This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] hosting with anonymous whois
- Previous message (by thread): [anti-abuse-wg] hosting with anonymous whois
- Next message (by thread): [anti-abuse-wg] hosting with anonymous whois
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
furio ercolessi
furio+as at spin.it
Sun Jan 13 11:13:35 CET 2013
On Sat, Jan 12, 2013 at 08:43:11PM +0100, Karl-Josef Ziegler wrote: > Hello! > > Today I go a spam for pillz (CAPRXPHARMACY.RU) 'hosted' at IP > 84.22.104.117. This IP is of course listed at Spamhaus: > > http://www.spamhaus.org/sbl/query/SBL99505 > > http://www.spamhaus.org/sbl/query/SBL99505 > > and this 'hoster' has a very long list (118 entries) at Spamhaus: > > http://www.spamhaus.org/sbl/listings/cb3rob.net > > and is on place no. 1 at Spamhaus: > > http://www.spamhaus.org/statistics/networks/ > > Whois says: > > address: Customer did not enter their own contact details yet > > A research says: > > Ministry of Telecommunications, > One CyberBunker Avenue > CB-10000 > CyberBunker-1 > Republic CyberBunker > > C/O > > CB3ROB LLTC. > Company reg. #8 > CyberBunker trade register. > One CyberBunker Avenue > CB-10000 > CyberBunker-1 > Republic CyberBunker > > So is it really possible to get an IP block with anonymous whois entries > at RIPE? The inetnum object for 84.22.104.112/29 was created by 'CUSTOMER-RESOURCES-MNT' which are the criminals themselves, so the question should probably be rephrased into: "How can it happen that a criminal group can keep resources allocated for such a long time, and how can it happen that they can still find companies allowing them to connect to the Internet?". The first question is probably more relevant for law enforcement than for RIPE NCC, the second seems related with greediness and corporate dumbness winning over ethics and reputation. See also: http://www.spamhaus.org/news/article/673/ , http://www.theregister.co.uk/2011/10/20/spamhaus_a2b_row/ . According to the Spamhaus article, transit providers connecting CB3ROB up to october 2011 included Ecatel.net, Grafix.nl, datahouse.nl and the famous a2b-internet.com who even fought back antiabuse organizations rather than thanking them. After those, it was the turn of Inteliquent (former TINET) and Tata Communications, still connecting them. CB3ROB is also connected through Idear4business which is another very questionable outfit. furio
- Previous message (by thread): [anti-abuse-wg] hosting with anonymous whois
- Next message (by thread): [anti-abuse-wg] hosting with anonymous whois
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]