nanog mailing list archives
AS22558 - Routing apparently hijacked space
From: "Ronald F. Guilmette" <rfg () tristatelogic com>
Date: Tue, 12 Oct 2010 02:01:32 -0700
I can't take credit for finding this one. Somebody else on another mailing list I'm on actually found it. AS22558 itself _does not_ appear to be hijacked. Rather this is a relatively new (2009) AS, but the AS itself is very odd indeed. It's contact phone number isn't working, it apparently has no web site associated with its domain name (mpgnetworks.com) and although the whois record clearly indicates that the company behind this AS is located in California, the California Secretary of State's web site has no record of any "MPG Networks, LLC" operating legally within California. ===================================================================== ASNumber: 22558 ASName: MPGNET ASHandle: AS22558 RegDate: 2010-01-27 Updated: 2010-01-27 Ref: http://whois.arin.net/rest/asn/AS22558 OrgName: MPG Networks, LLC OrgId: MPGNE Address: 707 Wilshire, suite 411 City: Los Angeles StateProv: CA PostalCode: 90017 Country: US RegDate: 2009-11-03 Updated: 2009-11-03 Ref: http://whois.arin.net/rest/org/MPGNE OrgTechHandle: MNA72-ARIN OrgTechName: MPG Networks Admin OrgTechPhone: +1-213-867-3652 OrgTechEmail: admin () mpgnetworks com OrgTechRef: http://whois.arin.net/rest/poc/MNA72-ARIN ===================================================================== So anyway, this AS appears to currently be routing what looks an awful lot like a whole lot of abandoned legacy IP address space, to wit: 66.119.224.0/20 192.101.208.0/20 192.101.224.0/20 192.112.112.0/22 192.112.116.0/22 192.112.120.0/22 192.112.124.0/22 198.13.0.0/22 198.13.4.0/22 198.13.8.0/22 198.13.12.0/22 198.162.208.0/20 198.178.64.0/22 198.178.68.0/22 198.178.72.0/22 198.178.76.0/22 198.178.80.0/20 206.201.48.0/20 Furthermore, looking at the name server data for these blocks, what I see in them sure as heck looks an awful lot like snowshoe spam domains to me. (See listing attached below.) Last but not least, robtex.com indicates that this entire AS is only connected to the Internet via a single other AS, i.e. AS3491, aka "Beyond The Network America, Inc." And I'd just like to take this opportunity to remind everyone that AS3491 is also still the only connection to the Internet for two other hijacked ASes (and all of the apparently hijacked address space that each of those is announcing), i.e. AS6061 and AS10392. In short, it does appear that the crooks are now officially running the Internet. (And yes, I _did_ properly inform the fine folks at Beyond The Network America, Inc. last week that they were aiding and abetting the effective theft of IP address space by whoever has hijacked AS6061 and AS10392, _and_ I _did_ get an acknowledgement back from them, indicating clearly that some live human there had read my message. But no, apparently they don't give a rat's ass, and they are perfectly fine with aiding & abetting the hijacker(s) in this case... presumably as long as whoever it is keeps on sending them checks every month.) Regards, rfg =============================================================== 66.119.224.2 ns1.reliancethanks.com reliancethanks.com aftermathinformational.com 66.119.224.3 ns2.reliancethanks.com reliancethanks.com aftermathinformational.com 66.119.225.239 ns.uberslinger.org 66.119.230.2 ns1.sectionalplacement.com sectionalplacement.com 66.119.230.3 ns2.sectionalplacement.com sectionalplacement.com 66.119.236.2 ns1.sundayexceeding.com precisionwedge.com printablediscovered.com positivelyrecently.com platinumshall.com productionweekday.com sundayexceeding.com 66.119.236.3 ns2.sundayexceeding.com precisionwedge.com printablediscovered.com positivelyrecently.com platinumshall.com productionweekday.com sundayexceeding.com 192.101.239.253 fwd2.select1media.com fgty232oflyaway.com xswe321oracetrack.com asefo221shortness.com puth123ofreely.com jqtyo313outofbounds.com muiuo332consistent.com mjui332owalked.com etye112olightup.com ukkho121greatwin.com jlkk231believableo.com fthno223majority.com cddgo113longway.com select1media.com hngeo131intouch.com cdtu223leadingo.com zipi121ointhezone.com bhtq222oroadtrip.com sfewo331advantage.com cftho232likely.com qaxs221odarkness.com wefro212permanent.com fwd1.select1media.com fgty232oflyaway.com xswe321oracetrack.com asefo221shortness.com puth123ofreely.com jqtyo313outofbounds.com muiuo332consistent.com mjui332owalked.com etye112olightup.com ukkho121greatwin.com jlkk231believableo.com fthno223majority.com cddgo113longway.com select1media.com hngeo131intouch.com cdtu223leadingo.com zipi121ointhezone.com bhtq222oroadtrip.com sfewo331advantage.com cftho232likely.com qaxs221odarkness.com wefro212permanent.com 198.13.2.1 ns1.publicidad3d.info 198.162.208.4 ns1.dnsdeguyana.info unawareofthesubject.info toshowphilosopherof.info seekfromartbeauty.info passivelydiscoveredthinkabout.info ofartshakespeareanwhichour.info moonoftenprofessto.info lightetudetothe.info itsnormativesidenothing.info inpersonaladornmentbe.info hearsayintheworld.info betterworksofart.info besurecuttingwood.info aparttheart.info anotheruglyaestheticpurpose.info afewexamplesobjectjust.info itmustbebrought.com isbeyondtheprovince.com tastefinallyofselfscrutiny.com notexistforan.com theskepticorthe.com maylessentheprobabilities.com 198.162.208.5 ns2.dnsdeguyana.info unawareofthesubject.info toshowphilosopherof.info seekfromartbeauty.info passivelydiscoveredthinkabout.info ofartshakespeareanwhichour.info moonoftenprofessto.info lightetudetothe.info itsnormativesidenothing.info inpersonaladornmentbe.info hearsayintheworld.info betterworksofart.info besurecuttingwood.info aparttheart.info anotheruglyaestheticpurpose.info afewexamplesobjectjust.info itmustbebrought.com isbeyondtheprovince.com tastefinallyofselfscrutiny.com notexistforan.com theskepticorthe.com maylessentheprobabilities.com 198.178.64.4 ns1.barranquilla-dns.info thelesscanbe.info theirachievedrelationshe.info subjecttocorrectionjudgments.info psychologyinterestinbeauty.info principlesislessenthe.info primitivemenbeautyitself.info partofthesubject.info ourownpurposesabsolutely.info ofacriticrelations.info methodofobservationas.info lackofunderstandingof.info forusoftenprofess.info correctionthepathwayhimself.info andfunctionstheoreticalanalysis.info allappreciationofparticular.info accurateinjudgmentis.info 198.178.64.5 ns2.barranquilla-dns.info thelesscanbe.info theirachievedrelationshe.info subjecttocorrectionjudgments.info psychologyinterestinbeauty.info principlesislessenthe.info primitivemenbeautyitself.info partofthesubject.info ourownpurposesabsolutely.info ofacriticrelations.info methodofobservationas.info lackofunderstandingof.info forusoftenprofess.info correctionthepathwayhimself.info andfunctionstheoreticalanalysis.info allappreciationofparticular.info accurateinjudgmentis.info 206.201.50.2 ns1.respectivemotive.com pensplaces.com interviewedseller.com generallyrumored.com regulatorsstretches.com mailedmission.com forecasterpanic.com generosityamount.com itemprep.com fascinatingfixings.com schemepowerful.com scotlandwonderful.com fontvaried.com grindstonesocal.com exitingfuturists.com respectivemotive.com itemsupporting.com silkbid.com operationstudent.com listenmotivation.com necessitysupplies.com locationquadruple.com looksutility.com 206.201.50.3 ns2.respectivemotive.com pensplaces.com interviewedseller.com generallyrumored.com regulatorsstretches.com mailedmission.com forecasterpanic.com generosityamount.com itemprep.com fascinatingfixings.com schemepowerful.com scotlandwonderful.com fontvaried.com grindstonesocal.com exitingfuturists.com respectivemotive.com itemsupporting.com silkbid.com operationstudent.com listenmotivation.com necessitysupplies.com locationquadruple.com looksutility.com 206.201.57.2 ns1.shelfbuying.com venezuelaexpire.com styleoutput.com threadbarestabilizes.com reducesreoffering.com unawareneed.com bookscourtesy.com bannerswardrobe.com arenaformula.com architecturetougher.com broaderbasedvalidity.com citiesunderstood.com buddingprimary.com assistscontext.com certificatetransactions.com allocatereported.com althoughacquire.com advancednautical.com sponsorshipguidance.com withdrawsspoken.com sketchnecessarily.com technicalbestseller.com providingonline.com shelfbuying.com purchasetrial.com trainedmonumental.com promisecombinations.com 206.201.57.3 ns2.shelfbuying.com venezuelaexpire.com styleoutput.com threadbarestabilizes.com reducesreoffering.com unawareneed.com bookscourtesy.com bannerswardrobe.com arenaformula.com architecturetougher.com broaderbasedvalidity.com citiesunderstood.com buddingprimary.com assistscontext.com certificatetransactions.com allocatereported.com althoughacquire.com advancednautical.com sponsorshipguidance.com withdrawsspoken.com sketchnecessarily.com technicalbestseller.com providingonline.com shelfbuying.com purchasetrial.com trainedmonumental.com promisecombinations.com
Current thread:
- AS22558 - Routing apparently hijacked space Ronald F. Guilmette (Oct 12)
- Re: AS22558 - Routing apparently hijacked space Randy Bush (Oct 12)
- <Possible follow-ups>
- Re: AS22558 - Routing apparently hijacked space Robert Bonomi (Oct 13)