The in-your-face hijacking example, was: Re: Who is announcing bogons?

Richard Cox Richard at mandarin.com
Thu May 1 17:07:33 UTC 2003


On Thu 1 May 2003 06:28:16 (UTC), Dan Hollis <goemon at anime.net> wrote:

| ... apparently you have a portscanner on 170.208.15.82.

Which is a salient reminder that while spam may be the most visible
indication of compromised machines, bogus routing etc) it is likely to
be by far the least of the evils that will originate from such a source.

Spot the spam, catch the REAL problem ... prevent more serious issues.

On Wed, 30 Apr 2003 22:36:57 (UTC), william at elan.net wrote:

| I would not be so sure that LANET-1 ASN has anything to do with
| LANET-1 Network or with LANET organization id.

To be frank, I wasn't as sure as I wanted to be; that's why I simply
pointed to the repeated use of the LANET-1 label, so that others could
make their own judgements.  Further research confirms William is right
about it being a California LANET: compare the listing for 170.208.0.0
in: http://euclid.math.brandeis.edu/turtschi/whois/netb22.html with
the listing for (the block currently in use by LA County) 159.83.0.0
in: http://euclid.math.brandeis.edu/turtschi/whois/netb16.html

I have today spoken to the appropriate people who have confirmed their
ongoing ownership of the block and are now taking appropriate action.
We have also identified how the deception was carried out in this case.

For the record, the current routing analysis is as follows:

Netblock	  BGP route		Announced by

170.208.0.0/24    174 16631		Cogent
170.208.1.0/24    6939 26346 27595 	Atrivo
170.208.2.0/24    6939 26346 27595 	Atrivo
170.208.3.0/24    6939 26346 27595 	Atrivo
170.208.4.0/24    6939 26346 27595 	Atrivo
170.208.5.0/24    6939 26346 27595 	Atrivo
170.208.6.0/24    6939 26346 27595 	Atrivo
170.208.7.0/24    6939 26346 27595 	Atrivo
170.208.8.0/24    174 16631		Cogent
170.208.9.0/24    6939 26346 27595 	Atrivo
170.208.10.0/24   6939 26346 27595 	Atrivo
170.208.11.0/24   6939 26346 27595 	Atrivo
170.208.12.0/24   6939 26346 27595 	Atrivo
170.208.13.0/24   6939 26346 27595 	Atrivo
170.208.14.0/24   6939 26346		Digital Wireworks
170.208.15.0/24   6939 26346 27595 	Atrivo
170.208.17.0/24   6939 26346		Digital Wireworks
170.208.18.0/24   6939 26346 27595 	Atrivo

-- 
Richard Cox




More information about the NANOG mailing list