This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
[db-wg] Getting fraudulent entries removed
- Previous message (by thread): [db-wg] Getting fraudulent entries removed
- Next message (by thread): [db-wg] Clean up unreferenced maintainers (after 90 days)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Bengt Gördén
bengan at resilans.se
Thu Nov 9 18:21:23 CET 2017
Den 2017-11-09 kl. 17:22, skrev Brian Rak via db-wg: > Hi, > > We've run into an issue where an unknown malicious party appears to > have hijacked some of our IP space. They created entries in the RIPE > database that they are using to actually get this space announced. > What's even worse is their carrier is trying to say these > announcements are legitimate because they have IRR entries (which is a > whole other issue) > > What is the process like for actually getting this fraudulent entry > removed? I've been in contact with RIPE NCC Support, and they have > been super unhelpful (ref case #14523) > > The fraudulent entry is: > > https://apps.db.ripe.net/search/lookup.html?source=ripe&key=198.13.32.0/19AS39967&type=route > > > route: 198.13.32.0/19 > descr: 2nd route > origin: AS39967 > mnt-by: ADMASTER-MNT > created: 2017-10-13T00:20:08Z > last-modified: 2017-10-13T00:20:08Z > source: RIPE > > I should also note that this ASN suspiciously appears to be announcing > other people's space as well, but I can only confirm that this > particular entry does not belong. I would suspect that their other > IRR entries are fake as well. > > You can verify my request by reaching out to any of the POCs > associated with this network: > https://whois.arin.net/rest/net/NET-198-13-32-0-1 > > Thanks, > Brian Rak > > It seems that at least 4 ASes has announced this prefix (both /19 and /20) this year. https://stat.ripe.net/widget/routing-history#w.resource=198.13.32.0%2F19 -- Bengt Gördén Resilans AB
- Previous message (by thread): [db-wg] Getting fraudulent entries removed
- Next message (by thread): [db-wg] Clean up unreferenced maintainers (after 90 days)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]