The in-your-face hijacking example, was: Re: Who is announcing bogons?

Scott Granados scott at wworks.net
Wed Apr 30 22:42:26 UTC 2003


Actually yes, you can use mbe / ups drops and po boxes for credit checks
and for incorporation etc.

In point of fact a credit check was done including the contacting of three
trade references and some other searches, I can't speak as well to this as
I didn't do the check myself but in this case the  customer passed as I do
know no deposit was required and in many cases they are.  Many times PO
boxes are used and PO boxes can be gotten from the PO obviously but also
from third parties.

On Wed, 30 Apr 2003, Richard Cox wrote:

>
> On Wed, 30 Apr 2003 16:46 (UT), Scott Granados <scott at wworks.net> wrote:
>
> | Clearly someone or something at Arin has given authority to this block
> | to be used and that authorized figure has requested service from us.
>
> I wouldn't say it was at all clear that "someone or something" at ARIN
> has given any authority for anything.  Some - indeed several - records
> at ARIN have clearly been changed - fairly recently (the handle ISC1 on
> 2003-03-05, and the Netblock 170.208.0.0/16 on 2003-03-04, AS 27595 on
> 2003-04-07 - but netblock 170.208.0.0/20 was created before any of that,
> on 2003-01-23, and has AFAICT not changed since then.
>
> Previously ISD-1 showed:
>
> OrgName:    ISD
> OrgID:      ISD-1
> Address:    1324 South Ridge Parkway (Mapquest confirms no such address)
> City:       Beverly Hills
> StateProv:  CA
> PostalCode: 90210
> Updated:    2003-01-23
> TechHandle: DS127-ARIN
> TechName:   Shelley, Dennis
> TechPhone:  +1-213-246-6565 (mobile range, number not in service)
> TechEmail:  dshelley58#netscape.net
>
> So there was a change to ISD1 on the same day that 170.208.0.0/20 was
> created, where the address/phone number were a total fiction and the
> email address was at a free email service and probably untraceable?
>
> ARIN shows that block as being LANET-1; LANET-1 is listed by ARIN as:
>
> OrgName:    State of Louisiana
> OrgID:      STATEO-4
> Address:    Department of Health and Hospitals
> Address:    Information Services
> Address:    PO Box 3013
> City:       Baton Rouge
> StateProv:  LA
> PostalCode: 70821
> Country:    US
>
> ASNumber:   2048
> ASName:     LANET-1
> ASHandle:   AS2048
> RegDate:    1992-12-07
> Updated:    1995-05-22
>
> TechHandle: JL141-ARIN
> TechName:   Joseph Lanier
> TechPhone:  +1-504-342-7701
> TechEmail:  blanier#doa.state.la.us
>
> (Of course, the postholders have changed and there's been an
> area code split since 1992 ... this is an ANCIENT /16 block!)
>
> | Unless I'm missing something obvious <which is possible>
>
> Well, Kai summarised it rather well when he asked:
>
> > How many owners of a /16 do you know that use an MBE/UPS
> > Store address as their primary place of business?
>
> More to the point, do you not do credit checks as part of your
> "Due Diligence" these days?  What credit check would pass when
> the primary address is at an MBE/UPS Store?
>
> I'm happy to give full credit to the Spamhaus Project, and ARIN, as
> sources of some of the information I used during this investigation.
>
> Full details of Spamhaus records are at: http://snurl.com/19fq
>
> I've had to delay reporting this by about six hours as, out of
> courtesy, I wanted to ensure that the appropriate people at Baton
> Rouge were aware of the situation before anything was announced.
>
> --
> Richard Cox
>
>




More information about the NANOG mailing list