The in-your-face hijacking example, was: Re: Who is announcing bogons?

Richard Cox Richard at
Wed Apr 30 22:27:53 UTC 2003

On Wed, 30 Apr 2003 16:46 (UT), Scott Granados <scott at> wrote:

| Clearly someone or something at Arin has given authority to this block
| to be used and that authorized figure has requested service from us.

I wouldn't say it was at all clear that "someone or something" at ARIN
has given any authority for anything.  Some - indeed several - records
at ARIN have clearly been changed - fairly recently (the handle ISC1 on
2003-03-05, and the Netblock on 2003-03-04, AS 27595 on
2003-04-07 - but netblock was created before any of that,
on 2003-01-23, and has AFAICT not changed since then.

Previously ISD-1 showed:

OrgName:    ISD
OrgID:      ISD-1
Address:    1324 South Ridge Parkway (Mapquest confirms no such address)
City:       Beverly Hills
StateProv:  CA
PostalCode: 90210
Updated:    2003-01-23
TechHandle: DS127-ARIN
TechName:   Shelley, Dennis
TechPhone:  +1-213-246-6565 (mobile range, number not in service)

So there was a change to ISD1 on the same day that was
created, where the address/phone number were a total fiction and the
email address was at a free email service and probably untraceable?

ARIN shows that block as being LANET-1; LANET-1 is listed by ARIN as:

OrgName:    State of Louisiana
OrgID:      STATEO-4
Address:    Department of Health and Hospitals
Address:    Information Services
Address:    PO Box 3013
City:       Baton Rouge
StateProv:  LA
PostalCode: 70821
Country:    US

ASNumber:   2048
ASName:     LANET-1
ASHandle:   AS2048
RegDate:    1992-12-07
Updated:    1995-05-22

TechHandle: JL141-ARIN
TechName:   Joseph Lanier
TechPhone:  +1-504-342-7701

(Of course, the postholders have changed and there's been an
area code split since 1992 ... this is an ANCIENT /16 block!)

| Unless I'm missing something obvious <which is possible>

Well, Kai summarised it rather well when he asked:

> How many owners of a /16 do you know that use an MBE/UPS
> Store address as their primary place of business?

More to the point, do you not do credit checks as part of your
"Due Diligence" these days?  What credit check would pass when
the primary address is at an MBE/UPS Store?

I'm happy to give full credit to the Spamhaus Project, and ARIN, as
sources of some of the information I used during this investigation.

Full details of Spamhaus records are at:

I've had to delay reporting this by about six hours as, out of
courtesy, I wanted to ensure that the appropriate people at Baton
Rouge were aware of the situation before anything was announced.

Richard Cox

More information about the NANOG mailing list