Cidram: Whole Swiss ISP聽is blocked ?!

Created on 31 Oct 2019  路  13Comments  路  Source: CIDRAM/CIDRAM

https://github.com/CIDRAM/CIDRAM/blob/3940223ab429f973a73f81989023001f706114ba/vault/ipv4_isps.dat#L1701

You are blocking a whole Swiss ISP!

And because of that, I don't have access to Nissan's remote controls of my car!

E.g. https://www.mynissanleaf.com/viewtopic.php?t=28568
blocks my IP!

False Positive Fixed

All 13 comments

Hi @beat,

Because CIDRAM is intended for protecting websites (i.e., things like chips, boards, car systems, etc are not planned or anticipated uses for CIDRAM), suggesting that CIDRAM is affecting the system responsible for vehicle remote control access, would also be suggesting that the system responsible for vehicle remote control access is using software which is intended for protecting websites, which seems a little strange to me. From a legal perspective, there's no problem using CIDRAM for other purposes or in other contexts (the license by which I provide the software doesn't make any stipulations in that regard), but from a technical perspective, I absolutely can't guarantee that there wouldn't be problems (just the same as with any other technology anywhere; desired outcomes can't be guaranteed when using said technologies for purposes or in contexts which they weren't designed for).

If I may ask, are you certain that CIDRAM is actually responsible for the mentioned problem here? The reason I ask is that removing the ISP in question from CIDRAM's signature files will only be effective in fixing the problem in question if CIDRAM is actually responsible for the problem in question in the first place. If it isn't responsible, the problem will continue to exist. I read through the discussion you've linked to above, and I can't see any mention of CIDRAM anywhere at all in that discussion. I'm not asking this to incite an argument or to downplay the problem at all; I'm asking because I'm not familiar with how Nissan handles vehicle remote control access and hoping to get all the facts before making any assumptions at my end. Thanks.

Also, final question: Does your IP address belong to the CIDR you cited earlier as an example (77.109.128.0/18)? I don't need to know your exact IP address (aside from GDPR and similar legislation, it should also be kept in mind that our discussion here is publicly visible, so disclosing any PII here should generally be avoided whenever possible). However, knowing whether 77.109.128.0/18 (which collectively represents potentially up to 16,384 addresses) is the CIDR which contains your IP address, will help me to know whether that's the particular signature that needs to be removed in order to fix the problem or whether the problem will still persist after removing that particular signature.

Thank you.

On a side-note: Looking over my own logs, various other databases/services/etc that I check against for determining when to include/exclude something and so on, it seems that the kinds of unwanted traffic that formed the basis for including Init7 in CIDRAM's signature files in the first place has reduced quite significantly over the past year, so I definitely think we don't need to be blocking the entire ISP anymore, and the total signatures relating to that ISP could be safely reduced down to few specific CIDRs now, I think.

I could mark the signature section as ignored by default too, so that the blocks would only come into effect when an installation specifically unignores/activates them.

If possible though, having confirmation as to whether Nissan is actually using CIDRAM as part of their system responsible for vehicle remote control access would be useful, because if they are, simply removing Init7 from the signature files, whether in part or in whole, might not be sufficient, as I imagine the problem could possibly reemerge the moment someone tries to use the system from a different ISP, meaning that further, additional action may be required.

E.g. mynissanleaf.com/viewtopic.php?t=28568
blocks my IP!

I guess you mean the forum blocks you? Did you already ask them what software they use?

@Maikuolan this is not about the software in the car and the forum is not by Nissan but another group of forums. Not related to Nissan.

Also I think your answer was a bit too long ;-)

I guess you mean the forum blocks you? Did you already ask them what software they use?

Please provide more info like a screenshot of the block. CIDRAM displays a specific block page normally which contains more info.

image

Init7 is a quite big Fiber ISP in Switzerland, a large datacenter provider, and a big Internet backbone provider worldwide. Blocking the whole ISP, because, as with any ISPs some customers have infected machines just doesn't make sense imho. Blocking some IP blocks may make sense but not a whole ISP.

And indeed, it's a forum about Nissan EVs that is blocked. At the same time, strangely, maybe by coincidence maybe not, my Nissan EV car remote app can't reach Nissan's EV remote control server through the same ISP, which is really annoying as winter comes, and for EVs it's very useful to have car connectivity. As said, maybe not CIDRAM's fault, but maybe yes, I don't know the IP address of the Nissan EV remote control App.

And yes, I pointed you to the exact line that is blocking me:

Line 1701 in 3940223
77.109.128.0/18 Deny Generic

Thanks for the clarification. We will remove this from the active blacklist then.

my Nissan EV car remote app can't reach Nissan's EV remote control server

This is not related to the mentioned forum. I don't think Nissan runs CIDRAM on the API. Please contact the Nissan support. The IP range is in the blocklist since 2017.

Thank you. And thanks for removing the Init7 ISP from the blocklist (I use other IPs from that ISP).

Marking as "False Positive" (I mean.. I wouldn't have called it that a year ago, so maybe not an entirely accurate description, but circumstances change, it's close enough of a description, and I don't want the labels to become too confusing by adding too many super-specific labels).

I'll reply again as soon as the update has been pushed.

(Note also that in order for the update to come into effect, the CIDRAM installation at the forums in question will need to be synced/updated with the upstream here).

With exception to 4 specific IPs which still have some relatively recent reports of spam activities at SFS (I'll keep those 4 listed temporarily, until the reports become stale), Init7 has now been removed from CIDRAM's signature files (via 2a02e1e9f03ee10bc8bbe2ac8434640892b88274 and 1ff9e1a3ca41cd9b7cbde53c85fa7d3fb379bbcd). :-)

As soon as the forum in question updates to the latest available versions of the signature files (it's possible you may need to let them know about this, if they're not updating automatically), you should be able to access that forum again.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

Dibbyo456 picture Dibbyo456  路  6Comments

gizmecano picture gizmecano  路  6Comments

Dibbyo456 picture Dibbyo456  路  5Comments

Dibbyo456 picture Dibbyo456  路  3Comments

Dibbyo456 picture Dibbyo456  路  6Comments