RE: ticketmaster.com 403 Forbidden

["Manser, Charles J" <Charles.Manser () charter com>]

All,

Thank you for the suggestions. All (3) of the e-mail addresses associated with their ARIN records bounced back.

        Remote Server returned '< #5.7.133 smtp;550 5.7.133 RESOLVER.RST.SenderNotAuthenticatedForGroup; authentication 
required; Delivery restriction check failed because the sender was not authenticated when sending to this group>' 

It can be difficult for consumers to work these issues individually, so we reached out to the NANOG community for an 
assist. The problem seemed widespread and not isolated to single customers and referring them to a web form did not 
seem like an option.

Good news: I am making some progress with the Live Nation/Ticketmaster team.

        "Thank you for bringing this to our attention. We are conducting an investigation on suspicious activity that 
has been observed on the range of IP's are associated to your connectivity and will make every effort to do this as 
fast as possible."

Thank you all again for the help and I will keep the archive updated if we reach a repeatable resolution.

Regards,
 
Charles Manser | Principal Engineer I, Network Security 
Charles.Manser () charter com

-----Original Message-----
From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of joel jaeggli
Sent: Monday, February 06, 2017 7:38 PM
To: Suresh Ramasubramanian <ops.lists () gmail com>; mike.lyon () gmail com; Ethan E. Dee <edee () globalvision net>
Cc: Niels Bakker <niels=nanog () bakker net>; nanog () nanog org
Subject: Re: ticketmaster.com 403 Forbidden

On 2/6/17 8:49 AM, Suresh Ramasubramanian wrote:
> My guess is you have or had sometime in the long distant past a scalper operating on your network, using automated 
> ticket purchase bots.
>
> If you still have that scalper around, you might want to turf him.  If he’s ancient history, saying so might induce 
> them to remove the block.
Note that scalper bots benefit from pools of residential ip addresses to
work with in subverting the anti-bot countermeasures of ticket sale
platforms. so there are the legitimate possibility that subverted hosts
are being used for that sort of thing.
> --srs
>
> On 06/02/17, 8:45 AM, "nanog-bounces () nanog org on behalf of mike.lyon () gmail com" <nanog-bounces () nanog org on 
> behalf of mike.lyon () gmail com> wrote:
>
>     Yup, i have a /22 that has the same problem. Support is useless...
>     
>     > On Feb 6, 2017, at 08:35, Ethan E. Dee <edee () globalvision net> wrote:
>     > 
>     > It gives me a Forbidden error.
>     > It has for over a year.
>     > There support says they are not allowed to me why by their policy.
>     > it is across an entire /19.
>     > I gave up after the fifth time and encourage the customers to call them individually.
>     > 
>     >> On 02/06/2017 11:09 AM, Niels Bakker wrote:
>     >> * Charles.Manser () charter com (Manser, Charles J) [Mon 06 Feb 2017, 16:21 CET]:
>     >>> It seems that browsing to ticketmaster.com or any of the associated IP addresses results in a 403 Forbidden 
> for our customers today. Is anyone else having this issue?
>     >> 
>     >> http://help.ticketmaster.com/why-am-i-getting-a-blocked-forbidden-or-403-error-message/ 
>     >> 
>     >> 
>     >>    -- Niels.
>     > 
>     


E-MAIL CONFIDENTIALITY NOTICE: 
The contents of this e-mail message and any attachments are intended solely for the addressee(s) and may contain 
confidential and/or legally privileged information. If you are not the intended recipient of this message or if this 
message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this 
message and any attachments. If you are not the intended recipient, you are notified that any use, dissemination, 
distribution, copying, or storage of this message or any attachment is strictly prohibited.