IP Hijacking For Dummies

Ronald F. Guilmette rfg at tristatelogic.com
Mon Jun 5 23:46:04 CST 2017


Late last night, I put together the following simple annotated listing of
the routes being announced by AS34991.

Beyond the quite apparent fact that this "Bulgarian" network is announcing
a bunch of routes for blocks of IPv4 space allocated to various parties
within the nation of Columbia (including the National University thereof)
the other thing that struck me about this was the apparent relevance of
a company called "host-offshore.com".

Looking at the web site for that, it provides only a single contact
phone number which is unambiguously a -Pakistani- phone number.  But
of course, that makes perfect sense, because Pakistan is just down the
street from Bulgaria (NOT!)

It did also strike me as passing strange that this company has apparently
elected to not actually put its own web server, name servers, or mail
server anywhere within its own duly allocated IPv4 blocks.

Things got even a bit more interesting when I tried to actually order a
server from this company.  Apparently, all of their virtual servers
are "sold out".  However... and please, somebody check me on this...
I guess that all of the browsers on all of the platforms I have ready
access to are broken or something, because try as I might, I could never
quite succeed at reaching any page on this company's web site where I
could order up -any- kind of server, virtual, dedicated, or otherwise.

So, you know, this hosting company appears somewhat unique and unusual,
at least from where I am sitting, in the sense that it is perhaps the
only such "hosting" company that I've ever run across in my travels that
doesn't actually have -anything- for sale.

Personally, I don't really give a rat's ass if this site is just a cover
for some inept criminals, or for Panstani ISI, or for the FSB, or for
some of Putin's patriots, or even if it belongs to the NSA.  But I cannot
help but bemoan the fact that here we are, and it is 2017 already, and
yet, whichever bunch of lame-ass jerks are in fact behind this thing,
apparently aren't even capable of slapping together a cover web site
that is more than just some entirely shallow and not very effective false
front.

As a researcher and student of such things, I just think that by now,
in 2017, we should have a somewhat more skilled class of frauds, rogues,
criminals and spies on the Internet.  I mean this is just baby stuff,
and it only takes a couple of minutes and few clicks to see past such
transparent gibberish.

So c'mon all ye criminals, rogues and spys!  You need to up your game
fer cryin' out loud!  At least present us with something a bit more
challenging than -this- kind of very superflous crap.  I mean, have you
no self-respect?

Geeeessshhh!


Regards,
rfg



=======================================================================
79.124.77.0/24  -- Bulgaria -- host-offshore.com
82.118.233.0/24 -- Blugaria -- wirelessnetbg.info
91.92.144.0/24  -- Bulgaria -- host-offshore.com
130.185.254.0/24 -- Belize? -- host-offshore.com - formerly routed by Verdina)
152.204.132.0/24 -- Columbia
152.204.133.0/24 -- Columbia
152.231.25.0/24 -- Columbia
152.231.28.0/24 -- Columbia
168.176.187.0/24 -- Columbia, National University of
168.176.192.0/24 -- Columbia, National University of
168.176.194.0/24 -- Columbia, National University of
168.176.218.0/24 -- Columbia, National University of
168.176.219.0/24 -- Columbia, National University of
179.1.71.0/24 -- Columbia
181.57.40.0/24 -- Columbia
186.113.13.0/24 -- Columbia
186.113.15.0/24 -- Columbia
186.147.230.0/24 -- Columbia
190.90.31.0/24 -- Columbia
190.90.88.0/24 -- Columbia
200.1.65.0/24 -- Columbia
200.14.44.0/24 -- Columbia
200.24.3.0/24 -- Columbia
200.24.5.0/24 -- Columbia



More information about the NANOG mailing list