Looking for Abovenet/NetAccess contact
william at elan.net
william at elan.net
Sat Jan 10 13:42:45 UTC 2004
Why particular interest in 146.20.40.0/21 now? Its been announced for very
long and is only one of the blocks annouunced from 146.20.0.0/16, is there
something you have seen from this particular block, like scans or attacks?
As to 146.20.0.0/16 I can tell that this ip block has been noted as invalid
by ARIN in July 2003 (yes - 6 months ago) and has not had working reverse
dns since then. Despite that, this is still most heavily "used" hijacked ip
block, part of the reason is that companies using it are not actual hijackers
(block was hijacked by Omachonu Ogali of Informationwave - I think most of
you know the story as it has been mentioned at nanog before couple times)
but what I usually consider to be victims (i.e. those that buy ip blocks,
although in many case as far as this block, no actual money was exchanged)
Unfortunetly its also true that almost all of these companies & individuals
knew what kind of block they were getting even back then and many of them
already otherwise have dubious security & abuse records in the community.
Anyway the fact is that they've had 6 months now to get ip block from one
of other upstreams or from ARIN and they have not done it and this is shows
complete non-interest in dealing with this issue (in other cases of hijacked
ips sold, renumbering is done within 30 days max, except one company that had
/16 and used almost 1/2 of it and it took them a while...). So below is the
list of current announcements for this ip block, I've emailed all of them at
least once but I don't try to actively go after them as they are not hijackers
(from http://www.completewhois.co/hijacked/hijacked_flist-bgp_routed_asannounced-details.txt)
146.20.36.0/22 ## AS20473 : NETTRANS : NetTransactions, LLC
146.20.40.0/21 ## AS20473 : NETTRANS : NetTransactions, LLC
146.20.54.0/24 ## AS26627 : AS-PILOSOFT : Pilosoft, Inc.
146.20.64.0/19 ## AS12277 : TRACON : Tracon Industries
146.20.80.0/21 ## AS12277 : TRACON : Tracon Industries
146.20.88.0/22 ## AS12277 : TRACON : Tracon Industries
For those interested the following are announcements that were being done
from this block before with date when it ended:
last seen on 11-04-03 - 146.20.48.0/20 ## AS23131 : STARLAN : Starlan Communications Inc.
last seen on 12-27-03 - 146.20.51.0/24 ## AS26627 : AS-PILOSOFT : Pilosoft, Inc.
last seen on 01-08-04 - 146.20.56.0/24 ## AS26627 : AS-PILOSOFT : Pilosoft, Inc.
As you can see things are finally moving along just in the last month (before
most of these announcements lasted many months), lets hope this NANOG post
will encorage this process along (I have suspicious every one of the above
companies has at least one tech on nanog mail list..)
> Abovenet and NetAccess to offer similar assurances, or even provide me
I'll be contacting abovenet (I know at least 4 security & routing contacts
there by now) regarding another hijacked ip block and can mention this one.
They are a bit slow on response, so it may take up to 30 days to stop it.
Again, if I were to mention this to MFN, I'd like to know what else is
been going on with NetTransactions and their use of this ip block that we
now care so much about it.
> and other IP investigators with the courtesy of a response.
I get responses almost all the time from larger networks (but maybe not
immediatly on 1st or 2nd day, which is not good). If you try to annoy
people too much you may never get a response, like it happens so often
with antispam abuse reports.
> I know I've seen tech guys from both company post to this forum before,
> so Im confused that they're not doing anything. Does anyone have any
> contacts I could speak to about getting something done?
Large companies have different people dealing with different issues. Its
not appropriate to email peering guy on the ip security issue (unless maybe
its about a peer). Most large networks have security at ... email address in
addition to abuse at ... you can email there on hijacking if you want to help.
If you get to know actual people in the company, don't just use this
information for any reason unless you really really aren't getting anywhere.
> Richard Cocks
So are you on Hijacked-L? I have not seen post there before before ...
--
William Leibzon
Elan Networks
william at elan.net
More information about the NANOG
mailing list