This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[anti-abuse-wg] Hijack Factory: AS201640 / AS200002
- Previous message (by thread): [anti-abuse-wg] Revised Minutes, RIPE 68
- Next message (by thread): [anti-abuse-wg] Hijack Factory: AS201640 / AS200002
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ronald F. Guilmette
rfg at tristatelogic.com
Wed Nov 5 22:38:18 CET 2014
How does one go about making a formal request to RIPE NCC to investigate a given AS registrant/registration? Given that AS201640 appears to exist exclusively for the purpose of hijacking multiple/numerous blocks of IPv4 space that it rather clearly has no rights to, I would like to formally lodge exactly such a request. http://blogs.cisco.com/security/talos/help-my-ip-address-has-been-hijacked/ http://mailman.nanog.org/pipermail/nanog/2014-October/071056.html This is ongoing, as we speak. Among the many IP blocks being hijacked, one of them even belongs to the Taiwan Network Information Center. Note that the hijacked IP space is being used, perhaps by multiple parties, by also by at least one convicted felon, and for one very specific purpose... http://krebsonsecurity.com/2014/11/still-spamming-after-all-these-years/ Regards, rfg P.S. To be clear, I would like to see there be an investigation of _both_ AS201640 and also the one and only other AS that appears to connect AS201640 to the rest of the world, i.e. AS200002. Somebody please help me here. I did try to read at least one of the official RIPE NCC registration requirement documents yesterday, and I was left with the impression... perhaps incorrect on my part... that in order to obtain an AS, the network in question must be multi-homed. Doesn't that mean that the network in question must have connectivity to the outside world via *more than one* other AS? P.P.S. Unlike RIPE number resource allocations, it _is_ easily possible to find the registration date for most domain names in most TLDs. The AS primarily at issue here is AS201640 and it seems to be associated with a (contact) domain name of "grimhosting.com". (The associated web site, by the way, is _not_ hosted within any IP space which is being announced by AS201640. Rather it is hosted on Cloudflare.) Anyway, the registration date for the domain name grimhosting.com is 2014-06-18. The person name on the registration for both the AS and that domain name is "Bogomil Simeonov". In the domain name registration, this name is associated with the e-mail address <simeonov_zepter at abv.bg>. That address in turn seems to be associated with some company named Zepter Bulgaria Ltd., which is apparently a "direct sales" organization, and also, perhaps, with the young man who is pictured in/on this web page: http://cv-simeonov.hit.bg/
- Previous message (by thread): [anti-abuse-wg] Revised Minutes, RIPE 68
- Next message (by thread): [anti-abuse-wg] Hijack Factory: AS201640 / AS200002
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]