This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] AS47510 & AS35555 -- Bogon ASNs routing Bogon IPv4 space
- Previous message (by thread): [anti-abuse-wg] AS47510 & AS35555 -- Bogon ASNs routing Bogon IPv4 space
- Next message (by thread): [anti-abuse-wg] AS47510 & AS35555 -- Bogon ASNs routing Bogon IPv4 space
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
furio ercolessi
furio+as at spin.it
Sat Dec 5 01:35:08 CET 2020
On Fri, Dec 04, 2020 at 02:57:34PM -0800, Ronald F. Guilmette wrote: > I have just received a spam which has a so-called "payload" URL which > the spammer wants me to visit, apparently so that I can be sold some > male performance drugs of dubious origin. > > The domain part of the URL resolves to the IPv4 address 217.8.117.98. > > That address lies within a pair of bogon (unallocated) IPv4 address > blocks, 217.8.116.0/24 and 217.8.117.0/24, that are both being routed > by a common ASN, i.e. AS47510. > > https://bgp.he.net/AS47510#_prefixes > > It appears that AS47510 is itself an unallocated bogon at the present > time: > > https://bgp.he.net/AS47510#_asinfo > > As can be readily seen at the above link, AS47510 is peering with only > two other ASNs, i.e. AS29226 - JSC Mastertel (Russia) and AS35555 - > Crex Fex Pex Internet System Solutions" LLC. > > The latter ASN, AS35555 also appears to be an unallocated bogon ASN > at the present time. Nontheless, that does not appear to be preventing > it from peering with yet another Russian network, AS213254 - OOO Rait > Telecom: > > https://bgp.he.net/AS35555 If you look at the previous whois - https://ipinfo.io/AS35555 still has a copy - you may notice that they had published a bunch of "user at spamhaus.org" addresses in "remarks:" field, which I suppose does not go very well with privacy laws and GDPR and is not an acceptable usage of the RIPE database. You may also find it interesting that, after running out of ASNs, they are currently announcing 217.8.117.0/24 from AS1214, an ASN in ARIN space ("Coloexchange") that had been entirely dormant (no announces) since January 2011 according to stat.ripe.net. It is somewhat suspect that an ASN of a US company without a web site comes back to life after almost 10 years of silence exclusively to announce a /24 in russian space, through a russian ISP. > It would be Nice, in my opinion, if someone who speaks Russian could > make contact with the operators of AS29226 and AS213254 and respectfully > suggest to them that they should cease peering with bogon ASNs, such as > AS47510 and AS35555, including but not limited to bogon ASNs that are > at present routing bogon IPv4 address space. AS29226 is again involved, as they are the "AS1214" upstream. regards, furio > P.S. It appears that the company "Crex Fex Pex Internet System Solutions, > LLC" which was the former owner of AS47510 and AS35555 and also AS60031 > was a Russian entity, and one that most likely no longer qualifies as > what one would call a "going concern": > > https://crex-fex-pex.ru/ > >
- Previous message (by thread): [anti-abuse-wg] AS47510 & AS35555 -- Bogon ASNs routing Bogon IPv4 space
- Next message (by thread): [anti-abuse-wg] AS47510 & AS35555 -- Bogon ASNs routing Bogon IPv4 space
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]