This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] Hijack Factory: AS201640 / AS200002
- Previous message (by thread): [anti-abuse-wg] Hijack Factory: AS201640 / AS200002
- Next message (by thread): [anti-abuse-wg] Hijack Factory: AS201640 / AS200002
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Laura Cobley
laura at ripe.net
Thu Nov 6 15:27:14 CET 2014
Dear Ronald and all, The RIPE NCC investigates reports about Internet number resource registrations. These fall into different categories: - Violation of RIPE Policies and RIPE NCC Procedures - Provision of untruthful information to the RIPE NCC - Bankruptcy, liquidation or insolvency - Incorrect contact information in the RIPE Database You can read more about the procedure together with a link for submitting a report at: https://www.ripe.net/contact/reporting-procedure Kind regards, Laura Cobley Customer Services Manager RIPE NCC On 05/11/14 21:38, Ronald F. Guilmette wrote: > How does one go about making a formal request to RIPE NCC to investigate > a given AS registrant/registration? > > Given that AS201640 appears to exist exclusively for the purpose of > hijacking multiple/numerous blocks of IPv4 space that it rather clearly > has no rights to, I would like to formally lodge exactly such a request. > > http://blogs.cisco.com/security/talos/help-my-ip-address-has-been-hijacked/ > > http://mailman.nanog.org/pipermail/nanog/2014-October/071056.html > > This is ongoing, as we speak. Among the many IP blocks being hijacked, > one of them even belongs to the Taiwan Network Information Center. > > Note that the hijacked IP space is being used, perhaps by multiple > parties, by also by at least one convicted felon, and for one very > specific purpose... > > http://krebsonsecurity.com/2014/11/still-spamming-after-all-these-years/ > > > Regards, > rfg > > > P.S. To be clear, I would like to see there be an investigation of > _both_ AS201640 and also the one and only other AS that appears to > connect AS201640 to the rest of the world, i.e. AS200002. > > Somebody please help me here. I did try to read at least one of the > official RIPE NCC registration requirement documents yesterday, and > I was left with the impression... perhaps incorrect on my part... that > in order to obtain an AS, the network in question must be multi-homed. > Doesn't that mean that the network in question must have connectivity > to the outside world via *more than one* other AS? > > > P.P.S. Unlike RIPE number resource allocations, it _is_ easily possible > to find the registration date for most domain names in most TLDs. The > AS primarily at issue here is AS201640 and it seems to be associated > with a (contact) domain name of "grimhosting.com". (The associated web > site, by the way, is _not_ hosted within any IP space which is being > announced by AS201640. Rather it is hosted on Cloudflare.) Anyway, > the registration date for the domain name grimhosting.com is 2014-06-18. > > The person name on the registration for both the AS and that domain name > is "Bogomil Simeonov". In the domain name registration, this name is > associated with the e-mail address <simeonov_zepter at abv.bg>. That address > in turn seems to be associated with some company named Zepter Bulgaria Ltd., > which is apparently a "direct sales" organization, and also, perhaps, with > the young man who is pictured in/on this web page: > > http://cv-simeonov.hit.bg/ > > >
- Previous message (by thread): [anti-abuse-wg] Hijack Factory: AS201640 / AS200002
- Next message (by thread): [anti-abuse-wg] Hijack Factory: AS201640 / AS200002
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]