In message <CALgc3C7n0Hy80qLBcQ8tZrvGuaVsVrcEneYaYKomUUy58p3rEw@mail.gmail.com>, Eugeniu Patrascu <eugen@imacandi.net> wrote:
Jump.ro is a very active LIR and domain registry on the Romanian market and is "selling" ASNs to whomever is interested...
I do see that JUMP.RO is ``very active''. I do not know who they have actually given all of this IP space to. Do you? If so, then by all means, please don't keep us in suspense. Please do share that information. (I have also seen that JUMP.RO has puffed up its own resume, claiming on its home page to have over 12,000 customers. but from where I am sitting, it looks more like a tiny little ISP with only two /24s of its own, and perhaps only a few handfuls of customers, many of whom, it seems, are spammers.)
and facilitates allocations of PI netblocks to those who can justify them.
JUMP.RO also ``facilitates'' IP block allocations to _themselves_, apparently.
It might come as a surprise to you, but in Romania there are a lot of companies (even very small ones) with their own ASN and PI netblocks.
Regardless of whether that assertion is true or false, it has no bearing whatsoever on the specific issue and the specific ASNs and the specific IP address blocks that I have reported on here. I will repeat myself, so as to be completely clear. The 18 specific ASNs I reported on, together with their associated IPv4 address blocks, were all registered, via RIPE, with fradulent information.
AS16011 (fiberwelders.ro) AS28822 (creativitaterpm.ro) AS48118 (telecomhosting.ro) AS49210 (rom-access.ro) AS50659 (grandnethost.com) AS57131 (speedconnecting.ro) AS57133 (nordhost.ro) AS57135 (fastcable.ro) AS57176 (bucovinanetwork.ro) AS57184 (kaboomhost.ro) AS57415 (highwayinternet.ro) AS57695 (effidata.ro) AS57724 (id-trafic.ro) AS57738 (mclick.ro) AS57786 (hosting-www.ro) AS57837 (romtechinnovation.ro) AS57906 (momy.ro) AS57917 (nature-design.ro)
from all those websites it looks like they are all hosting companies.
Yes. Indeed. The web sites associated with all of the above domain names have indeed been made to _look_ like they are all legitimate hosting companies. I'm so glad that you noticed.
have you tried calling the numbers listed on the WHOIS registrant information on the ASN and you couldn't get to any one ?
That is a good idea. Why don't you try it and report back here and let us know your results. Personally, I have much better things to do with my time (and my money) that to waste any of it making pointless long-distance overseas phone calls to pseudo-companies that I am already 100% convinced are simply fradulent and fictitious. But since you yourself seem to be geographically in that area... AND since you probably speak Romanian about 100,000% better than I do, by all means, I encourage you to try to reach some human, i.e. ANY human at any of these (fictitious) places who might be able to disprove the assertions that I have made here, and repeated elsewhere. Good luck.
If you really believe that all those ASNs listed by you above are only used to host spammers...
Sir, I am not in the habit of risking either my reputation or my legal safety by posting allegations on the NANOG list which I have anything less than the highest confidence in. To do so would be foolish in the extreme, and in multiple dimensions.
...then by all means please contact alerts@cert-ro.eu - that is the Romanian CERT
Thank you but no. This is another task that you have tried to assign to me... also of entirely questionable usefulness... that I also personally elect not to waste any of my precious minutes on this earth pursuing. But please, feel free to do yourself the (pointless) tasks that you have attempted to assign to me. Please feel free to contact the Romanian CERT yourself. (If you manage to find anyone within that organization that has ever done _anything_ to materially improve the safety or security of the Internet, then please do send me that person's name so that I can send it on to the Guinness World Records people and let them know that such a person does exist after all.)
...as they are active...
Oh yes! I am quite sure they are. As are the particles shown in the simulation on this page: http://en.wikipedia.org/wiki/Brownian_motion Very active indeed!
and will investigate the allegations you make.
What exactly would be the point of that? They are not Internet Police, and I rather doubt that they have any control over RIPE's allocation processes for number resources. (On the other hand, if I am wrong, and if the people at the Romanian CERT actually *are* the Internet Police, then please do let me know immediately. In that case, I have some vastly more serious matters to discuss with them, specifically the massive fake pharmacy operations that are run out of your country *and* the propensity of the specific crooks behind those oper- ations for stealing and using the credit card numbers of at least hundreds and more probably thousands of unsuspecting Americans. But I digress.)
So far I do not know a single web hosting company that it's customers never spammed anyone :)
I confess that I cannot deduce whether your obtuse inability to differentiate between the occasional spammer and an entire /14 full of them is genuine or an act. If genuine, you have my sympathy. Regards, rfg