Home page logo
/

nanog logo nanog mailing list archives

Re: Prefix hijacking by Michael Lindsay via Internap
From: Denis Spirin <noc () link-telecom net>
Date: Mon, 29 Aug 2011 02:37:17 +0200

Hi All,

I looked up here http://www.robtex.com/as/as31733.html#graph internap on
24th of August and found Internap announced our networks to Telia, Cogent,
NTT, Glbx and Tinet.
I wrote to all of them.

First reply was from Tinet. They even had a time and wish to call me by the
phone. They said stopped the crime route and started the investigation with
Internap.
Then was the short reply from NTT said they asked Internap for comments, and
silence after it.
Telia, Cogent (which is very brave in some cases not to route networks are
in Spamhaus lists, but not in this case somehow) and GLBX had not replied at
all.

Now I see on the picture above there are new direct announces to Savvis, ATT
and Sprint. I know well this crime only need to be reachable from AOL they
do spamming. And it can be not only via Tier1. As Internap don't reply to
our mails, and spread the direct announcement to avoid possible Tier1
filtering, I now believe Internap itself is involved in this crime and doing
such things with open eyes and with acquiescence of Tier1's.

You don't care? So look at this. Now there are a lot of networks can be
considered lost and unused. And only a few of them like us will be back to
business. It's easy to do hijacking without any interaction with actually
working networks. Things are changing. One year later, there will be almost
none of free or unused IPv4 networks. If nothing will be changed, such crime
will hijack YOUR working networks. Because of it will be still possible, it
will be still scot-free, and nobody still be care. It enough to hijack a
part of your network like more specific prefix for only a few days to do a
mass spamming, this makes your network completely dirty and probably
unusable in future. So why not?

I good understand there is no technical means to prevent hijacks. But it can
be some administrative good practice to stop it. The penalty for that and
for assistance in that may let the crime think twice before doing a hijack,
or better let it be not profitably at all.

The step forward can be following the routing registry databases like RIPE
DB, at least for that controversial cases. But Internap ignores it, as well
as their uplinks.

2011/8/21 Jimmy Hess <mysidia () gmail com>

If it continues to be a problem,  find the upstreams'  upstreams,
until you are sending letters to Tier1 operators.



Regards,

--
-JH



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]