Hijacked IP space.
Jamie.Reid at mbs.gov.on.ca
Tue Nov 4 05:54:07 UTC 2003
I must have missed the thread on this, but is there a good summary available
of exactly _how_ these netblocks are getting hijacked?
Are they taking advantage of sloppy redistribution configurations, 0wning
routers, spoofing OSPF updates, taking advantage of default static
routes, or is there something more complicated at work?
Are these attacks actually generating bogons, or are they isolated
to ASN's they have at one point been legitimately announced by,
I can think up many more interesting applications for these kind of
ghost-nets than spamming, all of which are quite, if you'll pardon the
Jamie.Reid, CISSP, jamie.reid at mbs.gov.on.ca
Senior Security Specialist, Information Protection Centre
Corporate Security, MBS
416 327 2324
>>> "chuck goolsbee" <chucklist at forest.net> 11/03/03 03:56pm >>>
Sorry, to interrupt any off-topic rambles, but I had a client call
last week who had just had some telephone abuse heaped on them, by
somebody accusing them of spamming. It turns out our client had a
netblock assigned to them back in the mid-90's. They used to put on
networking trade shows, and used the space for making show networks.
They haven't put on a networking trade show (with a public network)
since about 1997.
Of course to complicate the matter, the sole contact listed in whois
no longer works there.
I informed our client how to remove their name from the whois record
and relinquish the netblock back to ARIN, which I hope they are doing
I also have (at the suggestion of some research through the nanog
archives) submitted the netblock to the completewhois site.
[I have no interest in commenting on the current inane OT nanog
thread about that subject, so don't even try me.]
Mr. Thomas' cymru.com service was offline when I tried to contact it
last week (he replied via email about an outage... sorry to hear...
coffee will get there eventually. Order put to the roaster today. -
hang in there.)
Of course I have no hard data, other than my client's phone call
about another phone call, so I can't query based on a timestamp to
see where this was being announced from. It appears to vanished, and
has remained so according to my casual glances here and there.
The netblock in question is:
So, my question is: Other than the above, and mentioning it here, is
there anything else *I* can do to assist my client? Especially since
I am not at all directly related to this netblock in any way.
Additionally, it would not hurt to know if anyone here *does* know
when or where the announcement came from.
The client in question are good folks, and I hate to see their
reputation tainted by the actions of others.
--chuck goolsbee, digital.forest
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
More information about the NANOG