AS3266: BitCanal hijack factory, courtesy of Cogent, GTT, and Level3
thomas.king at de-cix.net
Tue Jun 26 14:08:58 UTC 2018
I am the guy who gave the presentation. We ask our customers to report misbehavior of peers at DE-CIX IXPs (e.g. IP hijack, ASN hijacks) to abuse at de-cix.net. We will look into reported cases and collect evidence so that we can act accordingly. So far, this process helped us to identify and fix configuration errors from peers on a few occasions. Also, as a last resort we expelled a small number of permanent and notorious rule breakers.
On 26.06.18, 15:16, "IXP User One" <ixp.user.one at gmail.com> wrote:
I have heard that DE-CIX expelled BitCanal from their IXPs. One of their
guys also gave a presentation about how DE-CIX handles abuse cases:
I don't know how other IXPs are handling such cases. Would be interesting
On Tue, Jun 26, 2018 at 9:35 AM, Hank Nussbacher <hank at efes.iucc.ac.il>
> On 26/06/2018 07:49, Ronald F. Guilmette wrote:
> You are mistaken. Cogent and Level3 are signatories to MANRS:
> so this clearly can't happen and you are making this up.
> > The fact that there exists a jerk like this on the Internet isn't really
> > all that surprising. What I personally -do- find rather surprising is
> > three companies that each outght to know better, namely Cogent, GTT, and
> > Level3 are collectively supplying more than 3/4ths of this guy's IPv4
> > connectivity, at least according to the graph displayed here:
> > https://bgp.he.net/AS197426
> > Without the generous support of Cogent, GTT, and Level3 this dumbass
> > lowlife IP address space thief would be largely if not entirely toast.
> > So what are they waiting for? Why don't their turf this jackass? Are
> > they waiting for an engraved invitation or what?
> > As I always ask, retorically, in cases like this: Where are the
> > I would like everyone reading this who is a customer of Cogent, GTT, or
> > Level3 to try to contact these companies and ask them why they are
> > connectivity/peering to a hijacking jerk like this Silveira character.
> > Ask them why -you- have to endure more spam in your inbox just so that
> > -they- can make another one tenth of one percent profit by peering with
> > this hijacking, spammer-loving miscreant. I would ask them myself, but
> > I personally am not a direct customer of any of them, so they would all,
> > most probably, just tell me to go pound sand.
> > If you do manage to make contact, please be sure to mention all three of
> > Mr. Silveira's ASNs, i.e. AS42229, AS197426, and AS3266. And don't let
> > whoever you talk to try to weasel out of responsibility for this
> > e.g. by claiming that they don't know anything about what's been going on
> > with all those hijacks announced by AS3266, and/or that they only provide
> > peering for AS197426. The hijacks may all be originating from Mr.
> > AS3266, but bgp.he.net makes clear that AS3266 has one, and only one
> > i.e. Mr. Silveira's AS197426:
> > https://bgp.he.net/AS3266
> > So basically, Cogent, GTT, and Level3 are the prime enablers of this
> > massive theft of IP space. (They might try to claim that BitCanal's
> > historical propensity to engage in hijacks is sonmething "brand new"
> > or at least that -they- may not have been aware of it until now, in which
> > case you should ask them if they have anybody on staff who is paying
> > attention. As noted above, it isn't as if Bitcanal just started pulling
> > this crap yesterday. Far from it.)
> > Oh! And you might also mention the fact that Spamhaus, and, I would
> > at least a few of the oether public blacklists already have most or all
> > Mr. Silveira's IP space... hijacked or otherwise... blacklisted,
> > for good and ample cause.
> > As long as Cogent, GTT, and Level3 are willing to go along with this
> > nonsense, i.e. by selling peering to this Silveira thief, crime on
> > the Internet -does- pay, and the theft of other people's IP space
> > will continue to be rewarded rather than punished, as it should be.
> > If that becomes the new normal for Internet behavior, then god help us
> > all.
> > Regards,
> > rfg
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5353 bytes
Desc: not available
More information about the NANOG