<div dir="ltr">what their up stream say</div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Oct 29, 2015 at 12:53 PM, furio ercolessi <span dir="ltr"><<a href="mailto:furio+as@spin.it" target="_blank">furio+as@spin.it</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Just in case someone is not aware of this and is interested,<br>
AS200439 is actively engaged in announcing unallocated APNIC IP ranges<br>
and using them to pump out spam.<br>
<br>
Excerpt from <a href="http://bgp.he.net/AS200439#_bogons" rel="noreferrer" target="_blank">http://bgp.he.net/AS200439#_bogons</a> :<br>
<br>
Bogon Prefixes<br>
<br>
# Prefix Type<br>
1 <a href="http://103.9.132.0/22" rel="noreferrer" target="_blank">103.9.132.0/22</a> unallocated<br>
2 <a href="http://103.10.44.0/22" rel="noreferrer" target="_blank">103.10.44.0/22</a> unallocated<br>
3 <a href="http://103.10.172.0/22" rel="noreferrer" target="_blank">103.10.172.0/22</a> unallocated<br>
4 <a href="http://103.10.236.0/22" rel="noreferrer" target="_blank">103.10.236.0/22</a> unallocated<br>
5 <a href="http://103.11.0.0/22" rel="noreferrer" target="_blank">103.11.0.0/22</a> unallocated<br>
6 <a href="http://103.20.68.0/22" rel="noreferrer" target="_blank">103.20.68.0/22</a> unallocated<br>
7 <a href="http://103.21.8.0/22" rel="noreferrer" target="_blank">103.21.8.0/22</a> unallocated<br>
8 <a href="http://103.21.236.0/22" rel="noreferrer" target="_blank">103.21.236.0/22</a> unallocated<br>
9 <a href="http://103.22.140.0/22" rel="noreferrer" target="_blank">103.22.140.0/22</a> unallocated<br>
10 <a href="http://103.22.204.0/22" rel="noreferrer" target="_blank">103.22.204.0/22</a> unallocated<br>
11 <a href="http://103.22.244.0/22" rel="noreferrer" target="_blank">103.22.244.0/22</a> unallocated<br>
12 <a href="http://103.23.204.0/22" rel="noreferrer" target="_blank">103.23.204.0/22</a> unallocated<br>
13 <a href="http://103.25.120.0/22" rel="noreferrer" target="_blank">103.25.120.0/22</a> unallocated<br>
14 <a href="http://103.26.76.0/22" rel="noreferrer" target="_blank">103.26.76.0/22</a> unallocated<br>
15 <a href="http://160.19.228.0/22" rel="noreferrer" target="_blank">160.19.228.0/22</a> unallocated<br>
16 <a href="http://160.20.16.0/22" rel="noreferrer" target="_blank">160.20.16.0/22</a> unallocated<br>
17 <a href="http://160.20.36.0/22" rel="noreferrer" target="_blank">160.20.36.0/22</a> unallocated<br>
18 <a href="http://160.20.76.0/22" rel="noreferrer" target="_blank">160.20.76.0/22</a> unallocated<br>
19 <a href="http://160.20.104.0/22" rel="noreferrer" target="_blank">160.20.104.0/22</a> unallocated<br>
20 <a href="http://163.227.216.0/22" rel="noreferrer" target="_blank">163.227.216.0/22</a> unallocated<br>
21 <a href="http://203.148.88.0/22" rel="noreferrer" target="_blank">203.148.88.0/22</a> unallocated<br>
22 <a href="http://203.160.132.0/22" rel="noreferrer" target="_blank">203.160.132.0/22</a> unallocated<br>
23 <a href="http://203.176.124.0/22" rel="noreferrer" target="_blank">203.176.124.0/22</a> unallocated<br>
24 <a href="http://203.189.248.0/22" rel="noreferrer" target="_blank">203.189.248.0/22</a> unallocated<br>
25 <a href="http://203.189.252.0/22" rel="noreferrer" target="_blank">203.189.252.0/22</a> unallocated<br>
26 <a href="http://203.190.32.0/22" rel="noreferrer" target="_blank">203.190.32.0/22</a> unallocated<br>
27 <a href="http://203.212.28.0/22" rel="noreferrer" target="_blank">203.212.28.0/22</a> unallocated<br>
28 <a href="http://203.217.164.0/22" rel="noreferrer" target="_blank">203.217.164.0/22</a> unallocated<br>
29 <a href="http://220.247.132.0/22" rel="noreferrer" target="_blank">220.247.132.0/22</a> unallocated<br>
30 <a href="http://223.25.252.0/22" rel="noreferrer" target="_blank">223.25.252.0/22</a> unallocated<br>
<br>
These gentlemen appear to be a relatively new LIR, less than<br>
4 months old.<br>
<br>
Without doubt the activity is some terrible mistake caused by<br>
a young sysop that will be fired on the spot, but the possibility<br>
that their BGP equipment has been hacked or had a virus inside<br>
should obviously also considered.<br>
<br>
aut-num: AS200439<br>
as-name: STADIS-LLC-AS<br>
descr: LLC Stadis<br>
org: ORG-LS213-RIPE<br>
sponsoring-org: ORG-TL122-RIPE<br>
import: from AS35297 accept ANY<br>
export: to AS35297 announce AS200439<br>
import: from AS12695 accept ANY<br>
export: to AS12695 announce AS200439<br>
admin-c: SO3128-RIPE<br>
import: from AS58271 accept ANY<br>
export: to AS58271 announce AS200439<br>
tech-c: SO3128-RIPE<br>
remarks: For information on "status:" attribute read <a href="https://www.ripe.net/data-tools/db/faq/faq-status-values-legacy-resources" rel="noreferrer" target="_blank">https://www.ripe.net/data-tools/db/faq/faq-status-values-legacy-resources</a><br>
status: ASSIGNED<br>
mnt-by: RIPE-NCC-END-MNT<br>
mnt-by: STADIS-MNT<br>
mnt-routes: STADIS-MNT<br>
created: 2015-07-03T08:34:46Z<br>
last-modified: 2015-07-20T17:23:57Z<br>
source: RIPE # Filtered<br>
<br>
organisation: ORG-LS213-RIPE<br>
org-name: LLC Stadis<br>
org-type: OTHER<br>
address: Russia, Ekaterinburg, str. A.Valeka 13, office 401<br>
mnt-ref: STADIS-MNT<br>
mnt-by: STADIS-MNT<br>
created: 2015-07-01T11:18:09Z<br>
last-modified: 2015-07-01T11:18:09Z<br>
source: RIPE # Filtered<br>
<span class="HOEnZb"><font color="#888888"><br>
furio<br>
<br>
<br>
</font></span></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><div>--<br>Kind regards.<br>Lu<br><br></div></div></div>
</div>