Hijacked Network Ranges

Mark Tinka mtinka at globaltransit.net
Sun Feb 5 22:49:49 CST 2012


On Wednesday, February 01, 2012 12:10:32 PM George Bonser 
wrote:

> Customer relationship with Kelvin's firm terminated and
> they contracted for service elsewhere but are apparently
> attempting to maintain the use of the address
> allocation(s) they received from Kelvin's firm.  They
> apparently did this by misrepresenting the fact that
> they were entitled to use that address space.

We've been in such situations without customers requesting 
us either to:

	a) Block certain addresses across their transit
	   links in order to mitigate DoS attacks.

	b) Announce address space which does not necessarily
	   belong to them, even though they aren't being
	   nefarious.


In either case, a quick check of the RIR WHOIS database to 
qualify consistency in information does not hurt. Yes, WHOIS 
records aren't always the most up-to-date, but it's a fairly 
good representation of the truth most of the time, 
especially since 'inetnum' objects tend to be managed by the 
RIR's themselves, last time I checked.

This is quickly making the case for RPKI.

Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20120206/4fb90542/attachment.bin>


More information about the NANOG mailing list