This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] Fwd: Prefix hijacking by Michael Lindsay via Internap
- Previous message (by thread): [anti-abuse-wg] RIPE NCC Abuse Complaints, Audits and Reports
- Next message (by thread): [anti-abuse-wg] Introduction - Eric FREYSSINET
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Suresh Ramasubramanian
ops.lists at gmail.com
Sun Aug 21 04:47:18 CEST 2011
Nice little thread on nanog that is rather a propos to what we're discussing. ---------- Forwarded message ---------- From: Denis Spirin <noc at link-telecom.net> Date: Sun, Aug 21, 2011 at 6:35 AM Subject: Prefix hijacking by Michael Lindsay via Internap To: nanog at nanog.org Hello All, I was hired by the Russian ISP company to get it back to the business. Due to impact of the financial crisis, the company was almost bankrupt, but then found the investor and have a big wish to life again. When I tried to announce it's networks, upstreams rejected to accept it because of Spamhaus listings. But our employer sworn there is not and was not any spamming from the company. The Spamhaus lists all our networks as spamming Zombies. And it IS announced and used now!!! The announce is from American based company Internap (AS12182). I wrote the abuse report them, but instead of stop unauthorized announces of our networks, I was contacted by a person named 'Michael Lindsay' - he tell me he buy our networks from some other people and demand we get back our abuse reports. Of course, we don't. After a short googling, I found this is well-known cyber crime person: http://www.spamhaus.org/rokso/listing.lasso?file=818&skip=0, and he did IP hijacking with the fake letter of authorization before: http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK8686 so our company is not a first victim of him. Yes, our company "help" him with the mistake of loosing old domain link-telecom.biz he was also squatted. This domain was listed as contact at RIPE Database. It is a good topic why these easy-to-forge LOAs is still in use, as RADB/RIPE DB/other routing database with the password access is a common thing. But this is not the main thing. The main thing is why Internap helps to commit a crime to the well-known felony person, and completely ignores our requests? Is there any way to push them to stop doing that immediately? If anybody can - please help... -- Suresh Ramasubramanian (ops.lists at gmail.com)
- Previous message (by thread): [anti-abuse-wg] RIPE NCC Abuse Complaints, Audits and Reports
- Next message (by thread): [anti-abuse-wg] Introduction - Eric FREYSSINET
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]