Yet more hijacked space? - deru.net
Darin Wayrynen
darin at deru.net
Sun May 4 08:52:50 UTC 2003
<esc>%sFriday<ret>Saturday<ret>!
Grumble.
Darin
>
>
> I try to make it a habit of responding only to accusations when I can
> identify the accuser, but well, it's Friday night and I have a few
> minutes of time to spare. Btw, Hushmail is great for stirring up crap
> and hiding from the potential backlash.
>
> Wonder what you will, but our space is not hijacked. Only Networking
> is Deru - always has been - some of our equipment/colo facilities are
> (and have been) on the address on our AS registration. The ins/outs
> of DSS are public, you just need to dig deeper than you have - we are
> not required to justify anything to you.
>
>
> Personally, I think Deru has done it's part to help the Nanog
> community - I seem to vaguely remember us providing the bandwidth to
> the last Nanog here in Phoenix a couple of months ago, gratis, free of
> charge, provided over this very ip space.
>
>
> Thanks for your support in return! Wait, you don't represent Nanog,
> you represent a no-name anonymous email address...
>
>
> We (including Richard Rupp) have better things to spend our time on...
> Like pondering why so many "backbones" still don't source filter their
> customers so we wouldn't have to play around with 500Kpps syn floods
> (with randomized ips) aimed at us on Friday nights...
>
> Ciao,
>
> Darin
>
>
>
>
> >
> >
> > Since were on the topic of hijacked ipspace, i find myself wondering
> > about deru.net
> >
> >
> > "Deru, the name you can trust, from people you can trust." - Quoted from
> > www.deru.net
> >
> > Ok, so this is the name you can trust, from the people you can trust,
> > right? Well then, why would it appear that Deru.net, the local ISP
> > you can trust is using hijacked ip space?
> >
> > It would appear as if Deru.net is using:
> >
> > www.deru.net has address 140.99.0.15
> >
> > My handy dandy whois tool tells me this range belongs to:
> >
> >
> > OrgName: Datability Software Systems, Inc.
> > OrgID: DERU
> > Address: 14982 N 83rd PL Ste 201
> > City: Scottsdale
> > StateProv: AZ
> > PostalCode: 85260
> > Country: US
> >
> > NetRange: 140.99.0.0 - 140.99.255.255
> > CIDR: 140.99.0.0/16
> > NetName: DSS1
> > NetHandle: NET-140-99-0-0-1
> > Parent: NET-140-0-0-0-0
> > NetType: Direct Allocation
> > NameServer: NS1.DERU.NET
> > NameServer: NS2.DERU.NET
> > Comment:
> > RegDate: 1990-04-12
> > Updated: 2001-08-01
> >
> > TechHandle: DW19-ARIN
> > TechName: Wayrynen, Darin
> > TechPhone: +1-480-998-7237
> > TechEmail: darin at deru.net
> >
> > Before this network was modified it contained:
> >
> > 140.99.0.0 Datability Software Systems, Inc. NET-DSS1 322 Eighth Avenue
> > New York, NY 10001 US
> >
> > 140.99.0.0 C DSS1
> > Rupp, Richard L. (RLP39) rich at PLUTO.DSS.COM
> > (201) 438-2400
> >
> >
> > Handy dandy route-server tells us:
> >
> >
> > route-server.cw.net>sh ip bgp 140.99.0.0 255.255.0.0 l
> > BGP table version is 2788023425, local router ID is 209.1.220.234
> > Status codes: s suppressed, d damped, h history, * valid, > best, i -
> > internal
> > Origin codes: i - IGP, e - EGP, ? - incomplete
> >
> > Network Next Hop Metric LocPrf Weight Path
> > *>i140.99.0.0 208.172.146.30 100 0 1239 11588
> > 2 7136 i
> > * i 208.172.146.29 100 0 1239 11588
> > 2 7136 i
> > *>i140.99.96.0/19 208.172.146.30 100 0 1239 11588
> > 2 i
> > * i 208.172.146.29 100 0 1239 11588
> > 2 i
> > * i140.99.120.0/22 208.172.146.29 100 0 1239 11588
> > 2 26978 i
> > *>i 208.172.146.30 100 0 1239 11588
> > 2 26978 i
> > route-server.cw.net>
> >
> > And once again, handy dandy whois tool tells us:
> >
> > OrgName: Only Networking Inc. (ONLY2-DOM)
> > OrgID: ONIO
> > Address: 3443 North Central, 17th Floor
> > City: Phoenix
> > StateProv: AZ
> > PostalCode: 85013
> > Country: US
> >
> > ASNumber: 7136
> > ASName: ONLY
> > ASHandle: AS7136
> > Comment:
> > RegDate: 1996-09-16
> > Updated: 1996-09-16
> >
> > TechHandle: DW19-ARIN
> > TechName: Wayrynen, Darin
> > TechPhone: +1-480-998-7237
> > TechEmail: darin at deru.net
> >
> >
> > Im finding it odd that not a single thing, other than the POC email for
> > a questionable /16 and the ASN announcing questionable /16 has anything
> > to do with deru.net.
> >
> >
> >
> > Also, my friend google tells me this:
> >
> > http://216.239.57.100/search?q=cache:aHJS20Er5m0C:members.aol.com/karima4483/resume_c.html+%22Datability+Software+Systems,
> > +Inc.%22&hl=en&ie=UTF-8
> >
> > smlnk: http://smlnk.com/?21ZQK6FP
> >
> > So it would appear that Datability Software Systems, Inc. was located
> > in Natick, Mass, and became Penril Datability Networks
> >
> > http://216.239.37.100/search?q=cache:87PPbzXONd0C:isdn.modemhelp.net/p/penrildatabilitynetworks.shtml+Penril+Datability+Networks+&hl=en&ie=UTF-
> > 8
> >
> > smlnk:http://smlnk.com/?08DJKDW3
> >
> > It now appears that Penril Datability Networks was split up, with thier
> > assets being aquired by Bay Networks, and Access Beyond.
> >
> > http://216.239.33.100/search?q=cache:jSOOHJ6s9fkC:www.cgraphix.com/39_detail_clients.html+Access+Beyond+%2BPenril&hl=en&ie=UTF-
> > 8
> >
> > smlnk: http://smlnk.com/?UHXEPYDC
> >
> > That leaves us with Access Beyond, a manufacturer of remote access telecom
> > products. And whose website is now owned by a cybersquatter.
> >
> >
> > Now the question at hand is, at which point did this hardware company
> > become Deru.net, the Internet Service Provider you can trust? was this
> > before, or after Penril Datability Networks Inc/Bay Networks/Access Beyond.?
> >
> > Did everyone decide to move to arizona and start an ISP? or is this just
> > another example of IP hijacking that we all find ourselves taking a look
> > at.
> >
> > Can deru.net provide documents that say they bought or were aquired by
> > Datability Software Systems, Inc/Penril Datability Networks/Bay Networks/Access
> > Beyond.?
> >
> > There are other companies using this address space (eldosales.com) but
> > they dont have the appearance of owning a possibly hijacked /16
> >
> > Regards,
> >
> > IP Police
> >
> >
> >
> > Concerned about your privacy? Follow this link to get
> > FREE encrypted email: https://www.hushmail.com/?l=2
> >
> > Big $$$ to be made with the HushMail Affiliate Program:
> > https://www.hushmail.com/about.php?subloc=affiliate&l=427
> >
> >
> >
>
>
>
>
More information about the NANOG
mailing list