Home page logo
/

nanog logo nanog mailing list archives

Ongoing ASN and IP Space Hijacks: Update (TimeWarner/Level3/Tiscali)
From: "Ronald F. Guilmette" <rfg () tristatelogic com>
Date: Mon, 25 Apr 2011 15:22:39 -0700


Eleven days ago, I reported here the following highly probable hijacks:

AS8143
AS29987
AS11756
AS47024
AS27906

198.23.32.0/20 - NET-198-23-32-0-1
198.57.64.0/20 - NET-198-57-64-0-1
199.88.32.0/20 - NET-199-88-32-0-1
199.192.16.0/20 - NET-199-192-16-0-1
199.196.192.0/19 - NET-199-196-192-0-1
200.107.216.0/21 - GT-AGSA1-LACNIC
204.147.240.0/20 - NET-204-147-240-0-1
207.22.224.0/19 - (NET-207-22-192-0-1

Routing to a few of the above IP blocks has now been terminated, however
at present I find that several of them are still very much alive and well,
in particular:

199.88.32.0/20 - NET-199-88-32-0-1
199.196.192.0/19 - NET-199-196-192-0-1
200.107.216.0/21 - GT-AGSA1-LACNIC
204.147.240.0/20 - NET-204-147-240-0-1

As I previously mentioned, these are being used by high-end snowshoe spamming
operations.

Simple question:  Does anybody give a damn?


Regards,
rfg


P.S.  Routing for the still-live hijacked blocks is as follows:

199.88.32.0/20 hijacked via AS29987 (hijacked ASN) via AS3257 (tiscali.net)

199.196.192.0/19 hijacked via AS8143 (hijacked ASN) via AS19844 (gorack.com)
                        via AS4323/TimeWarner & AS3356/Level3

200.107.216.0/21 hijacked via AS8143 (hijacked ASN) via AS19844 (gorack.com)
                        via AS4323/TimeWarner & AS3356/Level3

204.147.240.0/20 hijacked via AS47024 (hijacked ASN) via AS3257 (tiscali.net)
        

P.P.S.  As I also mentioned previously, GoRack seems to have some non-trivial
connection to another South Florida company, Joytel Wireless, which itself
was caught red-handed performing a sizable number of rather brazen IP block
hijackings back in October:

   http://mailman.nanog.org/pipermail/nanog/2010-October/025997.html

Given that Joytel/GoRack are clearly not at all bashful about what they
are up to, it seems to me that it is incumbant upon TimeWarner and Level3
to take some action here.  Otherwise, these hijackings are obviously just
going to go on and on and on.

As for Tiscali, and its obvious part in all this... well... if anyone is
aware of any concious entity @ Tiscali who might actually give a damn about
anything other than short-term profits, please do let me know.  The people
I've talked to, and the evidence above all indicates that Tiscali is, quite
simply, ready, willing, and able to whore itself out to just about anybody.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]