This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] AS200439 (LLC Stadis) hijacking IP space
- Previous message (by thread): [anti-abuse-wg] ICANN's "Money Grab"
- Next message (by thread): [anti-abuse-wg] AS200439 (LLC Stadis) hijacking IP space
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
furio ercolessi
furio+as at spin.it
Thu Oct 29 12:53:34 CET 2015
Just in case someone is not aware of this and is interested, AS200439 is actively engaged in announcing unallocated APNIC IP ranges and using them to pump out spam. Excerpt from http://bgp.he.net/AS200439#_bogons : Bogon Prefixes # Prefix Type 1 103.9.132.0/22 unallocated 2 103.10.44.0/22 unallocated 3 103.10.172.0/22 unallocated 4 103.10.236.0/22 unallocated 5 103.11.0.0/22 unallocated 6 103.20.68.0/22 unallocated 7 103.21.8.0/22 unallocated 8 103.21.236.0/22 unallocated 9 103.22.140.0/22 unallocated 10 103.22.204.0/22 unallocated 11 103.22.244.0/22 unallocated 12 103.23.204.0/22 unallocated 13 103.25.120.0/22 unallocated 14 103.26.76.0/22 unallocated 15 160.19.228.0/22 unallocated 16 160.20.16.0/22 unallocated 17 160.20.36.0/22 unallocated 18 160.20.76.0/22 unallocated 19 160.20.104.0/22 unallocated 20 163.227.216.0/22 unallocated 21 203.148.88.0/22 unallocated 22 203.160.132.0/22 unallocated 23 203.176.124.0/22 unallocated 24 203.189.248.0/22 unallocated 25 203.189.252.0/22 unallocated 26 203.190.32.0/22 unallocated 27 203.212.28.0/22 unallocated 28 203.217.164.0/22 unallocated 29 220.247.132.0/22 unallocated 30 223.25.252.0/22 unallocated These gentlemen appear to be a relatively new LIR, less than 4 months old. Without doubt the activity is some terrible mistake caused by a young sysop that will be fired on the spot, but the possibility that their BGP equipment has been hacked or had a virus inside should obviously also considered. aut-num: AS200439 as-name: STADIS-LLC-AS descr: LLC Stadis org: ORG-LS213-RIPE sponsoring-org: ORG-TL122-RIPE import: from AS35297 accept ANY export: to AS35297 announce AS200439 import: from AS12695 accept ANY export: to AS12695 announce AS200439 admin-c: SO3128-RIPE import: from AS58271 accept ANY export: to AS58271 announce AS200439 tech-c: SO3128-RIPE remarks: For information on "status:" attribute read https://www.ripe.net/data-tools/db/faq/faq-status-values-legacy-resources status: ASSIGNED mnt-by: RIPE-NCC-END-MNT mnt-by: STADIS-MNT mnt-routes: STADIS-MNT created: 2015-07-03T08:34:46Z last-modified: 2015-07-20T17:23:57Z source: RIPE # Filtered organisation: ORG-LS213-RIPE org-name: LLC Stadis org-type: OTHER address: Russia, Ekaterinburg, str. A.Valeka 13, office 401 mnt-ref: STADIS-MNT mnt-by: STADIS-MNT created: 2015-07-01T11:18:09Z last-modified: 2015-07-01T11:18:09Z source: RIPE # Filtered furio
- Previous message (by thread): [anti-abuse-wg] ICANN's "Money Grab"
- Next message (by thread): [anti-abuse-wg] AS200439 (LLC Stadis) hijacking IP space
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]