nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: AS3266: BitCanal hijack factory, courtesy of Cogent, GTT, and Level3

From: Hank Nussbacher <hank () efes iucc ac il>
Date: Tue, 26 Jun 2018 18:14:02 +0300
On 26/06/2018 17:08, Thomas King wrote:

Kudos to DE-CIX for getting it right.

-Hank


I am the guy who gave the presentation. We ask our customers to report misbehavior of peers at DE-CIX IXPs (e.g. IP 
hijack, ASN hijacks) to abuse () de-cix net. We will look into reported cases and collect evidence so that we can act 
accordingly. So far, this process helped us to identify and fix configuration errors from peers on a few occasions. 
Also, as a last resort we expelled a small number of permanent and notorious rule breakers.

Best regards,
Thomas


On 26.06.18, 15:16, "IXP User One" <ixp.user.one () gmail com> wrote:

    Hi all,
    
    I have heard that DE-CIX expelled BitCanal from their IXPs. One of their
    guys also gave a presentation about how DE-CIX handles abuse cases:
    https://ripe75.ripe.net/archives/video/103/
    
    I don't know how other IXPs are handling such cases. Would be interesting
    to know.
    
    Best regards,
    IUO
    
    
    On Tue, Jun 26, 2018 at 9:35 AM, Hank Nussbacher <hank () efes iucc ac il>
    wrote:
    
    > On 26/06/2018 07:49, Ronald F. Guilmette wrote:
    >
    > You are mistaken.  Cogent and Level3 are signatories to MANRS:
    > https://www.manrs.org/participants/
    > so this clearly can't happen and you are making this up.
    >
    > :-)
    >
    > -Hank
    >
    > >
    > >
    > > The fact that there exists a jerk like this on the Internet isn't really
    > > all that surprising.  What I personally -do- find rather surprising is
    > that
    > > three companies that each outght to know better, namely Cogent, GTT, and
    > > Level3 are collectively supplying more than 3/4ths of this guy's IPv4
    > > connectivity, at least according to the graph displayed here:
    > >
    > >     https://bgp.he.net/AS197426
    > >
    > > Without the generous support of Cogent, GTT, and Level3 this dumbass
    > > lowlife IP address space thief would be largely if not entirely toast.
    > > So what are they waiting for?  Why don't their turf this jackass?  Are
    > > they waiting for an engraved invitation or what?
    > >
    > > As I always ask, retorically, in cases like this:  Where are the
    > grownups?
    > >
    > > I would like everyone reading this who is a customer of Cogent, GTT, or
    > > Level3 to try to contact these companies and ask them why they are
    > providing
    > > connectivity/peering to a hijacking jerk like this Silveira character.
    > > Ask them why -you- have to endure more spam in your inbox just so that
    > > -they- can make another one tenth of one percent profit by peering with
    > > this hijacking, spammer-loving miscreant.  I would ask them myself, but
    > > I personally am not a direct customer of any of them, so they would all,
    > > most probably, just tell me to go pound sand.
    > >
    > > If you do manage to make contact, please be sure to mention all three of
    > > Mr. Silveira's ASNs, i.e. AS42229, AS197426, and AS3266.  And don't let
    > > whoever you talk to try to weasel out of responsibility for this
    > travesty,
    > > e.g. by claiming that they don't know anything about what's been going on
    > > with all those hijacks announced by AS3266, and/or that they only provide
    > > peering for AS197426.  The hijacks may all be originating from Mr.
    > Silveira's
    > > AS3266, but bgp.he.net makes clear that AS3266 has one, and only one
    > peer,
    > > i.e. Mr. Silveira's AS197426:
    > >
    > >     https://bgp.he.net/AS3266
    > >
    > > So basically, Cogent, GTT, and Level3 are the prime enablers of this
    > > massive theft of IP space.  (They might try to claim that BitCanal's
    > > historical propensity to engage in hijacks is sonmething "brand new"
    > > or at least that -they- may not have been aware of it until now, in which
    > > case you should ask them if they have anybody on staff who is paying
    > > attention.  As noted above, it isn't as if Bitcanal just started pulling
    > > this crap yesterday.  Far from it.)
    > >
    > > Oh!  And you might also mention the fact that Spamhaus, and, I would
    > guess,
    > > at least a few of the oether public blacklists already have most or all
    > of
    > > Mr.  Silveira's IP space... hijacked or otherwise... blacklisted,
    > presumably
    > > for good and ample cause.
    > >
    > > As long as Cogent, GTT, and Level3 are willing to go along with this
    > > nonsense, i.e. by selling peering to this Silveira thief, crime on
    > > the Internet -does- pay, and the theft of other people's IP space
    > > will continue to be rewarded rather than punished, as it should be.
    > >
    > > If that becomes the new normal for Internet behavior, then god help us
    > > all.
    > >
    > >
    > > Regards,
    > > rfg
    > >
    >
    >
Previous By Date Next
Previous By Thread Next

Current thread: