Perhaps someone at AS2828 (XO/Concentric) would like to explain this... Anyone know why AS 8143: $ whois -h whois.arin.net 8143 OrgName: Publicom Corp. OrgID: PUBLIC-35 Address: 1450 Coral Way #10 City: Miami StateProv: FL PostalCode: 33145 Country: US RegDate: 1997-04-25 Is announcing the following blocks? $ whois -h whois.arin.net 155.73.0.0 OrgName: Borealis AS OrgID: BOREAL Address: Hovedgade 96 Address: 2800 Lyngby City: StateProv: PostalCode: Country: DK RegDate: (unknown) $ whois -h whois.arin.net 134.33.0.0 OrgName: Codex Corporation OrgID: CODEXC Address: 20 Cabot Boulevard City: Mansfield StateProv: MA PostalCode: 02048 Country: US RegDate: 1989-04-24 $ whois -h whois.arin.net 196.4.167.0 OrgName: Juta Information Network OrgID: JIN Address: PO Box 14373 Address: Kerwyn Address: 7790 City: StateProv: PostalCode: Country: ZA RegDate: 1994-02-02 $ whois -h whois.arin.net 144.2.0.0 OrgName: Publico B.V. OrgID: PUBLIC-1 Address: Burg. Krolln 14C Address: 5126 PT Gilze City: StateProv: PostalCode: Country: NL RegDate: 1990-10-30 $ whois -h whois.arin.net 143.49.160.0 OrgName: Inform, Ltd. OrgID: INFORM-12 Address: 1123 2nd Ave City: San Francisco StateProv: CA PostalCode: 94103-2705 Country: US RegDate: 1990-03-26 $ whois -h whois.arin.net 160.116.160.0 OrgName: Affiliated Computing Services (Pty) Ltd OrgID: ACSPL Address: Affiliated Computing Services (Pty) Ltd Address: P. O. Box 261333 Address: Excom 2023 City: StateProv: PostalCode: Country: ZA RegDate: 1992-07-23 $ whois -h whois.arin.net 162.73.128.0 OrgName: Information Technology OrgID: INFORM-21 Address: 100 Broadway City: New York StateProv: NY PostalCode: 10004 Country: US RegDate: 1992-08-24 $ whois -h whois.arin.net 198.204.0.0 OrgName: GHR Services Inc. OrgID: GHRSER Address: 995 Old Eagle School Road, Suite 310 City: Wayne StateProv: PA PostalCode: 19087 Country: US RegDate: 1993-06-22 Call me crazy, but seems odd for all these wierd companies with old registrations in all sorts of countries to all be hosted out of one location in NYC, by an AS registered to florida (in 1997). Also, Perhaps someone from AS16631 (Cogent) can explain this one: Why is AS27255: $ whois -h whois.arin.net 27255 OrgName: VMX Inc OrgID: VMXINC Address: 25 Broadway Address: 6th Floor Suite 4A City: New York StateProv: NY PostalCode: 10004 Country: US RegDate: 2003-01-31 Announcing this? $ whois -h whois.arin.net 157.156.0.0 OrgName: VMX Inc OrgID: VMXINC Address: 25 Broadway Address: 6th Floor Suite 4A City: New York StateProv: NY PostalCode: 10004 Country: US RegDate: 1992-01-13 Had a /16 for 11 years, just recently decided to get an ASN? Seems like someone just registered a new company to have the same name as a company that had a /16, and then got a new ASN.... I dunno, call me crazy... ---------------------------------- Milton Ningis Security Specialist Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427
VMX used to be in silicon valley - 2115 O'Nel Dr. San Jose, CA 95131, the company was aquired by Octel which was then acquired by Lucent. I think their domain was vmx.net (now registered to address in Hong Kong). VMX was run by Mr Berry who later started IP Communications (which ended its operations in rather big dispute, but this is not related): http://www.genesiscampus.com/aboutus_advisor_wdalberry.htm For ARIN: Please verify that you had right documentation on updates to 157.156.0.0/16 I'm almost certain this block is stolen.
Also, Perhaps someone from AS16631 (Cogent) can explain this one:
Why is AS27255: $ whois -h whois.arin.net 27255
OrgName: VMX Inc OrgID: VMXINC Address: 25 Broadway Address: 6th Floor Suite 4A City: New York StateProv: NY PostalCode: 10004 Country: US RegDate: 2003-01-31
Announcing this?
$ whois -h whois.arin.net 157.156.0.0
OrgName: VMX Inc OrgID: VMXINC Address: 25 Broadway Address: 6th Floor Suite 4A City: New York StateProv: NY PostalCode: 10004 Country: US RegDate: 1992-01-13
Had a /16 for 11 years, just recently decided to get an ASN? Seems like someone just registered a new company to have the same name as a company that had a /16, and then got a new ASN....
I dunno, call me crazy...
---------------------------------- Milton Ningis Security Specialist
Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2
Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427
miltonningis@hushmail.com wrote:
Anyone know why AS 8143: $ whois -h whois.arin.net 8143
OrgName: Publicom Corp. OrgID: PUBLIC-35 Address: 1450 Coral Way #10 City: Miami StateProv: FL PostalCode: 33145 Country: US RegDate: 1997-04-25
Is announcing the following blocks?
$ whois -h whois.arin.net 155.73.0.0 OrgName: Borealis AS
$ whois -h whois.arin.net 134.33.0.0
OrgName: Codex Corporation
In that case, the hijacker setup a fake webhost that It's impossible to signup for at http://www.codexcorp.net [134.33.0.7] to make them look legitimate.
$ whois -h whois.arin.net 196.4.167.0
OrgName: Juta Information Network
$ whois -h whois.arin.net 144.2.0.0
OrgName: Publico B.V.
$ whois -h whois.arin.net 143.49.160.0 OrgName: Inform, Ltd.
$ whois -h whois.arin.net 160.116.160.0 OrgName: Affiliated Computing Services (Pty) Ltd
$ whois -h whois.arin.net 162.73.128.0 OrgName: Information Technology
$ whois -h whois.arin.net 198.204.0.0 OrgName: GHR Services Inc.
Thier all hijacked netblocks.
Also, Perhaps someone from AS16631 (Cogent) can explain this one:
Why is AS27255: $ whois -h whois.arin.net 27255
OrgName: VMX Inc
Announcing this?
$ whois -h whois.arin.net 157.156.0.0
OrgName: VMX Inc RegDate: 1992-01-13
Another hijacked one.
Had a /16 for 11 years, just recently decided to get an ASN? Seems like someone just registered a new company to have the same name as a company that had a /16, and then got a new ASN....
No. Thier just hijacked netblocks. Tower Group who had thier unused netblocks been announced by AS8143 confirmed that it was hijacked.
On 5/3/03 4:12 AM, "Roland Verlander" <rolyv@bigpond.com> wrote:
In that case, the hijacker setup a fake webhost that It's impossible to signup for at http://www.codexcorp.net [134.33.0.7] to make them look legitimate.
Not only that, but this design is STOLEN from my company! www.isprime.com Stolen so poorly, they even say "ISPrime" in a few places. <sigh> Someone at XO alive? --Phil
I think your barking up the wrong tree on this paranoid rant. I did some consulting for this company, and I find it hard to believe with 14 racks of equipment that they would have a 'stolen' /16 http://www.vmxnetworks.com/ ----- Original Message ----- From: <miltonningis@hushmail.com> To: <nanog@merit.edu> Sent: Saturday, May 03, 2003 3:46 AM Subject: Interesting Announcements
Perhaps someone from AS16631 (Cogent) can explain this one:
Why is AS27255: $ whois -h whois.arin.net 27255
OrgName: VMX Inc OrgID: VMXINC Address: 25 Broadway Address: 6th Floor Suite 4A City: New York StateProv: NY PostalCode: 10004 Country: US RegDate: 2003-01-31
Announcing this?
$ whois -h whois.arin.net 157.156.0.0
OrgName: VMX Inc OrgID: VMXINC Address: 25 Broadway Address: 6th Floor Suite 4A City: New York StateProv: NY PostalCode: 10004 Country: US RegDate: 1992-01-13
Matthew McGehrin wrote:
I think your barking up the wrong tree on this paranoid rant.
I did some consulting for this company, and I find it hard to believe with 14 racks of equipment that they would have a 'stolen' /16
Do you beleive everything that you see on the internet? Oh, and how are you going to explain that they claim to have an OC-192 internet connection?
That's just advertising. What's the capacity at 25 Broadway? -- Matthew ----- Original Message ----- From: "Roland Verlander" <rolyv@bigpond.com> To: <nanog@merit.edu> Sent: Saturday, May 03, 2003 8:12 AM Subject: Re: Interesting Announcements
Do you beleive everything that you see on the internet?
Oh, and how are you going to explain that they claim to have an OC-192 internet connection?
Truthfully? Huge. 25 B'way has huge amounts of capacity from 10's of carriers, 10's of ISPs. WCOM, last time I looked, alone has several oc48's and oc192's into there (read: NOT uunet, but MFS/Wcom). Nextlink, LGN, Cambrian, OnFiber, TCG/ATTLS, WCG, etc., all have similar things. On Sat, 3 May 2003, Matthew McGehrin wrote:
That's just advertising. What's the capacity at 25 Broadway?
-- Matthew
----- Original Message ----- From: "Roland Verlander" <rolyv@bigpond.com> To: <nanog@merit.edu> Sent: Saturday, May 03, 2003 8:12 AM Subject: Re: Interesting Announcements
Do you beleive everything that you see on the internet?
Oh, and how are you going to explain that they claim to have an OC-192 internet connection?
-- Alex Rubenstein, AR97, K2AHR, alex@nac.net, latency, Al Reuben -- -- Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
miltonningis@hushmail.com wrote:
Perhaps someone at AS2828 (XO/Concentric) would like to explain this...
Anyone know why AS 8143:
Because 8143 is considered rogue. 155.73/16 was already silenced once from that AS about a week or two ago. If I remember correctly, 8143 is connected via NY and Florida, but the zombies are always sent via NY. -Jack
participants (7)
-
Alex Rubenstein
-
Jack Bates
-
Matthew McGehrin
-
miltonningis@hushmail.com
-
Phil Rosenthal
-
Roland Verlander
-
william@elan.net