This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] More funny business involvolving the RIPE Route Registry
- Previous message (by thread): [anti-abuse-wg] Not Abuse
- Next message (by thread): [anti-abuse-wg] Abuse Police
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ronald F. Guilmette
rfg at tristatelogic.com
Tue Aug 15 12:02:50 CEST 2017
I'd like to call the attention of all of you to a NANOG posting that I made recently: https://mailman.nanog.org/pipermail/nanog/2017-August/091954.html It would appear that the network AS29073, formerly known as Ecatel, and also formerly known as Quasi Networks, and now known as Novogara Ltd. may be having a spot of bother soon. The English translation of a document that I was given a link to today appears to indicate that some or all of the principals behind this specific "bullterpoof hosting" company have been ordered by a Dutch court to answer some pointed questions about their ownnership and/or control over this "Seychelles Islands" company, and perhaps also about their alleged tendency to provide hosting for other people's intellectual property: https://uitspraken.rechtspraak.nl/inziendocument?id=ECLI:NL:RBDHA:2017:9026&showbutton=true That, of course, is not really -my- main concern. I am at the moment rather more concerned about the manner in which they came to be doing routing for a particular legacy Afrinic /14 block, i.e. the 196.16.0.0/14 block. That has not been adequately explained as of now, I think. I wonder if any of you on this list peer with this network, AS29073 and if so, why. It seems to have a rather colorful reputation, to say the least: http://www.cyberlightglobal.com/is-another-attack-on-western-financial-institutions-imminent/ http://news.softpedia.com/news/complex-bitcoin-phishing-scheme-leads-back-to-rogue-web-hosting-firm-505511.shtml https://umbrella.cisco.com/blog/2016/06/20/bitcoin-wallet-phishes-reveal-rogue-hosts/ https://techcrunch.com/2012/08/04/grum-inside-the-takedown-of-one-of-the-worlds-biggest-spam-networks/ I can speak another time about how easy it was, apparently, for these clever fellows to slip a route object into the RIPE data base which would seem to sanction their routing of the suspect block in question. Regards, rfg
- Previous message (by thread): [anti-abuse-wg] Not Abuse
- Next message (by thread): [anti-abuse-wg] Abuse Police
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]