In message <CAL9jLaZRhH8+5mD0Tgu1SdnEjG5zvxkKs+SaFFqk3FAjfnVjaw@mail.gmail.com> Christopher Morrow <morrowc.lists@gmail.com> wrote:
that doesn't seem to be what's happening in ron's example though...
it looks, to me, like the example ron has is more a case of: 1) register contacts for lost asn (AS34991) 2) setup equipment/etc at an IX (bulgaria-ix it seems, at least) with another shill/lost-child asn (AS206776)
I'm perplexed at why you would call AS206776 a "lost child", so perhaps you could explain that. From where I'm sitting, it does look rather entirely dodgy... being (allegedly) located as it is in the British Virgin Islands, and having only been created (manufactured?) circa 2016-11-04. But bpg.he.net is showing that it has 35 peers, and that it is peering even with the likes of big boys like HE.net and Level3, just to name a few.
3) start doing the bgps with the IX fabric's route-server
Yeabut again, I personally would like to be enlightened about the basic mechanics of how one causes this to happen. If I am Joe Blow criminal and I somehow manage to finnagle my way into having a machine which is physically present within some IX at some locale, somewhere on planet earth, then does that mean that, by definition, I know -where- to inject bogus routes and -how- to inject bogus routes and that I have the -capability- in inject bogus routes into the kind of "fabric route server" you speak of? And by the way, I see now that I botched the Subject: for this thread that I started. I meant to say "IP Hijacking for Dummies". Obviously, this activity has become so popular that it is high time that somebody wrote one of those "XYZ for Dummies" books, you know, with the yellow and black covers, so that aspiring but ignorant criminals don't have to always start from scratch and learn how to do this stuff from the ground up, based just on piecing together little scraps and fragments of information scattered all over the Internet.
4) profit (or something)
Yea. I don't think that hijackers are doing this stuff just for fun. But they've already figured out how to MAKE MONEY FAST from the purloined IP space, so that part probably doesn't even need to go in the book.
err, you'll have to better explain this I think.
Are you saying: "get an ASN from RIR that costs 100USD" (might, probably does)
this doesn't get you a peering/transit contract though...
Yea, this is a part of what I'm still mystified about. Have AS206776 and AS57344 been paid to pass the routes given to them by AS34991 ? And have they been paid an extra premium, above and beyond the normal fee for this service, you know, to look the other way and do the old Muhammad Ali rope-a-dope and act stupid/innocent when and if anybody ever calls them out for this rather entirely blatant and brazen bogosity? I've seen this movie before, and not that long ago. And it's just not nearly as entertaining the second time around. The upstreams shrug and offer the lame excuse of "Oh... well... the routes are all properly registered in the RIPE route registry, so, you know, how could we have possibly known that anything was amiss?" But as I learned last time this lame excuse was used, any baboon with a keyboard and a pulse can get himself a RIPE account and then create all of the bogus route objects he or she desires. And since it took me less than a day to find out this ludicrous but true fact last time, I have to wonder if network operators, and particularly those in the RIPE region, are in some cases being -willfully ignorant- of the fact that a route object's presence within the RIPE data base has a reliability value roughly equal to that of a three dollar bill. Regards, rfg P.S. I'll be more than happy to take it upon myself... even being the basically unknown nobody and non-network-operator that I am... to send polite emails to both AS206776 and AS57344, asking them, as politely as I can manage, to please explain just WTF they think they are doing. But if past experience from the last such event is any guide, these emails will have no effect whatsoever. So that leads me to ask the obvious next question: Is it at all likely that anybody at, say, HE.net and/or Level3 might give enough of a damn about any of this ludicrous and clearly malevolent bogosity so that they mught actually be inclined to have a friendly word with the folks at AS206776 and AS57344? And if so, how might I get in touch with any such people (at HE and/or Level3)?