Re: Another day, another illicit SQUAT - WebNX (AS18450) 103.11.67.0/24

[Tom Beecher <beecher () beecher cc>]

Spammers are doing a great job abusing the gaps in the systems. Another
common pattern in the last 12-14 months has been a combination of squatting
on an AS, forging some business documentation, buying transit to an IX, and
proceeding to hijack prefixes over bilateral peering sessions.

Pain in the rear to catch, even worse when the IX and transit providers
aren't receptive to do anything about it when it's brought to their
attention because the business docs used to instantiate those services are
'good enough', and they have a fiduciary interest in _not_ disconnecting
the IX port or circuit.

This will continue to be the norm until prefix validation is standardized
and in widespread use.




On Fri, Oct 28, 2016 at 5:40 PM, Ronald F. Guilmette <rfg () tristatelogic com>
wrote:

> I just got a spam from 103.11.67.105.  The containing /24 appears to
> be unallocated APNIC space.
>
> RIPE tools seem to say that AS18450 has been routing this block since
> around May 23rd.
>
> I see this kind of stuff almost every day now, it seems.  And you know,
> there are days when I really do start to wonder "Has the Internet gone
> mad?"
>
> I'm going to call these turkeys right now and just ask them, point
> blank, what the bleep they think they're doing, routing unallocated
> APNIC space.  But if history is any guide, this is probably going to
> turn out to be another one of these "absentee landlord" kinds of ASes,
> where all they have is an answering machine.
>
> I have to either laugh or cry when I see people posting here about the
> non-functionality of abuse@ email addresses, and then see other people
> saying "Well, this is why all ASes also have phone numbers."
>
> I wish I had a dollar for every AS I had ever tried to contact where
> -neither- the abuse@ address -nor- the phone number got me to any
> actual human being.
>
>
> Regards,
> rfg