AS3266: BitCanal hijack factory, courtesy of many connectivity providers

• Previous message (by thread): AS3266: BitCanal hijack factory, courtesy of Cogent, GTT, and Level3
• Next message (by thread): AS3266: BitCanal hijack factory, courtesy of Cogent, GTT, and Level3
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

GTT takes all AUP violations extremely seriously.  Any offending parties mentioned in this thread 
have been dealt with accordingly, and GTT now considers the matter resolved from its side.

On 6/25/2018 9:49 PM, Ronald F. Guilmette wrote:
> Sometimes I see stuff that just makes me shake my head in disbelief.
> Here is a good example:
>
>      https://bgp.he.net/AS3266#_prefixes
>
> I mean seriously, WTF?
>
> As should be blatantly self-evident to pretty much everyone who has ever
> looked at any of the Internet's innumeriable prior incidents of very
> deliberately engineered IP space hijackings, all of the routes currently
> being announced by AS3266 (Bitcanal, Portugal) except for the ones in
> 213/8 are bloody obvious hijacks.  (And to their credit, even Spamhaus
> has a couple of the U.S. legacy /16 blocks explicitly listed as such.)
>
> That's 39 deliberately hijacked routes, at least going by the data
> visible on bgp.he.net.  But even that data from bgp.he.net dramatically
> understates the case, I'm sorry to say.  According to the more complete
> and up-to-the-minute data that I just now fetched from RIPEstat, the real
> number of hijacked routes is more on the order of 130 separate hijacked
> routes for a total of 224,512 IPv4 addresses:
>
>      https://pastebin.com/raw/Jw1my9Bb
>
> In simpler terms, Bitcanal has made off with the rough equivalent of an
> entire /14 block of IPv4 addresses that never belonged to them.  (And of
> course, they haven't paid a dime to anyone for any of that space.)
>
> Of couse we could all be shocked (Shocked!) at this turn of events if
> it were not for the fact that Bitcanal already has a rich, longstanding,
> and sordid history of involvement with IP space hijacks.  All one has to
> do is google for "Bitcanal" and "hijack" to find that out.  This isn't
> exactly a state secret.  In fact if you lookup "IP space hijacking" in
> any modern Internet dictionary you'll find Mr. Joao Silveira's picture
> next to the definition: https://twitter.com/bitcanal :-)
>
> This guy Silveira has obviously decided that he is a law unto himself,
> and can grab whatever IP space happens to be lying around for his own
> purposes... and no need to fill out any tedious forms -or- pay any fees
> for using any of this space to any of those annoying Regional Internet
> Registries.
>
> As usual, and as I have said here previously, I generally don't mind too
> much when these kinds of greedy idiots decide to color outside the lines.
> As long as they just confine themselves to hijacking abandoned IP blocks
> belonging to banks and/or government agencies, well then it's no skin off
> my nose.  But when they start reselling their stolen IP space to spammers,
> as Mr.  Silveira is apparently in the habit of doing, then I get ticked off.
> And actually, Mr. Silveira must be *exceptionally* greedy in that he is
> apparently not satisfied to just sub-lease his own legitimate IP space to
> snowshoe spammers, as he is clearly doing:
>
>      https://pastebin.com/raw/5P5rnQ2y
>
> Obviously, merely hosting snowshoe spammers in his own IP space isn't enough
> to keep Mr. Silveira in the style to which he has become accustomned, so he
> has to go out and rip off other people's IP space and then resell that to
> spammers also.
>
> The fact that there exists a jerk like this on the Internet isn't really
> all that surprising.  What I personally -do- find rather surprising is that
> three companies that each outght to know better, namely Cogent, GTT, and
> Level3 are collectively supplying more than 3/4ths of this guy's IPv4
> connectivity, at least according to the graph displayed here:
>
>      https://bgp.he.net/AS197426
>
> Without the generous support of Cogent, GTT, and Level3 this dumbass
> lowlife IP address space thief would be largely if not entirely toast.
> So what are they waiting for?  Why don't their turf this jackass?  Are
> they waiting for an engraved invitation or what?
>
> As I always ask, retorically, in cases like this:  Where are the grownups?
>
> I would like everyone reading this who is a customer of Cogent, GTT, or
> Level3 to try to contact these companies and ask them why they are providing
> connectivity/peering to a hijacking jerk like this Silveira character.
> Ask them why -you- have to endure more spam in your inbox just so that
> -they- can make another one tenth of one percent profit by peering with
> this hijacking, spammer-loving miscreant.  I would ask them myself, but
> I personally am not a direct customer of any of them, so they would all,
> most probably, just tell me to go pound sand.
>
> If you do manage to make contact, please be sure to mention all three of
> Mr. Silveira's ASNs, i.e. AS42229, AS197426, and AS3266.  And don't let
> whoever you talk to try to weasel out of responsibility for this travesty,
> e.g. by claiming that they don't know anything about what's been going on
> with all those hijacks announced by AS3266, and/or that they only provide
> peering for AS197426.  The hijacks may all be originating from Mr. Silveira's
> AS3266, but bgp.he.net makes clear that AS3266 has one, and only one peer,
> i.e. Mr. Silveira's AS197426:
>
>      https://bgp.he.net/AS3266
>
> So basically, Cogent, GTT, and Level3 are the prime enablers of this
> massive theft of IP space.  (They might try to claim that BitCanal's
> historical propensity to engage in hijacks is sonmething "brand new"
> or at least that -they- may not have been aware of it until now, in which
> case you should ask them if they have anybody on staff who is paying
> attention.  As noted above, it isn't as if Bitcanal just started pulling
> this crap yesterday.  Far from it.)
>
> Oh!  And you might also mention the fact that Spamhaus, and, I would guess,
> at least a few of the oether public blacklists already have most or all of
> Mr.  Silveira's IP space... hijacked or otherwise... blacklisted, presumably
> for good and ample cause.
>
> As long as Cogent, GTT, and Level3 are willing to go along with this
> nonsense, i.e. by selling peering to this Silveira thief, crime on
> the Internet -does- pay, and the theft of other people's IP space
> will continue to be rewarded rather than punished, as it should be.
>
> If that becomes the new normal for Internet behavior, then god help us
> all.
>
>
> Regards,
> rfg
>

• Previous message (by thread): AS3266: BitCanal hijack factory, courtesy of Cogent, GTT, and Level3
• Next message (by thread): AS3266: BitCanal hijack factory, courtesy of Cogent, GTT, and Level3
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]