The in-your-face hijacking example, was: Re: Who is announcing bogons?
Richard at mandarin.com
Wed Apr 30 22:27:53 UTC 2003
On Wed, 30 Apr 2003 16:46 (UT), Scott Granados <scott at wworks.net> wrote:
| Clearly someone or something at Arin has given authority to this block
| to be used and that authorized figure has requested service from us.
I wouldn't say it was at all clear that "someone or something" at ARIN
has given any authority for anything. Some - indeed several - records
at ARIN have clearly been changed - fairly recently (the handle ISC1 on
2003-03-05, and the Netblock 18.104.22.168/16 on 2003-03-04, AS 27595 on
2003-04-07 - but netblock 22.214.171.124/20 was created before any of that,
on 2003-01-23, and has AFAICT not changed since then.
Previously ISD-1 showed:
Address: 1324 South Ridge Parkway (Mapquest confirms no such address)
City: Beverly Hills
TechName: Shelley, Dennis
TechPhone: +1-213-246-6565 (mobile range, number not in service)
So there was a change to ISD1 on the same day that 126.96.36.199/20 was
created, where the address/phone number were a total fiction and the
email address was at a free email service and probably untraceable?
ARIN shows that block as being LANET-1; LANET-1 is listed by ARIN as:
OrgName: State of Louisiana
Address: Department of Health and Hospitals
Address: Information Services
Address: PO Box 3013
City: Baton Rouge
TechName: Joseph Lanier
(Of course, the postholders have changed and there's been an
area code split since 1992 ... this is an ANCIENT /16 block!)
| Unless I'm missing something obvious <which is possible>
Well, Kai summarised it rather well when he asked:
> How many owners of a /16 do you know that use an MBE/UPS
> Store address as their primary place of business?
More to the point, do you not do credit checks as part of your
"Due Diligence" these days? What credit check would pass when
the primary address is at an MBE/UPS Store?
I'm happy to give full credit to the Spamhaus Project, and ARIN, as
sources of some of the information I used during this investigation.
Full details of Spamhaus records are at: http://snurl.com/19fq
I've had to delay reporting this by about six hours as, out of
courtesy, I wanted to ensure that the appropriate people at Baton
Rouge were aware of the situation before anything was announced.
More information about the NANOG