Looking for Abovenet/NetAccess contact
Abovenet and NetAccess to offer similar assurances, or even provide me I'll be contacting abovenet (I know at least 4 security & routing contacts
and other IP investigators with the courtesy of a response. I get responses almost all the time from larger networks (but maybe not immediatly on 1st or 2nd day, which is not good). If you try to annoy
Why particular interest in 146.20.40.0/21 now? Its been announced for very long and is only one of the blocks annouunced from 146.20.0.0/16, is there something you have seen from this particular block, like scans or attacks? As to 146.20.0.0/16 I can tell that this ip block has been noted as invalid by ARIN in July 2003 (yes - 6 months ago) and has not had working reverse dns since then. Despite that, this is still most heavily "used" hijacked ip block, part of the reason is that companies using it are not actual hijackers (block was hijacked by Omachonu Ogali of Informationwave - I think most of you know the story as it has been mentioned at nanog before couple times) but what I usually consider to be victims (i.e. those that buy ip blocks, although in many case as far as this block, no actual money was exchanged) Unfortunetly its also true that almost all of these companies & individuals knew what kind of block they were getting even back then and many of them already otherwise have dubious security & abuse records in the community. Anyway the fact is that they've had 6 months now to get ip block from one of other upstreams or from ARIN and they have not done it and this is shows complete non-interest in dealing with this issue (in other cases of hijacked ips sold, renumbering is done within 30 days max, except one company that had /16 and used almost 1/2 of it and it took them a while...). So below is the list of current announcements for this ip block, I've emailed all of them at least once but I don't try to actively go after them as they are not hijackers (from http://www.completewhois.co/hijacked/hijacked_flist-bgp_routed_asannounced-d...) 146.20.36.0/22 ## AS20473 : NETTRANS : NetTransactions, LLC 146.20.40.0/21 ## AS20473 : NETTRANS : NetTransactions, LLC 146.20.54.0/24 ## AS26627 : AS-PILOSOFT : Pilosoft, Inc. 146.20.64.0/19 ## AS12277 : TRACON : Tracon Industries 146.20.80.0/21 ## AS12277 : TRACON : Tracon Industries 146.20.88.0/22 ## AS12277 : TRACON : Tracon Industries For those interested the following are announcements that were being done from this block before with date when it ended: last seen on 11-04-03 - 146.20.48.0/20 ## AS23131 : STARLAN : Starlan Communications Inc. last seen on 12-27-03 - 146.20.51.0/24 ## AS26627 : AS-PILOSOFT : Pilosoft, Inc. last seen on 01-08-04 - 146.20.56.0/24 ## AS26627 : AS-PILOSOFT : Pilosoft, Inc. As you can see things are finally moving along just in the last month (before most of these announcements lasted many months), lets hope this NANOG post will encorage this process along (I have suspicious every one of the above companies has at least one tech on nanog mail list..) there by now) regarding another hijacked ip block and can mention this one. They are a bit slow on response, so it may take up to 30 days to stop it. Again, if I were to mention this to MFN, I'd like to know what else is been going on with NetTransactions and their use of this ip block that we now care so much about it. people too much you may never get a response, like it happens so often with antispam abuse reports.
I know I've seen tech guys from both company post to this forum before, so Im confused that they're not doing anything. Does anyone have any contacts I could speak to about getting something done? Large companies have different people dealing with different issues. Its not appropriate to email peering guy on the ip security issue (unless maybe its about a peer). Most large networks have security@... email address in addition to abuse@... you can email there on hijacking if you want to help. If you get to know actual people in the company, don't just use this information for any reason unless you really really aren't getting anywhere.
Richard Cocks So are you on Hijacked-L? I have not seen post there before before ...
-- William Leibzon Elan Networks william@elan.net
Dick Cocks [10/01/04 14:51 +0800]:
I wonder why this guy has so less sense as to keep creating accounts on a service that has an AUP against forgery. Now, which nanog poster do we know who * Lives in NYC (the last two morphs he used to post to nanog were from new york based dsl lines - roadrunner, and now mindspring) * Has a lot of interest in suppressing hijacked netblocks [again, both these are rather good things, in themselves] and ... * Is nutcase enough to fake (and vulgarly parody) another nanog poster's name? srs ps - These are rhetorical questions. I have a feeling I know just who this is. So - to the forger, please lay off creating dropboxes on domains that we host. I'm not a complete idiot that I can't figure out who is trying to troll and forge email from a network I control.
participants (3)
-
Dick Cocks
-
Suresh Ramasubramanian
-
william@elan.net