This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[anti-abuse-wg] Fwd: Prefix hijacking by Michael Lindsay via Internap

Previous message (by thread): [anti-abuse-wg] RIPE NCC Abuse Complaints, Audits and Reports
Next message (by thread): [anti-abuse-wg] Introduction - Eric FREYSSINET

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Suresh Ramasubramanian ops.lists at gmail.com
Sun Aug 21 04:47:18 CEST 2011

Nice little thread on nanog that is rather a propos to what we're discussing.

---------- Forwarded message ----------
From: Denis Spirin <noc at link-telecom.net>
Date: Sun, Aug 21, 2011 at 6:35 AM
Subject: Prefix hijacking by Michael Lindsay via Internap
To: nanog at nanog.org

Hello All,

I was hired by the Russian ISP company to get it back to the business. Due
to impact of the financial crisis, the company was almost bankrupt, but then
found the investor and have a big wish to life again.

When I tried to announce it's networks, upstreams rejected to accept it
because of Spamhaus listings. But our employer sworn there is not and was
not any spamming from the company. The Spamhaus lists all our networks as
spamming Zombies. And it IS announced and used now!!! The announce is from
American based company Internap (AS12182). I wrote the abuse report them,
but instead of stop unauthorized announces of our networks, I was contacted
by a person named 'Michael Lindsay' - he tell me he buy our networks from
some other people and demand we get back our abuse reports. Of course, we
don't. After a short googling, I found this is well-known cyber crime
person: http://www.spamhaus.org/rokso/listing.lasso?file=818&skip=0, and he
did IP hijacking with the fake letter of authorization before:
http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK8686 so our company
is not a first victim of him. Yes, our company "help" him with the mistake
of loosing old domain link-telecom.biz he was also squatted. This domain was
listed as contact at RIPE Database.

It is a good topic why these easy-to-forge LOAs is still in use, as
RADB/RIPE DB/other routing database with the password access is a common
thing. But this is not the main thing. The main thing is why Internap helps
to commit a crime to the well-known felony person, and completely ignores
our requests? Is there any way to push them to stop doing that immediately?
If anybody can - please help...

-- 
Suresh Ramasubramanian (ops.lists at gmail.com)

Previous message (by thread): [anti-abuse-wg] RIPE NCC Abuse Complaints, Audits and Reports
Next message (by thread): [anti-abuse-wg] Introduction - Eric FREYSSINET

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ anti-abuse-wg Archives ]