Notice: Fradulent RIPE ASNs

Ronald F. Guilmette rfg at
Wed Jan 16 10:55:10 UTC 2013

In message <CAP-guGVs-kCYoSkNNs+v8R1gDKBpmkuuFM1eNgqvhqh0pR0gCA at>
William Herrin <bill at> wrote:

>What is your goal here?

Primarily to inform.

Forewarned is forearmed.  Wouldn't you agree?

>Is there some action that any particular NANOG
>participant should take based on your opinion?

Dropping all route announcements from the 18 fraudlent ASNs I listed,
together with all those from AS2876, and avoiding propagating any of
said routes to any other parties would, I think, be an altogether
prudent step for all concerned.

Unless of couse your are hosting one or more spam research organizations
that are eager to collect as much spam as possible.


P.S.  It is most probably unnecessary to worry about blocking route
announcements relating to any of the separate set of five bogus ASNs
documented here:

It is unnecessary to block any such route announcements because owing to
the good work Spamhaus did already in publicising these other five "rogue"
ASNs... which also got all of their IP space from JUMP.RO... none of them
is even announcing routes anymore.  (Well, at least that's what it looks
like from where I am sitting.)

More information about the NANOG mailing list