This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[db-wg] Faked entries in the RIPE db
- Previous message (by thread): [db-wg] Faked entries in the RIPE db
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Job Snijders
job at instituut.net
Tue May 31 12:36:28 CEST 2016
On Tue, May 31, 2016 at 10:21:31AM +0000, Dickinson, Ian wrote:
> There appears to be abuse happening in the RIPE db - presumably to
> allow other online activity to be done with abuse indirection to an
> innocent bystander (e.g. my employer) - all over the last day or
> two...
>
> The specific items I noticed are all inet6num maintained by
> BSKYB-BROADBAND44-MNT, along with BSKYB-BROADBAND44-MNT itself, and
> ORG-BBH4-RIPE and ACRO772-RIPE
> This was due to the fake objects referring to our real role/person objects.
>
> It appears that there are many other faked entries under
> 2a07:7ec0::/29 - pretending to be Deutsche Telekom or Time Warner
> Cable for example. Either that LIR is a bad actor, or their
> maintainer credentials have been 0wned.
>
> This needs to be killed off.
I concur that this looks like a purposefully engineered effort to hide
something.
Review the output of the following command:
$ whois -h whois.ripe.net -- "-M 2a07:7ec0::/29 -T inet6num"
<snip tons of inet6nums>
$ whois -h whois.ripe.net -- "-M 2a07:7ec0::/29 -T inet6num" | grep org-name | sort -u
org-name: ASAHI Net,Inc.
org-name: BSkyB Broadband Hostmaster
org-name: Deutsche Telekom AG
org-name: KPN B.V.
org-name: Orange France S.A.
org-name: Telstra Pty Ltd
org-name: Time Warner Cable LLC
Kind regards,
Job
- Previous message (by thread): [db-wg] Faked entries in the RIPE db
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]