XO blocking individual IP's

[clayton () haydel org]

I'm hoping someone has had the same experiences, and is further toward a
resolution on this than I am. About 6 months ago, we noticed that XO was
blackholing one specific IP out of a /24.  Traces to that IP stopped on
XO's network, traces to anything else out of the block went through fine.
XO finally admitted that they had a new security system that identifies
suspicious traffic and automatically blocks the IP for 30 minutes.  We had
to get the IP in question "whitelisted" by their security guys.  The
traffic was all legit, it was just on a high port # that they considered
suspicious.

There have several more cases like this, and XO has not been forthcoming
with information. We're either looking to be exempted from this filtering
or at least get a detailed description of how the system works.  I'm not
sure how they think this is acceptable from a major transit provider.
Anybody else had similar problems?


Clayton Haydel