This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[anti-abuse-wg] AS200439 (LLC Stadis) hijacking IP space
- Previous message (by thread): [anti-abuse-wg] AS200439 (LLC Stadis) hijacking IP space
- Next message (by thread): [anti-abuse-wg] AS200439 (LLC Stadis) hijacking IP space
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Lu Heng
h.lu at anytimechinese.com
Thu Oct 29 13:00:22 CET 2015
what their up stream say On Thu, Oct 29, 2015 at 12:53 PM, furio ercolessi <furio+as at spin.it> wrote: > Just in case someone is not aware of this and is interested, > AS200439 is actively engaged in announcing unallocated APNIC IP ranges > and using them to pump out spam. > > Excerpt from http://bgp.he.net/AS200439#_bogons : > > Bogon Prefixes > > # Prefix Type > 1 103.9.132.0/22 unallocated > 2 103.10.44.0/22 unallocated > 3 103.10.172.0/22 unallocated > 4 103.10.236.0/22 unallocated > 5 103.11.0.0/22 unallocated > 6 103.20.68.0/22 unallocated > 7 103.21.8.0/22 unallocated > 8 103.21.236.0/22 unallocated > 9 103.22.140.0/22 unallocated > 10 103.22.204.0/22 unallocated > 11 103.22.244.0/22 unallocated > 12 103.23.204.0/22 unallocated > 13 103.25.120.0/22 unallocated > 14 103.26.76.0/22 unallocated > 15 160.19.228.0/22 unallocated > 16 160.20.16.0/22 unallocated > 17 160.20.36.0/22 unallocated > 18 160.20.76.0/22 unallocated > 19 160.20.104.0/22 unallocated > 20 163.227.216.0/22 unallocated > 21 203.148.88.0/22 unallocated > 22 203.160.132.0/22 unallocated > 23 203.176.124.0/22 unallocated > 24 203.189.248.0/22 unallocated > 25 203.189.252.0/22 unallocated > 26 203.190.32.0/22 unallocated > 27 203.212.28.0/22 unallocated > 28 203.217.164.0/22 unallocated > 29 220.247.132.0/22 unallocated > 30 223.25.252.0/22 unallocated > > These gentlemen appear to be a relatively new LIR, less than > 4 months old. > > Without doubt the activity is some terrible mistake caused by > a young sysop that will be fired on the spot, but the possibility > that their BGP equipment has been hacked or had a virus inside > should obviously also considered. > > aut-num: AS200439 > as-name: STADIS-LLC-AS > descr: LLC Stadis > org: ORG-LS213-RIPE > sponsoring-org: ORG-TL122-RIPE > import: from AS35297 accept ANY > export: to AS35297 announce AS200439 > import: from AS12695 accept ANY > export: to AS12695 announce AS200439 > admin-c: SO3128-RIPE > import: from AS58271 accept ANY > export: to AS58271 announce AS200439 > tech-c: SO3128-RIPE > remarks: For information on "status:" attribute read > https://www.ripe.net/data-tools/db/faq/faq-status-values-legacy-resources > status: ASSIGNED > mnt-by: RIPE-NCC-END-MNT > mnt-by: STADIS-MNT > mnt-routes: STADIS-MNT > created: 2015-07-03T08:34:46Z > last-modified: 2015-07-20T17:23:57Z > source: RIPE # Filtered > > organisation: ORG-LS213-RIPE > org-name: LLC Stadis > org-type: OTHER > address: Russia, Ekaterinburg, str. A.Valeka 13, office 401 > mnt-ref: STADIS-MNT > mnt-by: STADIS-MNT > created: 2015-07-01T11:18:09Z > last-modified: 2015-07-01T11:18:09Z > source: RIPE # Filtered > > furio > > > -- -- Kind regards. Lu -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/anti-abuse-wg/attachments/20151029/07af42dd/attachment.html>
- Previous message (by thread): [anti-abuse-wg] AS200439 (LLC Stadis) hijacking IP space
- Next message (by thread): [anti-abuse-wg] AS200439 (LLC Stadis) hijacking IP space
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]