Prefix hijacking by Michael Lindsay via Internap
Denis Spirin
noc at link-telecom.net
Sun Aug 21 02:05:53 UTC 2011
Right now there are:
46.96.0.0/16
83.223.224.0/19
94.250.128.0/19
94.250.160.0/19
188.164.0.0/24
As I can see in the spam block lists like Spamhaus, all our networks was
affected:
83.223.224.0/20
86.59.128.0/17
79.174.128.0/18
94.250.128.0/17
188.164.0.0/16
46.96.0.0/16
2011/8/21 Arturo Servin <arturo.servin at gmail.com>
>
> What's the prefix you claim is hijacked?
>
> /as
>
> On 20 Aug 2011, at 22:05, Denis Spirin wrote:
>
> > Hello All,
> >
> > I was hired by the Russian ISP company to get it back to the business.
> Due
> > to impact of the financial crisis, the company was almost bankrupt, but
> then
> > found the investor and have a big wish to life again.
> >
> > When I tried to announce it's networks, upstreams rejected to accept it
> > because of Spamhaus listings. But our employer sworn there is not and was
> > not any spamming from the company. The Spamhaus lists all our networks as
> > spamming Zombies. And it IS announced and used now!!! The announce is
> from
> > American based company Internap (AS12182). I wrote the abuse report them,
> > but instead of stop unauthorized announces of our networks, I was
> contacted
> > by a person named 'Michael Lindsay' - he tell me he buy our networks from
> > some other people and demand we get back our abuse reports. Of course, we
> > don't. After a short googling, I found this is well-known cyber crime
> > person: http://www.spamhaus.org/rokso/listing.lasso?file=818&skip=0, and
> he
> > did IP hijacking with the fake letter of authorization before:
> > http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK8686 so our
> company
> > is not a first victim of him. Yes, our company "help" him with the
> mistake
> > of loosing old domain link-telecom.biz he was also squatted. This domain
> was
> > listed as contact at RIPE Database.
> >
> > It is a good topic why these easy-to-forge LOAs is still in use, as
> > RADB/RIPE DB/other routing database with the password access is a common
> > thing. But this is not the main thing. The main thing is why Internap
> helps
> > to commit a crime to the well-known felony person, and completely ignores
> > our requests? Is there any way to push them to stop doing that
> immediately?
> > If anybody can - please help...
>
>
More information about the NANOG
mailing list