nanog mailing list archives
Re: Yet more hijacked space? - deru.net
From: Darin Wayrynen <darin () deru net>
Date: Sun, 4 May 2003 01:28:22 -0700 (MST)
I try to make it a habit of responding only to accusations when I can identify the accuser, but well, it's Friday night and I have a few minutes of time to spare. Btw, Hushmail is great for stirring up crap and hiding from the potential backlash. Wonder what you will, but our space is not hijacked. Only Networking is Deru - always has been - some of our equipment/colo facilities are (and have been) on the address on our AS registration. The ins/outs of DSS are public, you just need to dig deeper than you have - we are not required to justify anything to you. Personally, I think Deru has done it's part to help the Nanog community - I seem to vaguely remember us providing the bandwidth to the last Nanog here in Phoenix a couple of months ago, gratis, free of charge, provided over this very ip space. Thanks for your support in return! Wait, you don't represent Nanog, you represent a no-name anonymous email address... We (including Richard Rupp) have better things to spend our time on... Like pondering why so many "backbones" still don't source filter their customers so we wouldn't have to play around with 500Kpps syn floods (with randomized ips) aimed at us on Friday nights... Ciao, Darin
Since were on the topic of hijacked ipspace, i find myself wondering about deru.net "Deru, the name you can trust, from people you can trust." - Quoted from www.deru.net Ok, so this is the name you can trust, from the people you can trust, right? Well then, why would it appear that Deru.net, the local ISP you can trust is using hijacked ip space? It would appear as if Deru.net is using: www.deru.net has address 140.99.0.15 My handy dandy whois tool tells me this range belongs to: OrgName: Datability Software Systems, Inc. OrgID: DERU Address: 14982 N 83rd PL Ste 201 City: Scottsdale StateProv: AZ PostalCode: 85260 Country: US NetRange: 140.99.0.0 - 140.99.255.255 CIDR: 140.99.0.0/16 NetName: DSS1 NetHandle: NET-140-99-0-0-1 Parent: NET-140-0-0-0-0 NetType: Direct Allocation NameServer: NS1.DERU.NET NameServer: NS2.DERU.NET Comment: RegDate: 1990-04-12 Updated: 2001-08-01 TechHandle: DW19-ARIN TechName: Wayrynen, Darin TechPhone: +1-480-998-7237 TechEmail: darin () deru net Before this network was modified it contained: 140.99.0.0 Datability Software Systems, Inc. NET-DSS1 322 Eighth Avenue New York, NY 10001 US 140.99.0.0 C DSS1 Rupp, Richard L. (RLP39) rich () PLUTO DSS COM (201) 438-2400 Handy dandy route-server tells us: route-server.cw.net>sh ip bgp 140.99.0.0 255.255.0.0 l BGP table version is 2788023425, local router ID is 209.1.220.234 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *>i140.99.0.0 208.172.146.30 100 0 1239 11588 2 7136 i * i 208.172.146.29 100 0 1239 11588 2 7136 i *>i140.99.96.0/19 208.172.146.30 100 0 1239 11588 2 i * i 208.172.146.29 100 0 1239 11588 2 i * i140.99.120.0/22 208.172.146.29 100 0 1239 11588 2 26978 i *>i 208.172.146.30 100 0 1239 11588 2 26978 i route-server.cw.net> And once again, handy dandy whois tool tells us: OrgName: Only Networking Inc. (ONLY2-DOM) OrgID: ONIO Address: 3443 North Central, 17th Floor City: Phoenix StateProv: AZ PostalCode: 85013 Country: US ASNumber: 7136 ASName: ONLY ASHandle: AS7136 Comment: RegDate: 1996-09-16 Updated: 1996-09-16 TechHandle: DW19-ARIN TechName: Wayrynen, Darin TechPhone: +1-480-998-7237 TechEmail: darin () deru net Im finding it odd that not a single thing, other than the POC email for a questionable /16 and the ASN announcing questionable /16 has anything to do with deru.net. Also, my friend google tells me this: http://216.239.57.100/search?q=cache:aHJS20Er5m0C:members.aol.com/karima4483/resume_c.html+%22Datability+Software+Systems, +Inc.%22&hl=en&ie=UTF-8 smlnk: http://smlnk.com/?21ZQK6FP So it would appear that Datability Software Systems, Inc. was located in Natick, Mass, and became Penril Datability Networks http://216.239.37.100/search?q=cache:87PPbzXONd0C:isdn.modemhelp.net/p/penrildatabilitynetworks.shtml+Penril+Datability+Networks+&hl=en&ie=UTF- 8 smlnk:http://smlnk.com/?08DJKDW3 It now appears that Penril Datability Networks was split up, with thier assets being aquired by Bay Networks, and Access Beyond. http://216.239.33.100/search?q=cache:jSOOHJ6s9fkC:www.cgraphix.com/39_detail_clients.html+Access+Beyond+%2BPenril&hl=en&ie=UTF- 8 smlnk: http://smlnk.com/?UHXEPYDC That leaves us with Access Beyond, a manufacturer of remote access telecom products. And whose website is now owned by a cybersquatter. Now the question at hand is, at which point did this hardware company become Deru.net, the Internet Service Provider you can trust? was this before, or after Penril Datability Networks Inc/Bay Networks/Access Beyond.? Did everyone decide to move to arizona and start an ISP? or is this just another example of IP hijacking that we all find ourselves taking a look at. Can deru.net provide documents that say they bought or were aquired by Datability Software Systems, Inc/Penril Datability Networks/Bay Networks/Access Beyond.? There are other companies using this address space (eldosales.com) but they dont have the appearance of owning a possibly hijacked /16 Regards, IP Police Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427
Current thread:
- Yet more hijacked space? - deru.net arincop (May 04)
- Re: Yet more hijacked space? - deru.net Darin Wayrynen (May 04)
- Re: Yet more hijacked space? - deru.net Darin Wayrynen (May 04)
- Re: Yet more hijacked space? - deru.net Paul Vixie (May 04)
- Re: Yet more hijacked space? - deru.net Sean Donelan (May 04)
- RE: Yet more hijacked space? - deru.net Stephen Sprunk (May 07)
- Re: Yet more hijacked space? - deru.net Darin Wayrynen (May 04)