Another day, another illicit SQUAT - WebNX (AS18450)

Tom Beecher beecher at
Fri Oct 28 22:30:49 UTC 2016

Spammers are doing a great job abusing the gaps in the systems. Another
common pattern in the last 12-14 months has been a combination of squatting
on an AS, forging some business documentation, buying transit to an IX, and
proceeding to hijack prefixes over bilateral peering sessions.

Pain in the rear to catch, even worse when the IX and transit providers
aren't receptive to do anything about it when it's brought to their
attention because the business docs used to instantiate those services are
'good enough', and they have a fiduciary interest in _not_ disconnecting
the IX port or circuit.

This will continue to be the norm until prefix validation is standardized
and in widespread use.

On Fri, Oct 28, 2016 at 5:40 PM, Ronald F. Guilmette <rfg at>

> I just got a spam from  The containing /24 appears to
> be unallocated APNIC space.
> RIPE tools seem to say that AS18450 has been routing this block since
> around May 23rd.
> I see this kind of stuff almost every day now, it seems.  And you know,
> there are days when I really do start to wonder "Has the Internet gone
> mad?"
> I'm going to call these turkeys right now and just ask them, point
> blank, what the bleep they think they're doing, routing unallocated
> APNIC space.  But if history is any guide, this is probably going to
> turn out to be another one of these "absentee landlord" kinds of ASes,
> where all they have is an answering machine.
> I have to either laugh or cry when I see people posting here about the
> non-functionality of [email protected] email addresses, and then see other people
> saying "Well, this is why all ASes also have phone numbers."
> I wish I had a dollar for every AS I had ever tried to contact where
> -neither- the [email protected] address -nor- the phone number got me to any
> actual human being.
> Regards,
> rfg

More information about the NANOG mailing list