[routing-wg] AS201640

Hi,

On 07/11/14 22:20, Ronald F. Guilmette wrote:
> Hello,
>
> I understand that there may have been some discussion of the rogue
> AS201640 at the WG meeting in London.  For the benefit of those of
> us who were not able to attend that, could someone (anyone) please
> post a brief summary of the WG's discussion of AS201640?  (The
> transcripts do not seem to be available just yet.)
as far as I understand, the WG will talk to the RIPE NCC and request an 
action point from the NCC on whether there is a better way to allow 
creation of route objects in the RIPE Database for IP addresses or AS 
Numbers that are assigned/allocated by an other RIR.
>
>
> Separately and additionally, I have been seeking answers to several
> questions relating to AS201640, mostly on the anti-abuse WG mailing
> list, but I have so far been rather spectacularly unsuccessful at
> obtaining any answers whatsoever to any of these questions.  Given
> that, I hope that no one will mind very much if I put these questions
> here.
>
> (Note:  I am sure that some of these questions only occur to me
> because of my abundant ignorance.  I am admittedly not very
> familiar with RIPE or RIPE NCC operating procedures.  I hope that
> the members of this WG will show me the courtesy of forgiving my
> ignorance and also attempt to remedy it.)
>
>
> +_+_+_+_+_+_+_+_+_
>
> 1)  How was it possible for various IPv4 block WHOIS records to be
> stored in the RIPE WHOIS DB, even though it is quite apparently the
> case that, according to IANA WHOIS records, the IP blocks in question
> do not even belong to the RIPE region?  Is there really no pre-checking
> performed on such records before they are stored in the RIPE data base,
> e.g. to see if the blocks in question belong either to RIPE or to some
> other RiR?
address space allocated by an other RIR can have a route object in the 
RIPE Database.

Usually, for address space and AS Numbers assigned by the RIPE NCC, you 
would need two passwords, the AS password and the IP password. In this 
case, they only needed the AS password as the IP password is public.
>
> 2)  How was it possible for a particular Bulgarian commercial organization
> to be granted its own AS number, when all available evidence seems to
> indicate that it actually had, and has, -zero- IP addresses which are
> actually and properly registered to it?  Is there really no pre-checking
> performed on AS number allocations, e.g. to see if the organization
> requesting the AS has at least some IP addresses?
It had a /24 IPv4 PA assigned by the Sponsoring LIR. That IPv4 PA 
assignment got deleted days after the request for the ASN. That leads me 
to thinking that the Sponsoring LIR (Nettera Ltd from Bulgaria) knew 
exactly what they are doing and helped this spammer get it's own ASN,
>
> 3)  Why are some of the clearly bogus WHOIS records (for IPv4 blocks)
> relating to this incident still present within the RIPE WHOIS DB, even
> as we speak, in particular, these ones?
>
> 41.198.224.0/20
> 119.227.224.0/19
> 105.154.248.0/21
> 210.57.0.0/19
> 202.39.112.0/20
Already responded by Sander, those are route objects that you see.
>
> Is anyone anywhere still harboring *any* lingering doubt about the fact
> that these are all quite plainly bogus?  If not, then why have these
> records not already been removed from the WHOIS data base?
Because this is private data maintained by a maintainer and removing 
that data can only be done by that maintainer.
>
> 4)  Why is AS201640 still registered, as we speak?
good question.. it's probably because the request of the ASN has never 
been fraudulent. As far as I know, there is a ticket opened with the 
RIPE NCC asking them to investigate if the ASN assignment request has 
been in order. As it has been more than two months since that ticket was 
opened, I presume they have found nothing fraudulent.
>
> 5)  Without reference to any specific incident, AS, legal entity, or any
> other specifics, I have the following very general question:
>
> With respect to the contracts that RIPE enters into with those parties for
> whom RIPE provides registration services of *AS numbers*, specifically,
> are the terms and conditions of those contracts adequate and sufficient
> to strongly deter any and all AS registrants from deliberately and
> willfully announcing routes to IP space to which neither they nor any
> of their direct or indirect customers have any legitimate claim?
how do you demonstrate that something has been deliberate and not just 
some fat fingering (typoes)?
> +_+_+_+_+_+_
>
> I look forward to the WG's responses to the above questions.
>
cheers,
elvis