This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] Notice: Fradulent RIPE ASNs
- Previous message (by thread): [anti-abuse-wg] Notice: Fradulent RIPE ASNs
- Next message (by thread): [anti-abuse-wg] Notice: Fradulent RIPE ASNs
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Suresh Ramasubramanian
ops.lists at gmail.com
Tue Jan 15 01:12:56 CET 2013
The last time a romanian I know checked, most of these appear to be set up with business registration that was valid at the time the netblocks were registered but mostly lapsed a year or so later. Almost as if someone in bucharest walks into a bar, pays people there a few euro in drinking money if they will let their ID get used to register a shell company that can then register for a /16 or larger netblock. --srs (htc one x) On 15-Jan-2013 4:30 AM, "Ronald F. Guilmette" <rfg at tristatelogic.com> wrote: > > After a careful investigation, I am of the opinion that each of the > following 18 ASNs was registered (via RIPE) with fradulent information > purporting to represent the identity of the true registrant, and that > in fact, all 18 of these ASNs were registered by a single party, > apparently as part of a larger scheme to provide IP space to various > snowshoe spammers. > > Evidence I have in hand strongly links this scheme and these ASNs and > their associated IPv4 route announcements to Jump Network Services, > aka JUMP.RO. Furthermore, all of these ASNs are apparently peering > with exactly and only the same two other ASNs in all cases, i.e. > GTS Telecom SRL (AS5606) and Net Vision Telecom SRL (AS39737). These > peers and the fradulent ASNs listed below are all apparently originated > out of Romania. > > AS16011 (fiberwelders.ro) > AS28822 (creativitaterpm.ro) > AS48118 (telecomhosting.ro) > AS49210 (rom-access.ro) > AS50659 (grandnethost.com) > AS57131 (speedconnecting.ro) > AS57133 (nordhost.ro) > AS57135 (fastcable.ro) > AS57176 (bucovinanetwork.ro) > AS57184 (kaboomhost.ro) > AS57415 (highwayinternet.ro) > AS57695 (effidata.ro) > AS57724 (id-trafic.ro) > AS57738 (mclick.ro) > AS57786 (hosting-www.ro) > AS57837 (romtechinnovation.ro) > AS57906 (momy.ro) > AS57917 (nature-design.ro) > > At present, the above 18 ASNs are currently announcing routes for a total > amount of IP space equal to 1,022 /24s, which is the rough equivalent of > an entire /14 block. These IPv4 route announcements are listed below, > sorted by IPv4 (32-bit) start address. > > Additional potentially relevant background information: > > > http://threatpost.com/en_us/blogs/attackers-buying-own-data-centers-botnets-spam-122109 > > http://www.spamhaus.org/rokso/evidence/ROK9107/world-company-register-eu-business-register/rogue-ases-as43332-as44414-as44520-as49173-as49643 > http://www.spamhaus.org/sbl/listings/jump.ro > > > Current route announcements: > > 31.14.30.0/24 > 31.14.32.0/24 > 31.14.33.0/24 > 31.14.34.0/23 > 31.14.36.0/22 > 31.14.40.0/22 > 31.14.44.0/24 > 31.14.45.0/24 > 31.14.46.0/23 > 31.14.48.0/24 > 31.14.49.0/24 > 31.14.50.0/23 > 31.14.52.0/22 > 31.14.56.0/21 > 31.14.64.0/24 > 31.14.65.0/24 > 31.14.66.0/23 > 31.14.68.0/22 > 31.14.72.0/21 > 31.14.80.0/20 > 31.14.112.0/20 > 31.14.144.0/20 > 37.153.128.0/22 > 37.153.132.0/22 > 37.153.140.0/22 > 37.153.144.0/21 > 37.153.152.0/22 > 37.153.160.0/21 > 37.153.168.0/22 > 37.153.172.0/23 > 37.153.174.0/23 > 37.153.176.0/20 > 37.156.0.0/22 > 37.156.4.0/22 > 37.156.8.0/21 > 37.156.16.0/23 > 37.156.18.0/23 > 37.156.20.0/23 > 37.156.22.0/23 > 37.156.24.0/23 > 37.156.26.0/23 > 37.156.28.0/23 > 37.156.30.0/23 > 37.156.36.0/24 > 37.156.37.0/24 > 37.156.38.0/23 > 37.156.48.0/21 > 37.156.56.0/22 > 37.156.100.0/22 > 37.156.104.0/22 > 37.156.108.0/22 > 37.156.112.0/20 > 37.156.128.0/20 > 37.156.144.0/22 > 37.156.148.0/22 > 37.156.152.0/21 > 37.156.160.0/21 > 37.156.168.0/22 > 37.156.172.0/23 > 37.156.180.0/23 > 37.156.184.0/22 > 37.156.188.0/22 > 37.156.208.0/22 > 37.156.216.0/22 > 37.156.224.0/24 > 37.156.225.0/24 > 37.156.226.0/23 > 37.156.228.0/23 > 37.156.230.0/23 > 37.156.232.0/23 > 37.156.234.0/23 > 37.156.236.0/23 > 37.156.238.0/23 > 37.156.240.0/21 > 37.156.248.0/22 > 37.156.252.0/22 > 46.102.128.0/20 > 46.102.144.0/20 > 46.102.160.0/21 > 77.81.120.0/23 > 77.81.126.0/24 > 77.81.160.0/22 > 84.247.4.0/22 > 84.247.18.0/23 > 84.247.40.0/22 > 85.204.18.0/24 > 85.204.20.0/23 > 85.204.30.0/23 > 85.204.36.0/22 > 85.204.54.0/23 > 85.204.64.0/23 > 85.204.66.0/24 > 85.204.76.0/23 > 85.204.96.0/23 > 85.204.104.0/23 > 85.204.120.0/24 > 85.204.121.0/24 > 85.204.124.0/24 > 85.204.132.0/23 > 85.204.152.0/23 > 85.204.176.0/21 > 85.204.194.0/23 > 86.104.0.0/23 > 86.104.2.0/24 > 86.104.4.0/24 > 86.104.9.0/24 > 86.104.10.0/24 > 86.104.96.0/21 > 86.104.115.0/24 > 86.104.116.0/24 > 86.104.118.0/23 > 86.104.121.0/24 > 86.104.122.0/23 > 86.104.132.0/23 > 86.104.192.0/24 > 86.104.195.0/24 > 86.104.212.0/23 > 86.104.215.0/24 > 86.104.240.0/22 > 86.104.245.0/24 > 86.104.248.0/23 > 86.105.178.0/24 > 86.105.195.0/24 > 86.105.196.0/24 > 86.105.200.0/22 > 86.105.225.0/24 > 86.105.227.0/24 > 86.105.230.0/24 > 86.105.242.0/23 > 86.105.248.0/22 > 86.106.0.0/21 > 86.106.8.0/23 > 86.106.10.0/24 > 86.106.11.0/24 > 86.106.12.0/24 > 86.106.24.0/24 > 86.106.25.0/24 > 86.106.90.0/24 > 86.106.95.0/24 > 86.106.169.0/24 > 86.107.8.0/21 > 86.107.28.0/23 > 86.107.74.0/23 > 86.107.104.0/24 > 86.107.195.0/24 > 86.107.216.0/21 > 86.107.242.0/23 > 89.32.122.0/23 > 89.32.176.0/23 > 89.32.192.0/23 > 89.32.196.0/23 > 89.32.204.0/24 > 89.33.46.0/23 > 89.33.108.0/23 > 89.33.117.0/24 > 89.33.168.0/21 > 89.33.233.0/24 > 89.33.246.0/24 > 89.33.255.0/24 > 89.34.16.0/22 > 89.34.94.0/23 > 89.34.102.0/23 > 89.34.112.0/21 > 89.34.128.0/20 > 89.34.148.0/23 > 89.34.200.0/23 > 89.34.216.0/23 > 89.34.236.0/22 > 89.35.32.0/24 > 89.35.56.0/24 > 89.35.77.0/24 > 89.35.133.0/24 > 89.35.156.0/23 > 89.35.176.0/23 > 89.35.196.0/24 > 89.35.240.0/21 > 89.36.16.0/23 > 89.36.32.0/23 > 89.36.34.0/24 > 89.36.35.0/24 > 89.36.96.0/21 > 89.36.104.0/21 > 89.36.178.0/23 > 89.36.182.0/23 > 89.36.184.0/21 > 89.36.226.0/23 > 89.36.236.0/22 > 89.37.48.0/21 > 89.37.64.0/22 > 89.37.76.0/22 > 89.37.102.0/23 > 89.37.107.0/24 > 89.37.129.0/24 > 89.37.133.0/24 > 89.37.143.0/24 > 89.37.240.0/21 > 89.38.26.0/24 > 89.38.216.0/22 > 89.38.220.0/22 > 89.39.76.0/22 > 89.39.168.0/22 > 89.39.180.0/23 > 89.39.216.0/22 > 89.40.40.0/24 > 89.40.66.0/24 > 89.40.133.0/24 > 89.40.240.0/21 > 89.40.254.0/23 > 89.41.16.0/21 > 89.41.44.0/22 > 89.42.27.0/24 > 89.42.33.0/24 > 89.42.150.0/23 > 89.42.208.0/23 > 89.43.182.0/23 > 89.43.184.0/23 > 89.43.216.0/21 > 89.43.224.0/21 > 89.44.94.0/23 > 89.44.115.0/24 > 89.44.120.0/21 > 89.44.190.0/23 > 89.45.11.0/24 > 89.45.14.0/24 > 89.45.72.0/21 > 89.45.126.0/23 > 89.46.8.0/22 > 89.46.44.0/23 > 89.46.47.0/24 > 89.46.60.0/24 > 89.46.88.0/22 > 89.46.192.0/21 > 89.47.34.0/24 > 89.47.44.0/22 > 92.114.36.0/24 > 92.114.38.0/24 > 92.114.83.0/24 > 93.113.216.0/22 > 93.114.24.0/21 > 93.114.85.0/24 > 93.114.86.0/23 > 93.114.128.0/24 > 93.114.133.0/24 > 93.115.32.0/23 > 93.115.62.0/23 > 93.115.130.0/23 > 93.115.134.0/23 > 93.115.138.0/23 > 93.115.142.0/23 > 93.115.192.0/21 > 93.115.253.0/24 > 93.117.112.0/21 > 93.117.120.0/21 > 93.119.112.0/23 > 93.119.118.0/23 > 93.119.120.0/23 > 93.119.124.0/23 > 94.176.224.0/20 > 176.126.168.0/23 > 176.126.170.0/23 > 176.126.172.0/23 > 176.126.174.0/23 > 176.223.64.0/23 > 176.223.108.0/24 > 176.223.111.0/24 > 176.223.116.0/23 > 176.223.118.0/24 > 176.223.167.0/24 > 176.223.172.0/22 > 176.223.176.0/24 > 176.223.177.0/24 > 176.223.178.0/23 > 176.223.190.0/24 > 188.212.22.0/24 > 188.212.48.0/20 > 188.213.64.0/20 > 188.213.112.0/22 > 188.213.116.0/23 > 188.213.118.0/24 > 188.213.119.0/24 > 188.213.120.0/23 > 188.213.122.0/23 > 188.213.124.0/22 > 188.213.144.0/20 > 188.213.176.0/22 > 188.213.180.0/22 > 188.213.184.0/22 > 188.213.188.0/22 > 188.215.18.0/23 > 188.215.20.0/22 > 188.215.192.0/19 > 188.241.188.0/23 > 188.241.192.0/22 > 217.19.4.0/24 > > -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/anti-abuse-wg/attachments/20130115/3bef2d3f/attachment.html>
- Previous message (by thread): [anti-abuse-wg] Notice: Fradulent RIPE ASNs
- Next message (by thread): [anti-abuse-wg] Notice: Fradulent RIPE ASNs
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]