nanog mailing list archives
Re: Another day, another illicit SQUAT - WebNX (AS18450) 103.11.67.0/24
From: Tom Beecher <beecher () beecher cc>
Date: Fri, 28 Oct 2016 18:30:49 -0400
Spammers are doing a great job abusing the gaps in the systems. Another common pattern in the last 12-14 months has been a combination of squatting on an AS, forging some business documentation, buying transit to an IX, and proceeding to hijack prefixes over bilateral peering sessions. Pain in the rear to catch, even worse when the IX and transit providers aren't receptive to do anything about it when it's brought to their attention because the business docs used to instantiate those services are 'good enough', and they have a fiduciary interest in _not_ disconnecting the IX port or circuit. This will continue to be the norm until prefix validation is standardized and in widespread use. On Fri, Oct 28, 2016 at 5:40 PM, Ronald F. Guilmette <rfg () tristatelogic com> wrote:
I just got a spam from 103.11.67.105. The containing /24 appears to be unallocated APNIC space. RIPE tools seem to say that AS18450 has been routing this block since around May 23rd. I see this kind of stuff almost every day now, it seems. And you know, there are days when I really do start to wonder "Has the Internet gone mad?" I'm going to call these turkeys right now and just ask them, point blank, what the bleep they think they're doing, routing unallocated APNIC space. But if history is any guide, this is probably going to turn out to be another one of these "absentee landlord" kinds of ASes, where all they have is an answering machine. I have to either laugh or cry when I see people posting here about the non-functionality of abuse@ email addresses, and then see other people saying "Well, this is why all ASes also have phone numbers." I wish I had a dollar for every AS I had ever tried to contact where -neither- the abuse@ address -nor- the phone number got me to any actual human being. Regards, rfg
Current thread:
- Re: Another day, another illicit SQUAT - WebNX (AS18450) 103.11.67.0/24, (continued)
- Re: Another day, another illicit SQUAT - WebNX (AS18450) 103.11.67.0/24 Michael Smith (Oct 28)
- Re: Another day, another illicit SQUAT - WebNX (AS18450) 103.11.67.0/24 Nick Hilliard (Oct 29)
- Re: Another day, another illicit SQUAT - WebNX (AS18450) 103.11.67.0/24 David Conrad (Oct 29)
- Re: Another day, another illicit SQUAT - WebNX (AS18450) 103.11.67.0/24 Ronald F. Guilmette (Oct 29)
- Re: Another day, another illicit SQUAT - WebNX (AS18450) 103.11.67.0/24 Nick Hilliard (Oct 29)
- Death of WHOIS, Film at 11 Ronald F. Guilmette (Oct 29)
- Re: Death of WHOIS, Film at 11 Nick Hilliard (Oct 30)
- Re: Death of WHOIS, Film at 11 Christopher Morrow (Oct 30)
- Re: Another day, another illicit SQUAT - WebNX (AS18450) 103.11.67.0/24 Tony Finch (Oct 31)
- Re: Another day, another illicit SQUAT - WebNX (AS18450) 103.11.67.0/24 Christopher Morrow (Oct 31)
- Re: Another day, another illicit SQUAT - WebNX (AS18450) 103.11.67.0/24 Nick Hilliard (Oct 31)
- Re: Another day, another illicit SQUAT - WebNX (AS18450) 103.11.67.0/24 Selphie Keller (Oct 31)