Hijacked Network Ranges
mtinka at globaltransit.net
Sun Feb 5 22:49:49 CST 2012
On Wednesday, February 01, 2012 12:10:32 PM George Bonser
> Customer relationship with Kelvin's firm terminated and
> they contracted for service elsewhere but are apparently
> attempting to maintain the use of the address
> allocation(s) they received from Kelvin's firm. They
> apparently did this by misrepresenting the fact that
> they were entitled to use that address space.
We've been in such situations without customers requesting
us either to:
a) Block certain addresses across their transit
links in order to mitigate DoS attacks.
b) Announce address space which does not necessarily
belong to them, even though they aren't being
In either case, a quick check of the RIR WHOIS database to
qualify consistency in information does not hurt. Yes, WHOIS
records aren't always the most up-to-date, but it's a fairly
good representation of the truth most of the time,
especially since 'inetnum' objects tend to be managed by the
RIR's themselves, last time I checked.
This is quickly making the case for RPKI.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: This is a digitally signed message part.
More information about the NANOG