In message <CAP-guGUt_JVjk0pa_ao2FGJuudun389UyAReqVhfy7Oah8eSSQ@mail.gmail.com> William Herrin <bill@herrin.us> wrote:
You actually got lost a couple steps back.
First, you want to control the POC emails for the IP addresses. Controlling just the POC emails for the AS number won't do you any good.
Ummm... in this case there doesn't seem to be any reason to believe that the hijacker(s) have gotten anywhere near to controlling the POC emails for any, let alone -all- of the relevant (Columbian) IP blocks... only the POC emails for the ASN. But you are suggesting that they -did- get control of those, all essentially simultaneously (or anyway sometime during the past 2 months), for all of about five or six or seven separate and different Columbian entities. That theory would seem to fail the Occam's razor test. It just doesn't seem at all liklely.
Let's say you have gained control of the POC emails for the IP address block. Stay completely away from the historical BGP peers. They might know the real registrant and get suspicious when you show up.
Good point! I'll have to remember to put that in the book. :-)
Go to somebody else, dummy up some letterhead for the purported registrant and write yourself a letter authorizing the ISP to whom the letter is presented to route those IP addresses. Explain that you're a networking contractor working for the organization holding the registration and give them adequate contact information for yourself: postal address, email, phone. Not "1234 Main, box 30" but "1234 Main, Suite 30". Paid for with the cash-bought debit card. You get the idea.
Yes. The whole general identity theft ruse isn't that complicated to understand. I still don't get how these crooks managed to get past that occular biometric scan, but I guess the check cleared, so maybe that goes a long way towards explaining -that- mystery. :-)
Then you pay the ISP to connect you to the Internet and present your letter. Until the inevitable complaints roll it, that's it: you have control of those IP addresses.
I guess that I must be hoplessly naive to believe that the likes of either Hurricane or Level3 might employ some warm body, at least part time, to actually look for this kind of blatant gibberish, and flag it for further inquiry when it arises. I would volunteer to do the job for them if they would just keep me in Cheetos. (Cheetos are my new favorite snack ever since last November's election. :-)
I've read article after article after article bemoanging the fact that
"BGP isn't secure",
They're talking about a different problem: ISPs are supposed to configure end-user BGP sessions per BCP38 which limits which BGP announcements the customer can make. Some ISPs are sloppy and incompetent and don't do this.
Yea. I kinda thought that most or all of the very public hand-wringing over the "insecurity" of BGP was indeed about this other aspect of the problem. But I just wanted to be sure that I was clear in my own mind about this. The insecurity -isn't- that any Joe Blow can just willy nilly connect up to any router on the Internet and push bogus routes into it. The insecurity is only that people/entities you know, trust, and have actual business relationships with can (and apparently do), in many cases, pass goofy stuff to you, and if you are not fastidious enough about washing up after such contacts, then you pass those bits of nonsense along to everybody else who you have relationships with... sort-of like chlamydia. Regards, rfg