nanog mailing list archives
Re[4]: The in-your-face hijacking example, was: Re: Who is announcing bogons?
From: Richard Cox <Richard () mandarin com>
Date: Thu, 01 May 2003 18:07:33 +0100
On Thu 1 May 2003 06:28:16 (UTC), Dan Hollis <goemon () anime net> wrote: | ... apparently you have a portscanner on 170.208.15.82. Which is a salient reminder that while spam may be the most visible indication of compromised machines, bogus routing etc) it is likely to be by far the least of the evils that will originate from such a source. Spot the spam, catch the REAL problem ... prevent more serious issues. On Wed, 30 Apr 2003 22:36:57 (UTC), william () elan net wrote: | I would not be so sure that LANET-1 ASN has anything to do with | LANET-1 Network or with LANET organization id. To be frank, I wasn't as sure as I wanted to be; that's why I simply pointed to the repeated use of the LANET-1 label, so that others could make their own judgements. Further research confirms William is right about it being a California LANET: compare the listing for 170.208.0.0 in: http://euclid.math.brandeis.edu/turtschi/whois/netb22.html with the listing for (the block currently in use by LA County) 159.83.0.0 in: http://euclid.math.brandeis.edu/turtschi/whois/netb16.html I have today spoken to the appropriate people who have confirmed their ongoing ownership of the block and are now taking appropriate action. We have also identified how the deception was carried out in this case. For the record, the current routing analysis is as follows: Netblock BGP route Announced by 170.208.0.0/24 174 16631 Cogent 170.208.1.0/24 6939 26346 27595 Atrivo 170.208.2.0/24 6939 26346 27595 Atrivo 170.208.3.0/24 6939 26346 27595 Atrivo 170.208.4.0/24 6939 26346 27595 Atrivo 170.208.5.0/24 6939 26346 27595 Atrivo 170.208.6.0/24 6939 26346 27595 Atrivo 170.208.7.0/24 6939 26346 27595 Atrivo 170.208.8.0/24 174 16631 Cogent 170.208.9.0/24 6939 26346 27595 Atrivo 170.208.10.0/24 6939 26346 27595 Atrivo 170.208.11.0/24 6939 26346 27595 Atrivo 170.208.12.0/24 6939 26346 27595 Atrivo 170.208.13.0/24 6939 26346 27595 Atrivo 170.208.14.0/24 6939 26346 Digital Wireworks 170.208.15.0/24 6939 26346 27595 Atrivo 170.208.17.0/24 6939 26346 Digital Wireworks 170.208.18.0/24 6939 26346 27595 Atrivo -- Richard Cox
Current thread:
- Re: Re[2]: The in-your-face hijacking example, was: Re: Who is announcing bogons? emil (Apr 30)
- Re: Re[2]: The in-your-face hijacking example, was: Re: Who is announcing bogons? Scott Granados (Apr 30)
- Re: Re[2]: The in-your-face hijacking example, was: Re: Who is announcing bogons? just me (May 01)
- <Possible follow-ups>
- Re: Re[2]: The in-your-face hijacking example, was: Re: Who is announcing bogons? Dan Hollis (Apr 30)
- Re: Re[2]: The in-your-face hijacking example, was: Re: Who is announcing bogons? just me (May 01)
- Re: Re[2]: The in-your-face hijacking example, was: Re: Who is announcing bogons? Scott Granados (May 01)
- Re[4]: The in-your-face hijacking example, was: Re: Who is announcing bogons? Richard Cox (May 01)
- Re: Re[4]: The in-your-face hijacking example, was: Re: Who is announcing bogons? Mike Leber (May 01)
- Re[6]: The in-your-face hijacking example, was: Re: Who is announcing bogons? Richard Cox (May 01)
- Re: Re[4]: The in-your-face hijacking example, was: Re: Who is announcing bogons? Scott Granados (May 01)
- Re: Re[2]: The in-your-face hijacking example, was: Re: Who is announcing bogons? emil (May 02)
- Re: Re[2]: The in-your-face hijacking example, was: Re: Who is announcing bogons? bdragon (May 03)
- Re[4]: The in-your-face hijacking example, was: Re: Who is announcing bogons? Richard Cox (May 03)
- Re: Re[4]: The in-your-face hijacking example, was: Re: Who is announcing bogons? Scott Granados (May 03)
- Re: Re[4]: The in-your-face hijacking example, was: Re: Who is announcing bogons? Scott Granados (May 03)
- Re: Re[4]: The in-your-face hijacking example, was: Re: Who is announcing bogons? Simon Lyall (May 04)
- 69/8 was Re: Re[4]: The in-your-face hijacking example, was: Re: Who is announcing bogons? jlewis (May 04)
- Re: Re[2]: The in-your-face hijacking example, was: Re: Who is announcing bogons? bdragon (May 03)