Hijacked Network Ranges

George Bonser gbonser at seven.com
Tue Jan 31 22:10:32 CST 2012



> -----Original Message-----
> From: John Schneider
> Sent: Tuesday, January 31, 2012 5:34 PM
> To: Kelvin Williams
> Subject: Re: Hijacked Network Ranges
> 
> Another interesting thing that I noticed, is that AS33611 is not
> advertising any prefixes other than yours.  Either they do not have any
> of their own (unlikely) or they are advertising their own legitimate
> prefixes from another AS however I doubt that is the case.  It sounds
> like you were able to verify that this is indeed a malicious attack. 

If I read the previous material correctly, it seems to have gone something like:

Customer was initially a customer of Kelvin's firm and had the address assignments in question.

Customer relationship with Kelvin's firm terminated and they contracted for service elsewhere but are apparently attempting to maintain the use of the address allocation(s) they received from Kelvin's firm.  They apparently did this by misrepresenting the fact that they were entitled to use that address space.

If that is the case, it isn't so much a "malicious attack" as it is just plain stealing the use of IP address space they aren't entitled to.




More information about the NANOG mailing list