Since multiple sites are affected but not everything, it seems likely they have been put on some sort of globally managed block list. Feedback from one of the blocking companies should help identify which list and therefore why they were added.
You could run their address through some of the checker sites to see if you get lucky too.
example:
https://dnschecker.org/ip-blacklist-checker.php
------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
http://puluka.com/home------------------------------
Original Message:
Sent: 04-02-2023 07:08
From: ahmed-lish
Subject: certain IP blocks are not able to access banking sites
Hello Spluka,
thank you for guidance. We have raised ticket with of the financial institution and are waiting for their feedback.
there are alot of different sites apart from the financial institutions that are having the same issue so we not sure what might have triggered this widespread "blacklisting" of the blocks.
next thing we going to try tomorrow (Monday) is to actually borrow another IP/ASN block fro our sister company that is not using for now and configure on this customers border routers just to see if its something to do with how they doing their setup. We quite certain this new IP blocks will work but just want to try.
Regards,
lish.
Original Message:
Sent: 04-01-2023 12:30
From: STEVE PULUKA
Subject: certain IP blocks are not able to access banking sites
I have seen this happen when the target sites are running security software that finds specific ip ranges or addresses to be malicious. Since the company is likely a customer of the financial institution they should open a ticket with them to have this checked out on that side too.
This is especially indicated as possible since the nat option from the same site does work.
------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
http://puluka.com/home
Original Message:
Sent: 03-31-2023 05:05
From: ahmed-lish
Subject: certain IP blocks are not able to access banking sites
Hello All,
We have some strange issue that we need your help in understanding it.
We have one of our downstream customers who has own IP/ASN resources and we are giving him IP transit.
all was well until early this month when they reported that some sites are not opening.
We asked them to share the list of sites and we tried it within our network using our IPs and the sites open fine.
We have tested same sites on other networks and they open fine.
We suspected DNS and asked them to try different DNS including public ones like 1.1.1.1/8.8.8.8 but no change. still sites dont open.
We have asked them to NAT their traffic using the P2P we have given them and sites open fine when they do that.
The sites are mostly Banking sites, so we suspected Asymmetric routing and tried to make sure traffic takes same path for exit and return but still no change.
Not sure what could be happening.
Could anybody provide insights what could be happening?
Regards,
Lish.