Notice: Fradulent RIPE ASNs

Ronald F. Guilmette rfg at
Mon Jan 14 22:49:20 UTC 2013

After a careful investigation, I am of the opinion that each of the
following 18 ASNs was registered (via RIPE) with fradulent information
purporting to represent the identity of the true registrant, and that
in fact, all 18 of these ASNs were registered by a single party,
apparently as part of a larger scheme to provide IP space to various
snowshoe spammers.

Evidence I have in hand strongly links this scheme and these ASNs and
their associated IPv4 route announcements to Jump Network Services,
aka JUMP.RO.  Furthermore, all of these ASNs are apparently peering
with exactly and only the same two other ASNs in all cases, i.e.
GTS Telecom SRL (AS5606) and Net Vision Telecom SRL (AS39737).  These
peers and the fradulent ASNs listed below are all apparently originated
out of Romania.

AS16011 (
AS28822 (
AS48118 (
AS49210 (
AS50659 (
AS57131 (
AS57133 (
AS57135 (
AS57176 (
AS57184 (
AS57415 (
AS57695 (
AS57724 (
AS57738 (
AS57786 (
AS57837 (
AS57906 (
AS57917 (

At present, the above 18 ASNs are currently announcing routes for a total
amount of IP space equal to 1,022 /24s, which is the rough equivalent of
an entire /14 block.  These IPv4 route announcements are listed below,
sorted by IPv4 (32-bit) start address.

Additional potentially relevant background information:

Current route announcements:

More information about the NANOG mailing list