This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] 213.0.0.0/8 and AS12445 (selenebs.it aka "A2A Smart City S.P.A"/Italy)
- Previous message (by thread): [anti-abuse-wg] 213.0.0.0/8 and AS12445 (selenebs.it aka "A2A Smart City S.P.A"/Italy)
- Next message (by thread): [anti-abuse-wg] 213.0.0.0/8 and AS12445 (selenebs.it aka "A2A Smart City S.P.A"/Italy)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Siyuan Miao
siyuan at misaka.io
Sun Apr 7 08:29:15 CEST 2019
Hi Ronald, It seems like a route leak to RIS or something similar like Isolario, rt-bgp.he.net. Neither of its upstream will accept 213.0.0.0/8 so it won't affect the Internet. Regards, Siyuan Miao On Sun, Apr 7, 2019 at 2:16 PM Ronald F. Guilmette <rfg at tristatelogic.com> wrote: > > I guess that I have a lot to learn yet about routing. Maybe some of you > folks will yet again take pity on me and explain this to me. > > From where I am sitting it appears that AS12445 is announcing a route to > all of 213.0.0.0/8. (I only happened to find out about this because, > as it happens there are some spamming inside of 213.0.0.0/8.) > > Anyway, this is my reference source: > > https://bgp.he.net/AS12445#_prefixes > > I did think that I should try to just email the official contacts AS12445 > privately to inquire about this, and so I sent email to all three of > the contact email addresses listed in the RIPE WHOIS record for AS12445, > but as you can all see below, that didn't really work out very well. > > Anyway, this doesn't seem to be such a great idea, security-wise, i.e. to > allow random network to announce routes to entire /8s (or larger) that > don't actually belong to them. > > It is hard for me to tell how long this has been ongoing in the case of > this specific prefix and this specific ASN. If anyone else can illuminate > me regarding that, then I would appreciate it. > > > ------- Forwarded Message > > Return-Path: <> > X-Original-To: rfg at tristatelogic.com > Delivered-To: rfg at tristatelogic.com > Received: by segfault.tristatelogic.com (Postfix) > id 323DF3AFF4; Sat, 6 Apr 2019 22:57:35 -0700 (PDT) > Date: Sat, 6 Apr 2019 22:57:35 -0700 (PDT) > From: MAILER-DAEMON at tristatelogic.com (Mail Delivery System) > Subject: Undelivered Mail Returned to Sender > To: rfg at tristatelogic.com > Auto-Submitted: auto-replied > MIME-Version: 1.0 > Content-Type: multipart/report; report-type=delivery-status; > boundary="8E09A3AEF2.1554616655/segfault.tristatelogic.com" > Message-Id: <20190407055735.323DF3AFF4 at segfault.tristatelogic.com> > > This is a MIME-encapsulated message. > > - --8E09A3AEF2.1554616655/segfault.tristatelogic.com > Content-Description: Notification > Content-Type: text/plain; charset=us-ascii > > This is the mail system at host segfault.tristatelogic.com. > > I'm sorry to have to inform you that your message could not > be delivered to one or more recipients. It's attached below. > > For further assistance, please send mail to postmaster. > > If you do so, please include this problem report. You can > delete your own text from the attached returned message. > > The mail system > > <galasso at selenebs.it>: host > selenebs-it.mail.protection.outlook.com[104.47.10.36] said: 550 5.4.1 > [galasso at selenebs.it]: Recipient address rejected: Access denied > [DB5EUR03FT051.eop-EUR03.prod.protection.outlook.com] (in reply to > RCPT TO > command) > > <gvinetti at selenebs.it>: host > selenebs-it.mail.protection.outlook.com[104.47.10.36] said: 550 5.4.1 > [gvinetti at selenebs.it]: Recipient address rejected: Access denied > [DB5EUR03FT051.eop-EUR03.prod.protection.outlook.com] (in reply to > RCPT TO > command) > > - --8E09A3AEF2.1554616655/segfault.tristatelogic.com > Content-Description: Delivery report > Content-Type: message/delivery-status > > Reporting-MTA: dns; segfault.tristatelogic.com > X-Postfix-Queue-ID: 8E09A3AEF2 > X-Postfix-Sender: rfc822; rfg at tristatelogic.com > Arrival-Date: Sat, 6 Apr 2019 22:57:32 -0700 (PDT) > > Final-Recipient: rfc822; galasso at selenebs.it > Original-Recipient: rfc822;galasso at selenebs.it > Action: failed > Status: 5.4.1 > Remote-MTA: dns; selenebs-it.mail.protection.outlook.com > Diagnostic-Code: smtp; 550 5.4.1 [galasso at selenebs.it]: Recipient address > rejected: Access denied > [DB5EUR03FT051.eop-EUR03.prod.protection.outlook.com] > > Final-Recipient: rfc822; gvinetti at selenebs.it > Original-Recipient: rfc822;gvinetti at selenebs.it > Action: failed > Status: 5.4.1 > Remote-MTA: dns; selenebs-it.mail.protection.outlook.com > Diagnostic-Code: smtp; 550 5.4.1 [gvinetti at selenebs.it]: Recipient address > rejected: Access denied > [DB5EUR03FT051.eop-EUR03.prod.protection.outlook.com] > > - --8E09A3AEF2.1554616655/segfault.tristatelogic.com > Content-Description: Undelivered Message > Content-Type: message/rfc822 > > Return-Path: <rfg at tristatelogic.com> > Received: from segfault-nmh-helo.tristatelogic.com (localhost [127.0.0.1]) > by segfault.tristatelogic.com (Postfix) with ESMTP id 8E09A3AEF2; > Sat, 6 Apr 2019 22:57:32 -0700 (PDT) > From: "Ronald F. Guilmette" <rfg at tristatelogic.com> > To: gvinetti at selenebs.it, galasso at selenebs.it, abuse at selenebs.it > Subject: 213.0.0.0/8 > Date: Sat, 06 Apr 2019 22:57:32 -0700 > Message-ID: <32415.1554616652 at segfault.tristatelogic.com> > > > Greetings, > > I waas wondering if you people could explain to me why your ASN (AS12445) > announcing a route at all of 213.0.0.0/8. > > I don't think that your network has been assigned that entire huge block > of IPv4 addresses or that all of that IPv4 space belongs to you. > > Do you disagree? > > > https://bgp.he.net/AS12445#_prefixes > > > > - --8E09A3AEF2.1554616655/segfault.tristatelogic.com-- > > ------- End of Forwarded Message > > -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/anti-abuse-wg/attachments/20190407/4a2fa57a/attachment.html>
- Previous message (by thread): [anti-abuse-wg] 213.0.0.0/8 and AS12445 (selenebs.it aka "A2A Smart City S.P.A"/Italy)
- Next message (by thread): [anti-abuse-wg] 213.0.0.0/8 and AS12445 (selenebs.it aka "A2A Smart City S.P.A"/Italy)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]