Latest instalment of the "hijacked /16s" story
Another legacy /16, after the previous one - the sf bay packet radio /16 http://www.47-usc-230c2.org/chapter3.html This time 128.168/16 - and by the same group that seems to have acquired control of the earlier one. --srs -- Suresh Ramasubramanian (ops.lists@gmail.com)
Is the whole AS (33302) rogue like the AS advertising the SF Bay Packet Radio block is? Looking at the WHOIS for some of the prefixes advertised by both ASs, I see some common company names. That would lead me to believe that 33302 is no better than 33211 but I can't confirm that. Any takers? Justin Suresh Ramasubramanian wrote:
Another legacy /16, after the previous one - the sf bay packet radio /16
http://www.47-usc-230c2.org/chapter3.html
This time 128.168/16 - and by the same group that seems to have acquired control of the earlier one.
--srs
On Wed, Jun 18, 2008 at 9:40 AM, Justin Shore <justin@justinshore.com> wrote:
Is the whole AS (33302) rogue like the AS advertising the SF Bay Packet Radio block is? Looking at the WHOIS for some of the prefixes advertised by both ASs, I see some common company names. That would lead me to believe that 33302 is no better than 33211 but I can't confirm that. Any takers?
Not sure. The AS announces some more but an arin query for DATA102 simply has this /16 and a smaller netblock That 47-usc site is not mine either .. its by Ron Guilmette, interviewed in the Wash Post - http://blog.washingtonpost.com/securityfix/2008/04/a_case_of_network_identit... suresh@frodo 22:17:45 <~> $ whois -h whois.arin.net Data102* Data102 Abuse Team (DAT13-ARIN) abuse@data102.com +1-719-578-8842 Data102 Network Ops (DNO44-ARIN) netops@data102.com +1-719-578-8842 Data Works Inc DATA102984 (NET-63-243-82-144-1) 63.243.82.144 - 63.243.82.159 Gold Hill Computers DATA102 (NET-128-168-0-0-1) 128.168.0.0 - 128.168.255.255
Suresh Ramasubramanian wrote:
Another legacy /16, after the previous one - the sf bay packet radio /16 http://www.47-usc-230c2.org/chapter3.html This time 128.168/16 - and by the same group that seems to have acquired control of the earlier one.
luckily, there is no black market in address space. or at least so the theory goes on arin and ripe public policy lists. randy
And there is also no black market in credit card, social security, and PIN numbers. "See no evil, hear no evil, fear no evil"
-----Original Message----- From: Randy Bush [mailto:randy@psg.com] Sent: Tuesday, June 17, 2008 10:56 PM To: Suresh Ramasubramanian Cc: nanog@nanog.org Subject: Re: Latest instalment of the "hijacked /16s" story
Another legacy /16, after the previous one - the sf bay
Suresh Ramasubramanian wrote: packet radio
/16 http://www.47-usc-230c2.org/chapter3.html This time 128.168/16 - and by the same group that seems to have acquired control of the earlier one.
luckily, there is no black market in address space. or at least so the theory goes on arin and ripe public policy lists.
randy
On Tue, Jun 17, 2008 at 10:59:21PM -0700, Tomas L. Byrnes wrote: [snip]
"See no evil, hear no evil, fear no evil"
The (human) operators who cared have been pushed out by the (coprorate) operators who would rather disavow responsibility, turn up quickly, and book the revenue instead of vetting any customer claims for basis in fact or reason. Customer filtering -even when black hats drive an AS- is Not Hard if the backbones (nets) displayed actual backbone (spine). -- RSUC / GweepNet / Spunk / FnB / Usenix / SAGE
On Jun 18, 2008, at 7:57 AM, Joe Provo wrote:
On Tue, Jun 17, 2008 at 10:59:21PM -0700, Tomas L. Byrnes wrote: [snip]
"See no evil, hear no evil, fear no evil"
The (human) operators who cared have been pushed out by the (coprorate) operators who would rather disavow responsibility, turn up quickly, and book the revenue instead of vetting any customer claims for basis in fact or reason. Customer filtering -even when black hats drive an AS- is Not Hard if the backbones (nets) displayed actual backbone (spine).
I would argue the same for any/all security issues. If people would just shut off $VALUE, we'd have a lot fewer problems on the network. I will concede the problem is making it scale and viable for some parties. The ones that don't make the inherent security of the global network a priority are dragging the average down. - jared VALUE = ( infected host ip/customer, route leaker/hijacker, nonfiltering customer, ... )
The (human) operators who cared have been pushed out by the (coprorate) operators who would rather disavow responsibility, turn up quickly, and book the revenue instead of vetting any customer claims for basis in fact or reason. Customer filtering -even when black hats drive an AS- is Not Hard if the backbones (nets) displayed actual backbone (spine).
there is a reason i am in japan. well, many actually. randy
http://www.47-usc-230c2.org/chapter3.html This time 128.168/16 - and by the same group that seems to have acquired control of the earlier one.
luckily, there is no black market in address space. or at least so the theory goes on arin and ripe public policy lists.
No, the theory goes that there *IS* a black market and changing ARIN or RIPE policies to make it a white market would be a bad idea. Better to help ARIN to document the fact that this is not a valid allocation so that they can recover the block. --Michael Dillon
participants (8)
-
Jared Mauch -
Joe Provo -
Justin Shore -
michael.dillon@bt.com -
ops.lists@gmail.com -
Randy Bush -
Suresh Ramasubramanian
-
Tomas L. Byrnes