’ network, our zone files will be updated before the data center updates their zones. In the case of our ‘2602:f992:f3::/48’ network, the LIR is not able to control or provide control of the reverse zones, so we manage a reverse zone for this network on our name servers.
When connecting members to the networks that our project operates, it is required that the subnet and interface has PTR records assigned for the identification of traffic to and from our networks. Using the PTR records, one can see which project member or end user is responsible for the traffic and in the case of network abuse, they can be reported to us.
How do I read your PTR records?!
When we connect new project members or end users to the network, we collect a little bit of basic information about them and how their service may be used. Some of this information makes it into our PTR records to make easier on both our volunteers and external network operators to identify the origin of the traffic. For a quick tip on how to read our records, you can use the command “nslookup -q=ptr 2602:f992:f3::2 multi.dns.marbledfennec.net’ and you will get information back on how these records are structured.
I am a web host and I have been seeing traffic from your networks, I am worried these are bots…
You can rest assured that the traffic you see is most likely not bot traffic. While our network does use data center ranges and a data center ASN, our traffic is generate by humans playing around in their labs or on the go with their devices. Marbled Fennec Networks, and FurrIX, do not allow bots to be hosted on our network ranges. If you suspect that such is happening, please perform a PTR lookup against our name servers and report the offending member to our support desk or abuse email as soon as possible. We only allow human created and routing based traffic on our networks.