AS202746 Hijacks: Is Telia (a) stupid, or (b) lazy, or (c) complicit?

Ronald F. Guilmette rfg at
Wed Aug 2 07:36:27 UTC 2017

The annotations in the RIPE WHOIS record for AS202746 seem pretty clear to me.
This thing is B-O-G-U-S!

Even RIPE, which is always reticent to say any bad things about any of its
crooked customers... even after they have kicked them out of RIPE altogether,
e.g. for being just toooooo obviously and blatantly crooked...  was able to
determine that this particular AS is rubbish, and said so, right in the
WHOIS record:

   remarks: this object has been locked by the RIPE NCC pending deregistration

So, you know, what's up with Telia (AS1299) which is the one and only peer of
this stupid thing (AS202746)?

I only ask because AS202746 is currently blatantly and obviously hijacking the
following four separate Brazillian /22 blocks:

Unlike a lot of other cases I've seen of late, Telia can't even fall back on
the lame excuse that "Oh!  Gosh!  We are only passing those routes through
for our customer because they have corresponding route objects properly
registered in the RIPE IRR telling us that it's A-OK for them to route this

Whoever the actual hijacker is in this case, he/she/it didn't even bother to
create bogus route objects in the RIPE data base, even though it is trivially
easy for any criminal who can fog a mirror to do that.

So, as the Subject line above says, I'd like to hear opinions on the following
pertinent question:

   Is Telia (a) stupid, or (b) lazy, or (c) complicit?

Vote early!  Vote often!

(I wouldn't even mind about these blatant hijackings if it were not for the
fact that all of those hijacked /22 blocks have, quite predictably, been
filed to the brim with outbound mail servers belonging to some snowshoe
spammer... which is par for the course these days when it comes to IPv4
space hijackings.)


P.S.   Over on some of the RIPE mailing lists, they've recently been discussing
whether or not to continue allowing Joe Random Criminal to create totally
unauthorized and totally unchecked/unverified (and typically bogus) route
objects in the RIPE data base for so-called "out of region" IP address block
resources.  Of course, if anybody had any brains or any backbone over on that
side of the pond, they would have done this already ten years ago.  But such
is the pace of change in the Old World, where even the most obvious things
can't be implemented until everybody and his brother agrees, including even
the stupid kid.

My point, of course, is that even when and if those crazy europeans get around
to doing the obviously rational thing... like locking the door to the bank
before you leave at night... even that won't and wouldn't have made one wit
of difference to this case of Telia's passing of the bogus/hijacked routes
being announced by AS202746, which is ongoing, as we speak.  There's no
authority anywhere that I am aware of that is telling the Telia folks that
it is OK for either them or their customer to pass out those routes.  They
are just doing it, because, quite obviously, they are being -paid- to do it,
and screw everybody else.  We can all just shut up and eat our spam, I guess.

More information about the NANOG mailing list