HIJACKED: 159.223.0.0/16 -- WTF? Does anybody care?

Ronald F. Guilmette rfg at tristatelogic.com
Fri Apr 1 09:13:36 UTC 2011


In message <AF24AE2D4A4D334FB9B667985E2AE763997FE7 at mail1-sea.office.spectrumnet
.us>, John van Oppen <jvanoppen at spectrumnet.us> wrote:

>Why does it matter what his position is?

Well, if he was, you know, just the janitor or something, then I think
that we could all safely assume that his opinions are...well.. his opinions,
and that they should not be improperly or unfairly construed as official
statements on behalf of the company.  Wouldn't you agree?

I, for one, certainly don't want to unfairly interpret some personal
comment on the part of some worker bee as being the equivalent of an
official company pronouncement.  Do you?

>Sounds like they had a forged LOA from the customer...

And they provided service for free??  For three months??  All just on the
basis of a sheet of paper that any fool could trivially manufacture in 15
minutes or less at the local Kinkos?  Sorry.  No.  I think not.

Money was paid.  Money changed hands.  Which hands did it come from?  From
the hijacker crook, obviously.  But which one?  (There are so many different
crooks on the Internet these days.)  What was this one's name?  Not the
phony blaoney name that was on the LOA.  That really doesn't matter.  The
name on the check.

>...and that they fixed the issue...

I'm sorry to disagree, but no, actually, it didn't.

As I pointed out in the very message that you are responding to, nothing here
is ``fixed'', nothing here is ``resolved'', and the evidence seems to indi-
cate that the exact same snowshoe spammer who was spamming out of the
hijacked block that was getting connectivity from Circle Internet and also,
indirectly, from Integra Telecom is still very much alive and well and still
operating within the UN-hijacked portion of Circle Internet's IP space.

I understand that now that the _hijacking_ part of this tiny drama has been
terminated, some folks, here and elsewhere, would prefer now to just roll
over and go back to sleep.  That's your choice and you're welcome to it.
I, however, would sort-of still like to see the perp being escorted to the
exit of the entire Internet, along with a swift kick in the ass and an
admonition never to come back again.

That clearly hasn't happened yet, and what with all the corporate CYA going
on it doesn't even look probable any time soon.

>I am not sure you can ask too much more from a network operator

Yea.  Gee, I guess you're right.  Expecting honesty, courtesy, forthrightness,
and enough information to make sure that other networks will not be similarly
tainted in the future is just completely out of the question.

That's apparently far too much care and compassion for one's community and
one's fellow man to expect from any CORPORTATION, after all.

Please excuse me for harboring patently ridiculous hopes and/or expectations.

>the best thing we can hope for are companies that will cancel customers if
>they are abuse sources...

That may be the best that _you_ are capable of hoping for.  Me personally?
I set my sights a little higher.

Maybe someday... perhaps not in my lifetime, but someday... when there is
a lot less corporate CYA and just a little bit more civic responsibility,
then maybe we really could get these kinds of crooks off the Internet in
a way so that they don't just reappear someplace else a month or two down
the road, when things have quieted down.

Look, here's two scenarios.  See if you can fit them both together in a
way that makes sense.  I can't.

If I go into Macy's, charge a pair of shoes on my Macy's credit card, and
then, when I get my monthy charge account bill, I simply don't pay it, then
within 30 days, Equifax, Experian and TransUnion will all know about that,
and they will go around blabbing to every other merchant in the world, and
pretty soon I won't be able to buy even a stick of bubble gum on credit.
(Note that _Macy's_ apparently has no trouble ratting out _it's_ less than
savory customers.)

If however I collude with some friendly and/or greedy ISP/NSP or two on the
Internet, hijack a /16 or two, get caught, and get publically outted, then
I can be reasonably assured that all of the greedy companies, all the way
up and down the entire networking food chain will instantly clam up, you
know, just to avoid having to admit that they profited from my scheme too.
So I can also be reasonably sure, going in, that even if I'm caught,
not only will I not be punished in any way, but better still, I'll be able
to just wait a few weeks and then just go down the street to the next
greedy ISP/NSP and pull the exact same scam all over again.  And nobody
except the companies that I've paid off will ever even know my name.

If this all makes sense to anybody, then please do explain it to me, because
I'm not seeing it.  All I see is a sure-fire recipie for an endless cavalcade
of IP hijacking incidents.  For the perp, there is simply no downside whatso-
ever, even if he gets caught, so he's just gonna do it over and over and
over again.

Which part of this is either non-clear or non-obvious?


Regards,
rfg




More information about the NANOG mailing list