Fwd: [LN20080729.4147] RE: AS 28551

Marshall Eubanks tme at multicasttech.com
Fri Aug 1 08:05:57 CDT 2008


I think that 161.164.248.0/21 and AS 28551 may be hijacked.

To summarize

AS 28551 is announcing 161.164.248.0/21

28551 is assigned to LANIC but has not been assigned to a end user.
161.164.248.0/21 is assigned to WalMart
161.164.248.0/21 is currently routed through AS35681 - VINDAVA-AS -  
which is in Bucharest, Romania

I think that this is a bogon.

Regards
Marshall

P.S. I have asked WalMart about this, and received no response.


Begin forwarded message:

> From: Lucas Graciano <hostmaster at lacnic.net>
> Date: July 31, 2008 1:10:25 PM EDT
> To: Marshall Eubanks <tme at multicasttech.com>
> Cc: LACNIC Hostmaster <hostmaster at lacnic.net>
> Subject: Re: [LN20080729.4147] RE: AS 28551
>
> Dear Sir,
>
> This AS number is under administration by NIC.MX, but is a resource
> that is not allocated yet!
>
> Regards,
>
> Hostmaster // Registration Service
> ========================================================
>
> L A C N I C                            http://lacnic.net
> Latin American and Caribbean Internet Addresses Registry
> ========================================================
>
>
> On Tue, Jul 29, 2008 at 04:59:02AM -0400, Marshall Eubanks wrote:
>> Hello;
>>
>> I contacted LANIC (read below) to see if they actually did register  
>> AS
>> 28551.
>>
>> My question remains : Is there a reason for this ASN not to be in the
>> LACNIC whois, or is this a rogue ASN ?
>>
>> Regards
>> Marshall Eubanks
>>
>>
>> On Jul 29, 2008, at 3:14 AM, Network Abuse wrote:
>>
>>>
>>> **        This is an automatic message.          **
>>> ** Please carefully read the information below.  **
>>>
>>> You have contacted LACNIC due to some abuse activity (spam,
>>> hacking, etc),
>>> from an IP address allocated or assigned by LACNIC.
>>>
>>> LACNIC is an RIR (Regional Internet Registry) for Latin America and
>>> the Caribbean region. What that means is that LACNIC is responsible
>>> for
>>> the IP address space and ASN allocation/assignment in this region.
>>>
>>> As mentioned, the IP address in question was allocated by LACNIC to
>>> some other organization or ISP in the region. So the abuse activity
>>> originated in that organization's network, not in LACNIC.
>>>
>>> You should query our whois database to get information about the
>>> source of this abuse activity and the appropriate network contact.
>>>
>>> LACNIC's whois is available at:
>>> http://lacnic.net/cgi-bin/lacnic/whois
>>>
>>> or via the command line:
>>> whois -h whois.lacnic.net [IP ADDRESS]
>>>
>>> Important Note:
>>>
>>> ----------------------------------------------------------------------
>>> Addresses allocated to "Comite Gestor da Internet no Brasil" are
>>> those
>>> allocated to the Brazilian NIR (Registro BR), and in this case you
>>> might want to query their Whois database:
>>> http://registro.br/cgi-bin/nicbr/whois
>>> whois -h whois.nic.br [IP ADDRESS]
>>> ---------------------------------------------------------------------
>>>
>>> Please note that LACNIC has no authority to investigate spam,  
>>> hacking
>>> or any other kind of network abuse activity committed by other
>>> organizations. Nor can we punish other organizations' users.
>>>
>>> More details are available at: http://lacnic.net/abuse
>>>
>>> If this information did not help you, please reply this message to
>>> hostmaster at lacnic.net and keep the subject line.
>>>
>>> Regards,
>>> LACNIC Hostmaster
>>>
>>>
>>>
>>> ----------Original Header
>>> From tme at multicasttech.com  Tue Jul 29 04:14:07 2008
>>> Return-Path: <tme at multicasttech.com>
>>> X-Original-To: whois-contact at lacnic.net
>>> Delivered-To: whois-contact at lacnic.net
>>> Received: from localhost (localhost [127.0.0.1])
>>> 	by mail.lacnic.net (Postfix) with ESMTP id C6A23B9C3
>>> 	for <whois-contact at lacnic.net>; Tue, 29 Jul 2008 04:14:07 -0300  
>>> (BRT)
>>> X-Virus-Scanned: amavisd-new at lacnic.net
>>> X-Spam-Score: -2.407
>>> X-Spam-Level:
>>> X-Spam-Status: No, score=-2.407 tagged_above=-99 required=4
>>> tests=[AWL=0.192,
>>> 	BAYES_00=-2.599]
>>> Received: from mail.lacnic.net ([127.0.0.1])
>>> 	by localhost (mail.lacnic.net [127.0.0.1]) (amavisd-new, port  
>>> 10024)
>>> 	with ESMTP id 7B1tNXyA0p7h for <whois-contact at lacnic.net>;
>>> 	Tue, 29 Jul 2008 04:14:05 -0300 (BRT)
>>> X-Greylist: delayed 3599 seconds by postgrey-1.27 at
>>> mail.lacnic.net; Tue, 29 Jul 2008 04:14:04 BRT
>>> Received: from multicasttech.com (lennon.multicasttech.com
>>> [63.105.122.7])
>>> 	by mail.lacnic.net (Postfix) with ESMTP id DB5F5B9C0
>>> 	for <whois-contact at lacnic.net>; Tue, 29 Jul 2008 04:14:04 -0300  
>>> (BRT)
>>> Received: from [63.105.122.7] (account marshall_eubanks HELO
>>> [IPv6:::1])
>>> by multicasttech.com (CommuniGate Pro SMTP 3.4.8)
>>> with ESMTP-TLS id 12277392 for whois-contact at lacnic.net; Tue, 29
>>> Jul 2008 02:14:04 -0400
>>> Message-Id: <DBB7E3A2-E4AB-4A43-8362-720FBDE289CC at multicasttech.com>
>>> From: Marshall Eubanks <tme at multicasttech.com>
>>> To: whois-contact at lacnic.net
>>> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
>>> Content-Transfer-Encoding: 7bit
>>> Mime-Version: 1.0 (Apple Message framework v926)
>>> Subject: AS 28551
>>> Date: Tue, 29 Jul 2008 02:14:03 -0400
>>> X-Mailer: Apple Mail (2.926)
>>>
>>>
>>> ----------Original Message
>>> Hello;
>>>
>>> AS 28551 is in a ASN block assigned to LACNIC and is shwoing up in  
>>> my
>>> BGP tables,
>>> but a whois returns a blank :
>>>
>>> [tme at lennon mcast]$ lacnic_whois 28551
>>> [lacnic.net]
>>>
>>> % Joint Whois - whois.lacnic.net
>>> %  This server accepts single ASN, IPv4 or IPv6 queries
>>>
>>> % LACNIC resource: whois.lacnic.net
>>>
>>>
>>> % Copyright LACNIC lacnic.net
>>> %  The data below is provided for information purposes
>>> %  and to assist persons in obtaining information about or
>>> %  related to AS and IP numbers registrations
>>> %  By submitting a whois query, you agree to use this data
>>> %  only for lawful purposes.
>>> %  2008-07-29 03:13:17 (BRT -03:00)
>>>
>>> % No match for "AS28551"
>>>
>>> % whois.lacnic.net accepts only direct match queries.
>>> % Types of queries are: POCs, ownerid, CIDR blocks, IP
>>> % and AS numbers.
>>>
>>> Is there a reason for this, or is this a rogue ASN ?
>>>
>>> Regards
>>> Marshall Eubanks
>>>





More information about the NANOG mailing list