Yet more hijacked space? - deru.net
Since were on the topic of hijacked ipspace, i find myself wondering about deru.net "Deru, the name you can trust, from people you can trust." - Quoted from www.deru.net Ok, so this is the name you can trust, from the people you can trust, right? Well then, why would it appear that Deru.net, the local ISP you can trust is using hijacked ip space? It would appear as if Deru.net is using: www.deru.net has address 140.99.0.15 My handy dandy whois tool tells me this range belongs to: OrgName: Datability Software Systems, Inc. OrgID: DERU Address: 14982 N 83rd PL Ste 201 City: Scottsdale StateProv: AZ PostalCode: 85260 Country: US NetRange: 140.99.0.0 - 140.99.255.255 CIDR: 140.99.0.0/16 NetName: DSS1 NetHandle: NET-140-99-0-0-1 Parent: NET-140-0-0-0-0 NetType: Direct Allocation NameServer: NS1.DERU.NET NameServer: NS2.DERU.NET Comment: RegDate: 1990-04-12 Updated: 2001-08-01 TechHandle: DW19-ARIN TechName: Wayrynen, Darin TechPhone: +1-480-998-7237 TechEmail: darin@deru.net Before this network was modified it contained: 140.99.0.0 Datability Software Systems, Inc. NET-DSS1 322 Eighth Avenue New York, NY 10001 US 140.99.0.0 C DSS1 Rupp, Richard L. (RLP39) rich@PLUTO.DSS.COM (201) 438-2400 Handy dandy route-server tells us: route-server.cw.net>sh ip bgp 140.99.0.0 255.255.0.0 l BGP table version is 2788023425, local router ID is 209.1.220.234 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *>i140.99.0.0 208.172.146.30 100 0 1239 11588 2 7136 i * i 208.172.146.29 100 0 1239 11588 2 7136 i *>i140.99.96.0/19 208.172.146.30 100 0 1239 11588 2 i * i 208.172.146.29 100 0 1239 11588 2 i * i140.99.120.0/22 208.172.146.29 100 0 1239 11588 2 26978 i *>i 208.172.146.30 100 0 1239 11588 2 26978 i route-server.cw.net> And once again, handy dandy whois tool tells us: OrgName: Only Networking Inc. (ONLY2-DOM) OrgID: ONIO Address: 3443 North Central, 17th Floor City: Phoenix StateProv: AZ PostalCode: 85013 Country: US ASNumber: 7136 ASName: ONLY ASHandle: AS7136 Comment: RegDate: 1996-09-16 Updated: 1996-09-16 TechHandle: DW19-ARIN TechName: Wayrynen, Darin TechPhone: +1-480-998-7237 TechEmail: darin@deru.net Im finding it odd that not a single thing, other than the POC email for a questionable /16 and the ASN announcing questionable /16 has anything to do with deru.net. Also, my friend google tells me this: http://216.239.57.100/search?q=cache:aHJS20Er5m0C:members.aol.com/karima4483..., +Inc.%22&hl=en&ie=UTF-8 smlnk: http://smlnk.com/?21ZQK6FP So it would appear that Datability Software Systems, Inc. was located in Natick, Mass, and became Penril Datability Networks http://216.239.37.100/search?q=cache:87PPbzXONd0C:isdn.modemhelp.net/p/penrildatabilitynetworks.shtml+Penril+Datability+Networks+&hl=en&ie=UTF- 8 smlnk:http://smlnk.com/?08DJKDW3 It now appears that Penril Datability Networks was split up, with thier assets being aquired by Bay Networks, and Access Beyond. http://216.239.33.100/search?q=cache:jSOOHJ6s9fkC:www.cgraphix.com/39_detail_clients.html+Access+Beyond+%2BPenril&hl=en&ie=UTF- 8 smlnk: http://smlnk.com/?UHXEPYDC That leaves us with Access Beyond, a manufacturer of remote access telecom products. And whose website is now owned by a cybersquatter. Now the question at hand is, at which point did this hardware company become Deru.net, the Internet Service Provider you can trust? was this before, or after Penril Datability Networks Inc/Bay Networks/Access Beyond.? Did everyone decide to move to arizona and start an ISP? or is this just another example of IP hijacking that we all find ourselves taking a look at. Can deru.net provide documents that say they bought or were aquired by Datability Software Systems, Inc/Penril Datability Networks/Bay Networks/Access Beyond.? There are other companies using this address space (eldosales.com) but they dont have the appearance of owning a possibly hijacked /16 Regards, IP Police Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427
I try to make it a habit of responding only to accusations when I can identify the accuser, but well, it's Friday night and I have a few minutes of time to spare. Btw, Hushmail is great for stirring up crap and hiding from the potential backlash. Wonder what you will, but our space is not hijacked. Only Networking is Deru - always has been - some of our equipment/colo facilities are (and have been) on the address on our AS registration. The ins/outs of DSS are public, you just need to dig deeper than you have - we are not required to justify anything to you. Personally, I think Deru has done it's part to help the Nanog community - I seem to vaguely remember us providing the bandwidth to the last Nanog here in Phoenix a couple of months ago, gratis, free of charge, provided over this very ip space. Thanks for your support in return! Wait, you don't represent Nanog, you represent a no-name anonymous email address... We (including Richard Rupp) have better things to spend our time on... Like pondering why so many "backbones" still don't source filter their customers so we wouldn't have to play around with 500Kpps syn floods (with randomized ips) aimed at us on Friday nights... Ciao, Darin
Since were on the topic of hijacked ipspace, i find myself wondering about deru.net
"Deru, the name you can trust, from people you can trust." - Quoted from www.deru.net
Ok, so this is the name you can trust, from the people you can trust, right? Well then, why would it appear that Deru.net, the local ISP you can trust is using hijacked ip space?
It would appear as if Deru.net is using:
www.deru.net has address 140.99.0.15
My handy dandy whois tool tells me this range belongs to:
OrgName: Datability Software Systems, Inc. OrgID: DERU Address: 14982 N 83rd PL Ste 201 City: Scottsdale StateProv: AZ PostalCode: 85260 Country: US
NetRange: 140.99.0.0 - 140.99.255.255 CIDR: 140.99.0.0/16 NetName: DSS1 NetHandle: NET-140-99-0-0-1 Parent: NET-140-0-0-0-0 NetType: Direct Allocation NameServer: NS1.DERU.NET NameServer: NS2.DERU.NET Comment: RegDate: 1990-04-12 Updated: 2001-08-01
TechHandle: DW19-ARIN TechName: Wayrynen, Darin TechPhone: +1-480-998-7237 TechEmail: darin@deru.net
Before this network was modified it contained:
140.99.0.0 Datability Software Systems, Inc. NET-DSS1 322 Eighth Avenue New York, NY 10001 US
140.99.0.0 C DSS1 Rupp, Richard L. (RLP39) rich@PLUTO.DSS.COM (201) 438-2400
Handy dandy route-server tells us:
route-server.cw.net>sh ip bgp 140.99.0.0 255.255.0.0 l BGP table version is 2788023425, local router ID is 209.1.220.234 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path *>i140.99.0.0 208.172.146.30 100 0 1239 11588 2 7136 i * i 208.172.146.29 100 0 1239 11588 2 7136 i *>i140.99.96.0/19 208.172.146.30 100 0 1239 11588 2 i * i 208.172.146.29 100 0 1239 11588 2 i * i140.99.120.0/22 208.172.146.29 100 0 1239 11588 2 26978 i *>i 208.172.146.30 100 0 1239 11588 2 26978 i route-server.cw.net>
And once again, handy dandy whois tool tells us:
OrgName: Only Networking Inc. (ONLY2-DOM) OrgID: ONIO Address: 3443 North Central, 17th Floor City: Phoenix StateProv: AZ PostalCode: 85013 Country: US
ASNumber: 7136 ASName: ONLY ASHandle: AS7136 Comment: RegDate: 1996-09-16 Updated: 1996-09-16
TechHandle: DW19-ARIN TechName: Wayrynen, Darin TechPhone: +1-480-998-7237 TechEmail: darin@deru.net
Im finding it odd that not a single thing, other than the POC email for a questionable /16 and the ASN announcing questionable /16 has anything to do with deru.net.
Also, my friend google tells me this:
http://216.239.57.100/search?q=cache:aHJS20Er5m0C:members.aol.com/karima4483..., +Inc.%22&hl=en&ie=UTF-8
smlnk: http://smlnk.com/?21ZQK6FP
So it would appear that Datability Software Systems, Inc. was located in Natick, Mass, and became Penril Datability Networks
smlnk:http://smlnk.com/?08DJKDW3
It now appears that Penril Datability Networks was split up, with thier assets being aquired by Bay Networks, and Access Beyond.
smlnk: http://smlnk.com/?UHXEPYDC
That leaves us with Access Beyond, a manufacturer of remote access telecom products. And whose website is now owned by a cybersquatter.
Now the question at hand is, at which point did this hardware company become Deru.net, the Internet Service Provider you can trust? was this before, or after Penril Datability Networks Inc/Bay Networks/Access Beyond.?
Did everyone decide to move to arizona and start an ISP? or is this just another example of IP hijacking that we all find ourselves taking a look at.
Can deru.net provide documents that say they bought or were aquired by Datability Software Systems, Inc/Penril Datability Networks/Bay Networks/Access Beyond.?
There are other companies using this address space (eldosales.com) but they dont have the appearance of owning a possibly hijacked /16
Regards,
IP Police
Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2
Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427
<esc>%sFriday<ret>Saturday<ret>! Grumble. Darin
I try to make it a habit of responding only to accusations when I can identify the accuser, but well, it's Friday night and I have a few minutes of time to spare. Btw, Hushmail is great for stirring up crap and hiding from the potential backlash.
Wonder what you will, but our space is not hijacked. Only Networking is Deru - always has been - some of our equipment/colo facilities are (and have been) on the address on our AS registration. The ins/outs of DSS are public, you just need to dig deeper than you have - we are not required to justify anything to you.
Personally, I think Deru has done it's part to help the Nanog community - I seem to vaguely remember us providing the bandwidth to the last Nanog here in Phoenix a couple of months ago, gratis, free of charge, provided over this very ip space.
Thanks for your support in return! Wait, you don't represent Nanog, you represent a no-name anonymous email address...
We (including Richard Rupp) have better things to spend our time on... Like pondering why so many "backbones" still don't source filter their customers so we wouldn't have to play around with 500Kpps syn floods (with randomized ips) aimed at us on Friday nights...
Ciao,
Darin
Since were on the topic of hijacked ipspace, i find myself wondering about deru.net
"Deru, the name you can trust, from people you can trust." - Quoted from www.deru.net
Ok, so this is the name you can trust, from the people you can trust, right? Well then, why would it appear that Deru.net, the local ISP you can trust is using hijacked ip space?
It would appear as if Deru.net is using:
www.deru.net has address 140.99.0.15
My handy dandy whois tool tells me this range belongs to:
OrgName: Datability Software Systems, Inc. OrgID: DERU Address: 14982 N 83rd PL Ste 201 City: Scottsdale StateProv: AZ PostalCode: 85260 Country: US
NetRange: 140.99.0.0 - 140.99.255.255 CIDR: 140.99.0.0/16 NetName: DSS1 NetHandle: NET-140-99-0-0-1 Parent: NET-140-0-0-0-0 NetType: Direct Allocation NameServer: NS1.DERU.NET NameServer: NS2.DERU.NET Comment: RegDate: 1990-04-12 Updated: 2001-08-01
TechHandle: DW19-ARIN TechName: Wayrynen, Darin TechPhone: +1-480-998-7237 TechEmail: darin@deru.net
Before this network was modified it contained:
140.99.0.0 Datability Software Systems, Inc. NET-DSS1 322 Eighth Avenue New York, NY 10001 US
140.99.0.0 C DSS1 Rupp, Richard L. (RLP39) rich@PLUTO.DSS.COM (201) 438-2400
Handy dandy route-server tells us:
route-server.cw.net>sh ip bgp 140.99.0.0 255.255.0.0 l BGP table version is 2788023425, local router ID is 209.1.220.234 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path *>i140.99.0.0 208.172.146.30 100 0 1239 11588 2 7136 i * i 208.172.146.29 100 0 1239 11588 2 7136 i *>i140.99.96.0/19 208.172.146.30 100 0 1239 11588 2 i * i 208.172.146.29 100 0 1239 11588 2 i * i140.99.120.0/22 208.172.146.29 100 0 1239 11588 2 26978 i *>i 208.172.146.30 100 0 1239 11588 2 26978 i route-server.cw.net>
And once again, handy dandy whois tool tells us:
OrgName: Only Networking Inc. (ONLY2-DOM) OrgID: ONIO Address: 3443 North Central, 17th Floor City: Phoenix StateProv: AZ PostalCode: 85013 Country: US
ASNumber: 7136 ASName: ONLY ASHandle: AS7136 Comment: RegDate: 1996-09-16 Updated: 1996-09-16
TechHandle: DW19-ARIN TechName: Wayrynen, Darin TechPhone: +1-480-998-7237 TechEmail: darin@deru.net
Im finding it odd that not a single thing, other than the POC email for a questionable /16 and the ASN announcing questionable /16 has anything to do with deru.net.
Also, my friend google tells me this:
http://216.239.57.100/search?q=cache:aHJS20Er5m0C:members.aol.com/karima4483..., +Inc.%22&hl=en&ie=UTF-8
smlnk: http://smlnk.com/?21ZQK6FP
So it would appear that Datability Software Systems, Inc. was located in Natick, Mass, and became Penril Datability Networks
smlnk:http://smlnk.com/?08DJKDW3
It now appears that Penril Datability Networks was split up, with thier assets being aquired by Bay Networks, and Access Beyond.
smlnk: http://smlnk.com/?UHXEPYDC
That leaves us with Access Beyond, a manufacturer of remote access telecom products. And whose website is now owned by a cybersquatter.
Now the question at hand is, at which point did this hardware company become Deru.net, the Internet Service Provider you can trust? was this before, or after Penril Datability Networks Inc/Bay Networks/Access Beyond.?
Did everyone decide to move to arizona and start an ISP? or is this just another example of IP hijacking that we all find ourselves taking a look at.
Can deru.net provide documents that say they bought or were aquired by Datability Software Systems, Inc/Penril Datability Networks/Bay Networks/Access Beyond.?
There are other companies using this address space (eldosales.com) but they dont have the appearance of owning a possibly hijacked /16
Regards,
IP Police
Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2
Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427
... Like pondering why so many "backbones" still don't source filter their customers so we wouldn't have to play around with 500Kpps syn floods (with randomized ips) aimed at us on Friday nights...
i don't know either, but when you meet them, please tell them to read: http://www.faqs.org/rfcs/bcp/bcp38.html and http://www.icann.org/committees/security/sac004.htm
An anonymous coward arincop@hushmail.com wrote:
Did everyone decide to move to arizona and start an ISP? or is this just another example of IP hijacking that we all find ourselves taking a look at.
Is it any more unusual than a tiny ISP in originally headquartered in Phoenix Arizona moving to Massachusetts and taking over AS Number 1 previously registered to BBN, now registered to Genuity? Or who would believe a multi-billion dollar corporation, Worldcom moving its headquarters from Mississippi to Virginia and changing its name to MCI? Why is MCI.COM registered to an address in Richardson Texas instead of MCI's world headquarters in Virginia? And speaking about MCI, remember InternetMCI's ASN 3561. According to Arin 3561 is registered to an address in Carey North Carolina to some outfit called Cable & Wireless. But everyone knows that Cable & Wireless is really a UK firm; so isn't it suspicious that InternetMCI's ASN is now registered to an address in Carey North Carolina? The world changes, but registry information isn't always kept up to date. Companies often list the address of post office box for billing contacts, or perhaps an address of a subsidary such as the NOC or their legal department instead of their world headquarters. I can create a conspiracy theory for almost any old network block or asn on the Internet. Proving beyond a reasonable doubt seems to be impossible. In the early days "proof" often wasn't more than a phone call or an email. In the pre-CIDR days you didn't need to be a big company to get either an ASN or a Class B network. I don't have me e-mailbox from 14 years ago, so I would have a hard time proving something from that long ago. But it doesn't answer the basic questions. How do you tell the difference between a legitimate change and an illegitmate change? If ARIN makes it extremely difficult to update registry records, the records will get even more out of date. On the other hand if ARIN makes it too easy to update registry records, the wrong people can make unauthorized changes.
Thus spake arincop@hushmail.com
"Deru, the name you can trust, from people you can trust." - Quoted from www.deru.net
Ok, so this is the name you can trust, from the people you can trust, right? Well then, why would it appear that Deru.net, the local ISP you can trust is using hijacked ip space?
A wise man once told me the clearest sign you can't trust someone is when they insist that you can. Someone with a clear conscience doesn't use expressions like "trust me", "honestly", or "to tell the truth". S Stephen Sprunk "God does not play dice." --Albert Einstein CCIE #3723 "God is an inveterate gambler, and He throws the K5SSS dice at every possible opportunity." --Stephen Hawking
participants (5)
-
arincopļ¼ hushmail.com
-
Darin Wayrynen
-
Paul Vixie
-
Sean Donelan
-
Stephen Sprunk