[#135346] Unauthorized BGP Announcements (follow up to Hijacked Networks)

David Conrad drc at virtualized.org
Wed Feb 1 01:15:29 UTC 2012

> I hope none of you ever get hijacked by a spammer housed at Phoenix NAP.  :)

In the dim past, I had a somewhat similar situation:

- A largish (national telco of a small country) ISP started announcing address space a customer of theirs provided.  Unfortunately, the address space wasn't the ISP's customer's to provide.
- When the ISP was notified by both their RIR and the organization to which the address space was rightfully delegated, the ISP's response was:

"We have a contractual relationship with our customer to announce that space.  We have neither a contractual relationship (in this context) with the RIR nor the RIR's customer.  The RIR and/or the RIR's customer should resolve this issue with our customer."

It as an eye-opening experience.


On Jan 31, 2012, at 4:49 PM, Kelvin Williams wrote:

> We're still not out of the woods, announcing /24s and working with upper
> tier carriers to filter out our lists.  However, I just got this response
> from Phoenix NAP and found it funny.  The "thief" is a former customer,
> whom we terminated their agreement with.  They then forged an LOA,
> submitted it to CWIE.net and Phoenix NAP and resumed using space above and
> beyond their terminated agreement.  So now any request for assistance to
> stop our networks from being announced is now responded to with an
> instruction to contact the thief's lawyer.
> kw
> ---------- Forwarded message ----------
> From: Kelvin Williams <kwilliams at altuscgi.com>
> Date: Tue, Jan 31, 2012 at 7:43 PM
> Subject: Re: [#135346] Unauthorized BGP Announcements
> To: noc at phoenixnap.com
> We'll be forwarding this to our peers in the industry--rather funny that
> Phoenix NAP would rather send us to the attorney of the people stealing our
> space than bothering to perform an ARIN WHOIS search, or querying any of
> the IRRs.
> Interesting...  Very interesting...  So, who all do you have
> there--spammers and child pornographers?  Is this level of protection what
> you give to them all?
> On Tue, Jan 31, 2012 at 7:30 PM, Brandon S <BrandonS at phoenixnap.com> wrote:
>> Hello,
>> Thank you for your email. Please direct any further questions regarding
>> this issue to the following contact.
>> Bennet Kelley
>> 100 Wilshire Blvd.
>> Suite 950
>> Santa Monica, CA 90401
>> bkelley at internetlawcenter.net
>> Telephone
>> 310-452-0401
>> Facsimile
>> 702-924-8740
>> --
>> Brandon S.
>> NOC Services Technician
>> ** We want to hear from you!**
>> We care about the quality of our service. If you’ve received
>> anything less than a prompt response or exceptional service or would like
>> to share any
>> feedback regarding your experience, please let us know by sending an email
>> to management:
>> supportfeedback at phoenixnap.com
>> --
> Kelvin Williams
> Sr. Service Delivery Engineer
> Broadband & Carrier Services
> Altus Communications Group, Inc.
> "If you only have a hammer, you tend to see every problem as a nail." --
> Abraham Maslow

More information about the NANOG mailing list