AS3266: BitCanal hijack factory, courtesy of Cogent, GTT, and Level3

Thomas King thomas.king at
Tue Jun 26 14:08:58 UTC 2018

I am the guy who gave the presentation. We ask our customers to report misbehavior of peers at DE-CIX IXPs (e.g. IP hijack, ASN hijacks) to abuse at We will look into reported cases and collect evidence so that we can act accordingly. So far, this process helped us to identify and fix configuration errors from peers on a few occasions. Also, as a last resort we expelled a small number of permanent and notorious rule breakers.

Best regards,

On 26.06.18, 15:16, "IXP User One" < at> wrote:

    Hi all,
    I have heard that DE-CIX expelled BitCanal from their IXPs. One of their
    guys also gave a presentation about how DE-CIX handles abuse cases:
    I don't know how other IXPs are handling such cases. Would be interesting
    to know.
    Best regards,
    On Tue, Jun 26, 2018 at 9:35 AM, Hank Nussbacher <hank at>
    > On 26/06/2018 07:49, Ronald F. Guilmette wrote:
    > You are mistaken.  Cogent and Level3 are signatories to MANRS:
    > so this clearly can't happen and you are making this up.
    > :-)
    > -Hank
    > >
    > >
    > > The fact that there exists a jerk like this on the Internet isn't really
    > > all that surprising.  What I personally -do- find rather surprising is
    > that
    > > three companies that each outght to know better, namely Cogent, GTT, and
    > > Level3 are collectively supplying more than 3/4ths of this guy's IPv4
    > > connectivity, at least according to the graph displayed here:
    > >
    > >
    > >
    > > Without the generous support of Cogent, GTT, and Level3 this dumbass
    > > lowlife IP address space thief would be largely if not entirely toast.
    > > So what are they waiting for?  Why don't their turf this jackass?  Are
    > > they waiting for an engraved invitation or what?
    > >
    > > As I always ask, retorically, in cases like this:  Where are the
    > grownups?
    > >
    > > I would like everyone reading this who is a customer of Cogent, GTT, or
    > > Level3 to try to contact these companies and ask them why they are
    > providing
    > > connectivity/peering to a hijacking jerk like this Silveira character.
    > > Ask them why -you- have to endure more spam in your inbox just so that
    > > -they- can make another one tenth of one percent profit by peering with
    > > this hijacking, spammer-loving miscreant.  I would ask them myself, but
    > > I personally am not a direct customer of any of them, so they would all,
    > > most probably, just tell me to go pound sand.
    > >
    > > If you do manage to make contact, please be sure to mention all three of
    > > Mr. Silveira's ASNs, i.e. AS42229, AS197426, and AS3266.  And don't let
    > > whoever you talk to try to weasel out of responsibility for this
    > travesty,
    > > e.g. by claiming that they don't know anything about what's been going on
    > > with all those hijacks announced by AS3266, and/or that they only provide
    > > peering for AS197426.  The hijacks may all be originating from Mr.
    > Silveira's
    > > AS3266, but makes clear that AS3266 has one, and only one
    > peer,
    > > i.e. Mr. Silveira's AS197426:
    > >
    > >
    > >
    > > So basically, Cogent, GTT, and Level3 are the prime enablers of this
    > > massive theft of IP space.  (They might try to claim that BitCanal's
    > > historical propensity to engage in hijacks is sonmething "brand new"
    > > or at least that -they- may not have been aware of it until now, in which
    > > case you should ask them if they have anybody on staff who is paying
    > > attention.  As noted above, it isn't as if Bitcanal just started pulling
    > > this crap yesterday.  Far from it.)
    > >
    > > Oh!  And you might also mention the fact that Spamhaus, and, I would
    > guess,
    > > at least a few of the oether public blacklists already have most or all
    > of
    > > Mr.  Silveira's IP space... hijacked or otherwise... blacklisted,
    > presumably
    > > for good and ample cause.
    > >
    > > As long as Cogent, GTT, and Level3 are willing to go along with this
    > > nonsense, i.e. by selling peering to this Silveira thief, crime on
    > > the Internet -does- pay, and the theft of other people's IP space
    > > will continue to be rewarded rather than punished, as it should be.
    > >
    > > If that becomes the new normal for Internet behavior, then god help us
    > > all.
    > >
    > >
    > > Regards,
    > > rfg
    > >
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5353 bytes
Desc: not available
URL: <>

More information about the NANOG mailing list