nanog mailing list archives
Notice: Fradulent RIPE ASNs
From: "Ronald F. Guilmette" <rfg () tristatelogic com>
Date: Mon, 14 Jan 2013 14:49:20 -0800
After a careful investigation, I am of the opinion that each of the following 18 ASNs was registered (via RIPE) with fradulent information purporting to represent the identity of the true registrant, and that in fact, all 18 of these ASNs were registered by a single party, apparently as part of a larger scheme to provide IP space to various snowshoe spammers. Evidence I have in hand strongly links this scheme and these ASNs and their associated IPv4 route announcements to Jump Network Services, aka JUMP.RO. Furthermore, all of these ASNs are apparently peering with exactly and only the same two other ASNs in all cases, i.e. GTS Telecom SRL (AS5606) and Net Vision Telecom SRL (AS39737). These peers and the fradulent ASNs listed below are all apparently originated out of Romania. AS16011 (fiberwelders.ro) AS28822 (creativitaterpm.ro) AS48118 (telecomhosting.ro) AS49210 (rom-access.ro) AS50659 (grandnethost.com) AS57131 (speedconnecting.ro) AS57133 (nordhost.ro) AS57135 (fastcable.ro) AS57176 (bucovinanetwork.ro) AS57184 (kaboomhost.ro) AS57415 (highwayinternet.ro) AS57695 (effidata.ro) AS57724 (id-trafic.ro) AS57738 (mclick.ro) AS57786 (hosting-www.ro) AS57837 (romtechinnovation.ro) AS57906 (momy.ro) AS57917 (nature-design.ro) At present, the above 18 ASNs are currently announcing routes for a total amount of IP space equal to 1,022 /24s, which is the rough equivalent of an entire /14 block. These IPv4 route announcements are listed below, sorted by IPv4 (32-bit) start address. Additional potentially relevant background information: http://threatpost.com/en_us/blogs/attackers-buying-own-data-centers-botnets-spam-122109 http://www.spamhaus.org/rokso/evidence/ROK9107/world-company-register-eu-business-register/rogue-ases-as43332-as44414-as44520-as49173-as49643 http://www.spamhaus.org/sbl/listings/jump.ro Current route announcements: 31.14.30.0/24 31.14.32.0/24 31.14.33.0/24 31.14.34.0/23 31.14.36.0/22 31.14.40.0/22 31.14.44.0/24 31.14.45.0/24 31.14.46.0/23 31.14.48.0/24 31.14.49.0/24 31.14.50.0/23 31.14.52.0/22 31.14.56.0/21 31.14.64.0/24 31.14.65.0/24 31.14.66.0/23 31.14.68.0/22 31.14.72.0/21 31.14.80.0/20 31.14.112.0/20 31.14.144.0/20 37.153.128.0/22 37.153.132.0/22 37.153.140.0/22 37.153.144.0/21 37.153.152.0/22 37.153.160.0/21 37.153.168.0/22 37.153.172.0/23 37.153.174.0/23 37.153.176.0/20 37.156.0.0/22 37.156.4.0/22 37.156.8.0/21 37.156.16.0/23 37.156.18.0/23 37.156.20.0/23 37.156.22.0/23 37.156.24.0/23 37.156.26.0/23 37.156.28.0/23 37.156.30.0/23 37.156.36.0/24 37.156.37.0/24 37.156.38.0/23 37.156.48.0/21 37.156.56.0/22 37.156.100.0/22 37.156.104.0/22 37.156.108.0/22 37.156.112.0/20 37.156.128.0/20 37.156.144.0/22 37.156.148.0/22 37.156.152.0/21 37.156.160.0/21 37.156.168.0/22 37.156.172.0/23 37.156.180.0/23 37.156.184.0/22 37.156.188.0/22 37.156.208.0/22 37.156.216.0/22 37.156.224.0/24 37.156.225.0/24 37.156.226.0/23 37.156.228.0/23 37.156.230.0/23 37.156.232.0/23 37.156.234.0/23 37.156.236.0/23 37.156.238.0/23 37.156.240.0/21 37.156.248.0/22 37.156.252.0/22 46.102.128.0/20 46.102.144.0/20 46.102.160.0/21 77.81.120.0/23 77.81.126.0/24 77.81.160.0/22 84.247.4.0/22 84.247.18.0/23 84.247.40.0/22 85.204.18.0/24 85.204.20.0/23 85.204.30.0/23 85.204.36.0/22 85.204.54.0/23 85.204.64.0/23 85.204.66.0/24 85.204.76.0/23 85.204.96.0/23 85.204.104.0/23 85.204.120.0/24 85.204.121.0/24 85.204.124.0/24 85.204.132.0/23 85.204.152.0/23 85.204.176.0/21 85.204.194.0/23 86.104.0.0/23 86.104.2.0/24 86.104.4.0/24 86.104.9.0/24 86.104.10.0/24 86.104.96.0/21 86.104.115.0/24 86.104.116.0/24 86.104.118.0/23 86.104.121.0/24 86.104.122.0/23 86.104.132.0/23 86.104.192.0/24 86.104.195.0/24 86.104.212.0/23 86.104.215.0/24 86.104.240.0/22 86.104.245.0/24 86.104.248.0/23 86.105.178.0/24 86.105.195.0/24 86.105.196.0/24 86.105.200.0/22 86.105.225.0/24 86.105.227.0/24 86.105.230.0/24 86.105.242.0/23 86.105.248.0/22 86.106.0.0/21 86.106.8.0/23 86.106.10.0/24 86.106.11.0/24 86.106.12.0/24 86.106.24.0/24 86.106.25.0/24 86.106.90.0/24 86.106.95.0/24 86.106.169.0/24 86.107.8.0/21 86.107.28.0/23 86.107.74.0/23 86.107.104.0/24 86.107.195.0/24 86.107.216.0/21 86.107.242.0/23 89.32.122.0/23 89.32.176.0/23 89.32.192.0/23 89.32.196.0/23 89.32.204.0/24 89.33.46.0/23 89.33.108.0/23 89.33.117.0/24 89.33.168.0/21 89.33.233.0/24 89.33.246.0/24 89.33.255.0/24 89.34.16.0/22 89.34.94.0/23 89.34.102.0/23 89.34.112.0/21 89.34.128.0/20 89.34.148.0/23 89.34.200.0/23 89.34.216.0/23 89.34.236.0/22 89.35.32.0/24 89.35.56.0/24 89.35.77.0/24 89.35.133.0/24 89.35.156.0/23 89.35.176.0/23 89.35.196.0/24 89.35.240.0/21 89.36.16.0/23 89.36.32.0/23 89.36.34.0/24 89.36.35.0/24 89.36.96.0/21 89.36.104.0/21 89.36.178.0/23 89.36.182.0/23 89.36.184.0/21 89.36.226.0/23 89.36.236.0/22 89.37.48.0/21 89.37.64.0/22 89.37.76.0/22 89.37.102.0/23 89.37.107.0/24 89.37.129.0/24 89.37.133.0/24 89.37.143.0/24 89.37.240.0/21 89.38.26.0/24 89.38.216.0/22 89.38.220.0/22 89.39.76.0/22 89.39.168.0/22 89.39.180.0/23 89.39.216.0/22 89.40.40.0/24 89.40.66.0/24 89.40.133.0/24 89.40.240.0/21 89.40.254.0/23 89.41.16.0/21 89.41.44.0/22 89.42.27.0/24 89.42.33.0/24 89.42.150.0/23 89.42.208.0/23 89.43.182.0/23 89.43.184.0/23 89.43.216.0/21 89.43.224.0/21 89.44.94.0/23 89.44.115.0/24 89.44.120.0/21 89.44.190.0/23 89.45.11.0/24 89.45.14.0/24 89.45.72.0/21 89.45.126.0/23 89.46.8.0/22 89.46.44.0/23 89.46.47.0/24 89.46.60.0/24 89.46.88.0/22 89.46.192.0/21 89.47.34.0/24 89.47.44.0/22 92.114.36.0/24 92.114.38.0/24 92.114.83.0/24 93.113.216.0/22 93.114.24.0/21 93.114.85.0/24 93.114.86.0/23 93.114.128.0/24 93.114.133.0/24 93.115.32.0/23 93.115.62.0/23 93.115.130.0/23 93.115.134.0/23 93.115.138.0/23 93.115.142.0/23 93.115.192.0/21 93.115.253.0/24 93.117.112.0/21 93.117.120.0/21 93.119.112.0/23 93.119.118.0/23 93.119.120.0/23 93.119.124.0/23 94.176.224.0/20 176.126.168.0/23 176.126.170.0/23 176.126.172.0/23 176.126.174.0/23 176.223.64.0/23 176.223.108.0/24 176.223.111.0/24 176.223.116.0/23 176.223.118.0/24 176.223.167.0/24 176.223.172.0/22 176.223.176.0/24 176.223.177.0/24 176.223.178.0/23 176.223.190.0/24 188.212.22.0/24 188.212.48.0/20 188.213.64.0/20 188.213.112.0/22 188.213.116.0/23 188.213.118.0/24 188.213.119.0/24 188.213.120.0/23 188.213.122.0/23 188.213.124.0/22 188.213.144.0/20 188.213.176.0/22 188.213.180.0/22 188.213.184.0/22 188.213.188.0/22 188.215.18.0/23 188.215.20.0/22 188.215.192.0/19 188.241.188.0/23 188.241.192.0/22 217.19.4.0/24
Current thread:
- Notice: Fradulent RIPE ASNs Ronald F. Guilmette (Jan 14)
- Re: Notice: Fradulent RIPE ASNs Eugeniu Patrascu (Jan 14)
- Re: Notice: Fradulent RIPE ASNs Alex Brooks (Jan 15)
- Re: Notice: Fradulent RIPE ASNs Ronald F. Guilmette (Jan 15)
- Re: Notice: Fradulent RIPE ASNs Sander Steffann (Jan 15)
- Re: Notice: Fradulent RIPE ASNs Suresh Ramasubramanian (Jan 15)
- Re: Notice: Fradulent RIPE ASNs Sander Steffann (Jan 15)
- Re: Notice: Fradulent RIPE ASNs Ronald F. Guilmette (Jan 16)
- Re: Notice: Fradulent RIPE ASNs Rich Kulawiec (Jan 16)
- Re: Notice: Fradulent RIPE ASNs Todd Underwood (Jan 16)
- Re: Notice: Fradulent RIPE ASNs Rich Kulawiec (Jan 16)
- Re: Notice: Fradulent RIPE ASNs Alex Brooks (Jan 15)
- Re: Notice: Fradulent RIPE ASNs Eugeniu Patrascu (Jan 14)