[anti-abuse-wg] 213.0.0.0/8 and AS12445 (selenebs.it aka "A2A Smart City S.P.A"/Italy)

Hi Ronald,

It seems like a route leak to RIS or something similar like Isolario,
rt-bgp.he.net.

Neither of its upstream will accept 213.0.0.0/8 so it won't affect the
Internet.

Regards,
Siyuan Miao



On Sun, Apr 7, 2019 at 2:16 PM Ronald F. Guilmette <rfg at tristatelogic.com>
wrote:

>
> I guess that I have a lot to learn yet about routing.  Maybe some of you
> folks will yet again take pity on me and explain this to me.
>
> From where I am sitting it appears that AS12445 is announcing a route to
> all of 213.0.0.0/8.  (I only happened to find out about this because,
> as it happens there are some spamming inside of 213.0.0.0/8.)
>
> Anyway, this is my reference source:
>
>     https://bgp.he.net/AS12445#_prefixes
>
> I did think that I should try to just email the official contacts AS12445
> privately to inquire about this, and so I sent email to all three of
> the contact email addresses listed in the RIPE WHOIS record for AS12445,
> but as you can all see below, that didn't really work out very well.
>
> Anyway, this doesn't seem to be such a great idea, security-wise, i.e. to
> allow random network to announce routes to entire /8s (or larger) that
> don't actually belong to them.
>
> It is hard for me to tell how long this has been ongoing in the case of
> this specific prefix and this specific ASN.  If anyone else can illuminate
> me regarding that, then I would appreciate it.
>
>
> ------- Forwarded Message
>
> Return-Path: <>
> X-Original-To: rfg at tristatelogic.com
> Delivered-To: rfg at tristatelogic.com
> Received: by segfault.tristatelogic.com (Postfix)
>         id 323DF3AFF4; Sat,  6 Apr 2019 22:57:35 -0700 (PDT)
> Date: Sat,  6 Apr 2019 22:57:35 -0700 (PDT)
> From: MAILER-DAEMON at tristatelogic.com (Mail Delivery System)
> Subject: Undelivered Mail Returned to Sender
> To: rfg at tristatelogic.com
> Auto-Submitted: auto-replied
> MIME-Version: 1.0
> Content-Type: multipart/report; report-type=delivery-status;
>         boundary="8E09A3AEF2.1554616655/segfault.tristatelogic.com"
> Message-Id: <20190407055735.323DF3AFF4 at segfault.tristatelogic.com>
>
> This is a MIME-encapsulated message.
>
> - --8E09A3AEF2.1554616655/segfault.tristatelogic.com
> Content-Description: Notification
> Content-Type: text/plain; charset=us-ascii
>
> This is the mail system at host segfault.tristatelogic.com.
>
> I'm sorry to have to inform you that your message could not
> be delivered to one or more recipients. It's attached below.
>
> For further assistance, please send mail to postmaster.
>
> If you do so, please include this problem report. You can
> delete your own text from the attached returned message.
>
>                    The mail system
>
> <galasso at selenebs.it>: host
>     selenebs-it.mail.protection.outlook.com[104.47.10.36] said: 550 5.4.1
>     [galasso at selenebs.it]: Recipient address rejected: Access denied
>     [DB5EUR03FT051.eop-EUR03.prod.protection.outlook.com] (in reply to
> RCPT TO
>     command)
>
> <gvinetti at selenebs.it>: host
>     selenebs-it.mail.protection.outlook.com[104.47.10.36] said: 550 5.4.1
>     [gvinetti at selenebs.it]: Recipient address rejected: Access denied
>     [DB5EUR03FT051.eop-EUR03.prod.protection.outlook.com] (in reply to
> RCPT TO
>     command)
>
> - --8E09A3AEF2.1554616655/segfault.tristatelogic.com
> Content-Description: Delivery report
> Content-Type: message/delivery-status
>
> Reporting-MTA: dns; segfault.tristatelogic.com
> X-Postfix-Queue-ID: 8E09A3AEF2
> X-Postfix-Sender: rfc822; rfg at tristatelogic.com
> Arrival-Date: Sat,  6 Apr 2019 22:57:32 -0700 (PDT)
>
> Final-Recipient: rfc822; galasso at selenebs.it
> Original-Recipient: rfc822;galasso at selenebs.it
> Action: failed
> Status: 5.4.1
> Remote-MTA: dns; selenebs-it.mail.protection.outlook.com
> Diagnostic-Code: smtp; 550 5.4.1 [galasso at selenebs.it]: Recipient address
>     rejected: Access denied
>     [DB5EUR03FT051.eop-EUR03.prod.protection.outlook.com]
>
> Final-Recipient: rfc822; gvinetti at selenebs.it
> Original-Recipient: rfc822;gvinetti at selenebs.it
> Action: failed
> Status: 5.4.1
> Remote-MTA: dns; selenebs-it.mail.protection.outlook.com
> Diagnostic-Code: smtp; 550 5.4.1 [gvinetti at selenebs.it]: Recipient address
>     rejected: Access denied
>     [DB5EUR03FT051.eop-EUR03.prod.protection.outlook.com]
>
> - --8E09A3AEF2.1554616655/segfault.tristatelogic.com
> Content-Description: Undelivered Message
> Content-Type: message/rfc822
>
> Return-Path: <rfg at tristatelogic.com>
> Received: from segfault-nmh-helo.tristatelogic.com (localhost [127.0.0.1])
>         by segfault.tristatelogic.com (Postfix) with ESMTP id 8E09A3AEF2;
>         Sat,  6 Apr 2019 22:57:32 -0700 (PDT)
> From: "Ronald F. Guilmette" <rfg at tristatelogic.com>
> To: gvinetti at selenebs.it, galasso at selenebs.it, abuse at selenebs.it
> Subject: 213.0.0.0/8
> Date: Sat, 06 Apr 2019 22:57:32 -0700
> Message-ID: <32415.1554616652 at segfault.tristatelogic.com>
>
>
> Greetings,
>
> I waas wondering if you people could explain to me why your ASN (AS12445)
> announcing a route at all of 213.0.0.0/8.
>
> I don't think that your network has been assigned that entire huge block
> of IPv4 addresses or that all of that IPv4 space belongs to you.
>
> Do you disagree?
>
>
> https://bgp.he.net/AS12445#_prefixes
>
>
>
> - --8E09A3AEF2.1554616655/segfault.tristatelogic.com--
>
> ------- End of Forwarded Message
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </ripe/mail/archives/anti-abuse-wg/attachments/20190407/4a2fa57a/attachment.html>