Prefix hijacking by Michael Lindsay via Internap
Arturo Servin
arturo.servin at gmail.com
Sun Aug 21 01:39:00 UTC 2011
What's the prefix you claim is hijacked?
/as
On 20 Aug 2011, at 22:05, Denis Spirin wrote:
> Hello All,
>
> I was hired by the Russian ISP company to get it back to the business. Due
> to impact of the financial crisis, the company was almost bankrupt, but then
> found the investor and have a big wish to life again.
>
> When I tried to announce it's networks, upstreams rejected to accept it
> because of Spamhaus listings. But our employer sworn there is not and was
> not any spamming from the company. The Spamhaus lists all our networks as
> spamming Zombies. And it IS announced and used now!!! The announce is from
> American based company Internap (AS12182). I wrote the abuse report them,
> but instead of stop unauthorized announces of our networks, I was contacted
> by a person named 'Michael Lindsay' - he tell me he buy our networks from
> some other people and demand we get back our abuse reports. Of course, we
> don't. After a short googling, I found this is well-known cyber crime
> person: http://www.spamhaus.org/rokso/listing.lasso?file=818&skip=0, and he
> did IP hijacking with the fake letter of authorization before:
> http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK8686 so our company
> is not a first victim of him. Yes, our company "help" him with the mistake
> of loosing old domain link-telecom.biz he was also squatted. This domain was
> listed as contact at RIPE Database.
>
> It is a good topic why these easy-to-forge LOAs is still in use, as
> RADB/RIPE DB/other routing database with the password access is a common
> thing. But this is not the main thing. The main thing is why Internap helps
> to commit a crime to the well-known felony person, and completely ignores
> our requests? Is there any way to push them to stop doing that immediately?
> If anybody can - please help...
More information about the NANOG
mailing list