This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[routing-wg] Delivery Status Notification (Delay)

Previous message (by thread): [routing-wg] AS34991 -- hijacked
Next message (by thread): [routing-wg] Delivery Status Notification (Delay)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
a61ec514 at opayq.com a61ec514 at opayq.com
Wed Jun 7 13:22:38 CEST 2017
** Delivery incomplete **

There was a temporary problem delivering your message to curtiskwong9 at gmail.com. Gmail will retry for 46 more hours. You'll be notified if the delivery fails permanently.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: </ripe/mail/archives/routing-wg/attachments/20170607/4875bf24/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: icon.png
Type: image/png
Size: 3910 bytes
Desc: not available
URL: </ripe/mail/archives/routing-wg/attachments/20170607/4875bf24/attachment.png>
-------------- next part --------------
;
        Tue, 06 Jun 2017 03:00:18 -0700 (PDT)
ARC-Seal: i=3D1; a=3Drsa-sha256; t=3D1496743218; cv=3Dnone;
        d=3Dgoogle.com; s=3Darc-20160816;
        b=3DlhTa3+xkSnhP7rYA90jzrHnTgtCoahkcD95972KwIJS0CAR+RbAVuwTVL1eSW5M=
mqN
         M+rXuPPUAdfgYWLhqieOiGN9cQnUFnaD5GcRgfTe4xhpta7/KRHvMwbfrZmntwjJSD=
PZ
         q2t70GytBJQXC9ITaEMVNP1rUqZn8x6MyI//+PdD3hVG7SRAGoC0N60TpJfNWmqn1Z=
HR
         QdBI4eCfwLEbd8/HdJ1BJqD84YnUzO/9UySBCeS6VZrqaoQ9t4wLTeik4eaNPR2Yji=
/b
         cn6KB9JqSl/MGv48WrMlHcjhnFtJMLcsROQrtWTguLbwDlG1krXSnGRlXq/DQerw6D=
6J
         QvGA=3D=3D
ARC-Message-Signature: i=3D1; a=3Drsa-sha256; c=3Drelaxed/relaxed; d=3Dgoog=
le.com; s=3Darc-20160816;
        h=3Dlist-subscribe:list-help:list-post:list-archive:list-unsubscrib=
e
         :list-unsubscribe:list-id:precedence:message-id:date:subject:to
         :reply-to:sender:from:content-transfer-encoding:mime-version
         :dkim-signature:delivery-date:arc-authentication-results;
        bh=3DUnJqZUxWS1M0ZHRJNnSMH0By/nCNL/IKEQ97yDwKao4=3D;
        b=3DC0ZXUVe/1Nyl19musv9zzZXNsY/N5mb4EFZJxJ8geA05xeQwp7eVI9xqbOW3cwg=
4Yh
         dM8gRTZGwFG6orHfWhRs36djRrsCec33tkazlcYuIZXecVC9gCK/kHMDA2kyp+6w7b=
HU
         31GUf430u/P6FPC06xI1K1XzK5LqeFualKr5BxusHx+4L5KvN/M+UwKZai6AvrPLHl=
So
         KHPCqqfBLESVJlOAhFJ/u20PFR6AaZPiEZe7GkbL+Oja5Wv9QGwKEq44ApcRUrrw0f=
bf
         yi0yoeAc49IQOI8t2sgIOJO+PXFWVmgFRqgfNJKNBFhktolkG7KlTugbCIf9v2Eqi8=
jW
         PxgA=3D=3D
ARC-Authentication-Results: i=3D1; mx.google.com;
       dkim=3Dpass header.i=3D at opayq.com;
       spf=3Dpass (google.com: domain of fwd-737qty3mjnahycmahmtrqnsas4ocaf=
ruacibjyb2hmykafzaimqgyiqz2agiafncibgcaiaaea=3D=3D=3D=3D=3D=3D at opayq.com de=
signates 184.105.182.156 as permitted sender) smtp.mailfrom=3DFWD-737QTY3MJ=
NAHYCMAHMTRQNSAS4OCAFRUACIBJYB2HMYKAFZAIMQGYIQZ2AGIAFNCIBGCAIAAEA=3D=3D=3D=
=3D=3D=3D at opayq.com;
       dmarc=3Dpass (p=3DNONE sp=3DNONE dis=3DNONE) header.from=3Dopayq.com
Return-Path: <FWD-737QTY3MJNAHYCMAHMTRQNSAS4OCAFRUACIBJYB2HMYKAFZAIMQGYIQZ2=
AGIAFNCIBGCAIAAEA=3D=3D=3D=3D=3D=3D at opayq.com>
Received: from opayq-out-06.junkemailfilter.com (opayq-out-06.junkemailfilt=
er.com. [184.105.182.156])
        by mx.google.com with ESMTPS id r24si7383460pgn.25.2017.06.06.03.00=
.18
        for <curtiskwong9 at gmail.com>
        (version=3DTLS1_2 cipher=3DECDHE-RSA-AES128-GCM-SHA256 bits=3D128/1=
28);
        Tue, 06 Jun 2017 03:00:18 -0700 (PDT)
Received-SPF: pass (google.com: domain of fwd-737qty3mjnahycmahmtrqnsas4oca=
fruacibjyb2hmykafzaimqgyiqz2agiafncibgcaiaaea=3D=3D=3D=3D=3D=3D at opayq.com d=
esignates 184.105.182.156 as permitted sender) client-ip=3D184.105.182.156;
Authentication-Results: mx.google.com;
       dkim=3Dpass header.i=3D at opayq.com;
       spf=3Dpass (google.com: domain of fwd-737qty3mjnahycmahmtrqnsas4ocaf=
ruacibjyb2hmykafzaimqgyiqz2agiafncibgcaiaaea=3D=3D=3D=3D=3D=3D at opayq.com de=
signates 184.105.182.156 as permitted sender) smtp.mailfrom=3DFWD-737QTY3MJ=
NAHYCMAHMTRQNSAS4OCAFRUACIBJYB2HMYKAFZAIMQGYIQZ2AGIAFNCIBGCAIAAEA=3D=3D=3D=
=3D=3D=3D at opayq.com;
       dmarc=3Dpass (p=3DNONE sp=3DNONE dis=3DNONE) header.from=3Dopayq.com
Delivery-date: Tue, 06 Jun 2017 03:00:18 -0700
Received: from smtp2.opayq.com ([54.235.124.91]:58910) helo=3D[54.235.124.9=
1]
	by opayq-outbound.junkemailfilter.com with esmtps (TLSv1.2:AES256-SHA256:2=
56)
	(Exim 4.89)
	id 1dIBHe-0005lA-2u on interface=3D184.105.182.150
	for curtiskwong9 at gmail.com; Tue, 06 Jun 2017 03:00:18 -0700
DKIM-Signature: v=3D1; d=3Dopayq.com; t=3D1496743216; b=3DA+ZtHuumOAnm6livs=
mQ0mqLLE2SK0Z6Yd48DCLPbw4fmD+vVVaHCrQ2vvEdp+bq7f+i+mkWd+bk1d0DXpjrU44yVjKgy=
Wkcf2eueM8KAPIjWP8rLyBNTmkWzCc0tpcwjJ87sSFzslV8lkien3fyUijlxCSaVJYvdGYVsOe0=
aE+g=3D; s=3Dabine; c=3Drelaxed/relaxed; a=3Drsa-sha256; bh=3DUnJqZUxWS1M0Z=
HRJNnSMH0By/nCNL/IKEQ97yDwKao4=3D; h=3DDate:From:Reply-To:Subject:To:List-U=
nsubscribe;
MIME-Version: 1.0
Content-Type: text/plain; charset=3D"us-ascii"
Content-Transfer-Encoding: 7bit
X-GetAbine-Processed: 1
From: "ripe.net [Masked]" <FWD-737QTY3MJNAHYCMAHMTRQNSAS4OCAFRUACIBJYB2HMYK=
AFZAIMQGYIQZ2AGIAFNCIBGCAIAAEA=3D=3D=3D=3D=3D=3D at opayq.com>
Sender: "ripe.net [Masked]" <FWD-737QTY3MJNAHYCMAHMTRQNSAS4OCAFRUACIBJYB2HM=
YKAFZAIMQGYIQZ2AGIAFNCIBGCAIAAEA=3D=3D=3D=3D=3D=3D at opayq.com>
Reply-To:=20
	FWD-737QTY3MJNAHYCMAHMTRQNSAS4OCAFRUACIBJYB2HMYKAFZAIMQGYIQZ2AGIAFNCIBGCAI=
AAEA=3D=3D=3D=3D=3D=3D at opayq.com
To: a61ec514 at opayq.com
X-GetAbine-Sender: routing-wg-bounces at ripe.net
X-GetAbine-Disposable: a61ec514 at opayq.com
X-GetAbine-Host-Address: 54.235.124.91
Subject: routing-wg Digest, Vol 70, Issue 2
Date: Tue, 06 Jun 2017 12:00:02 +0200
Message-ID: <mailman.17.1496743202.21548.routing-wg at ripe.net>
X-BeenThere: routing-wg at ripe.net
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: RIPE Routing Working Group <routing-wg.ripe.net>
List-Unsubscribe: <https://lists.ripe.net/mailman/options/routing-wg>,
 <mailto:routing-wg-request at ripe.net?subject=3Dunsubscribe>
List-Unsubscribe: <mailto:unsubscribe-1334138444-a61ec514 at opayq.com>, <http=
s://emails.abine.com/disableDisposable?fwd=3DFWD-737QTY3MJNAHYCMAHMTRQNSAS4=
OCAFRUACIBJYB2HMYKAFZAIMQGYIQZ2AGIAFNCIBGCAIAAEA=3D=3D=3D=3D=3D=3D at opayq.co=
m>
List-Archive: <https://lists.ripe.net/ripe/mail/archives/routing-wg/>
List-Post: <mailto:routing-wg at ripe.net>
List-Help: <mailto:routing-wg-request at ripe.net?subject=3Dhelp>
List-Subscribe: <https://mailman.ripe.net/>,
 <mailto:routing-wg-request at ripe.net?subject=3Dsubscribe>
X-ACL-Warn: Delaying message
X-RIPE-Spam-Level: -------
X-RIPE-Spam-Report: Spam Total Points:   -7.5 points
  pts rule name              description
 ---- ---------------------- ------------------------------------
 -7.5 ALL_TRUSTED            Passed through trusted hosts only via SMTP
X-RIPE-Signature: 72fc7cbcf996e20927a5a01bc5571c7b6c3f473e3ee605d3722d70187=
58a3064
X-Sender-Domain: ripe.net
X-Spamfilter-host: plato.junkemailfilter.com - http://www.junkemailfilter.c=
om
X-Key-ID: YTYxZWM1MTRAb3BheXEuY29tIHJvdXRpbmctd2ctYm91bmNlc0ByaXBlLm5ldCAyM=
DE3LTA2LTA2IDAzOjAwOjExIDFkSUJIWC0wMDA0cVYtMGs=3D
X-Content-flags: chance contact email-adr equalspace https ip-address link =
optout phone-num please re register request success time-ref unsubscribe=20
X-Domain-list: ripe.net opayq.com
X-Mail-from: routing-wg-bounces at ripe.net
X-Sender-Host-Address: 193.0.19.114
X-Sender-Host-Name: mahimahi.ripe.net
X-Key-ID: Y3VydGlza3dvbmc5QGdtYWlsLmNvbSBmd2QtNzM3cXR5M21qbmFoeWNtYWhtdHJxb=
nNhczRvY2FmcnVhY2lianliMmhteWthZnphaW1xZ3lpcXoyYWdpYWZuY2liZ2NhaWFhZWE9PT09=
PT1Ab3BheXEuY29tIDIwMTctMDYtMDYgMDM6MDA6MTggMWRJQkhlLTAwMDVsQS0ydQ=3D=3D


-------------------------Blur-------------------------
This email is forwarded from a MASKED EMAIL you created using Blur.  (https=
://dnt.abine.com/#help/faq/faq-whataremaskedemails).
IF THIS IS SPAM, CLICK HERE TO BLOCK:
https://dnt.abine.com/#/block_email/[email protected]/FWD-737QTY3MJNAHYCMA=
HMTRQNSAS4OCAFRUACIBJYB2HMYKAFZAIMQGYIQZ2AGIAFNCIBGCAIAAEA=3D=3D=3D=3D=3D=
=3D at opayq.com

Want to shop safely and privately online? Go Premium: https://dnt.abine.com=
/?pk_campaign=3DmaskHeader#premium
-------------------------by Abine-------------------------


Send routing-wg mailing list submissions to
	routing-wg at ripe.net

To subscribe or unsubscribe via the World Wide Web, visit
	https://mailman.ripe.net/
or, via email, send a message with subject or body 'help' to
	routing-wg-request at ripe.net

You can reach the person managing the list at
	routing-wg-owner at ripe.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of routing-wg digest..."


Today's Topics:

   1. AS34991 -- hijacked (Ronald F. Guilmette)


----------------------------------------------------------------------

Message: 1
Date: Tue, 06 Jun 2017 01:40:58 -0700
From: "Ronald F. Guilmette" <rfg at tristatelogic.com>
To: anti-abuse-wg at ripe.net, db-wg at ripe.net, routing-wg at ripe.net,
	connect-wg at ripe.net
Subject: [routing-wg] AS34991 -- hijacked
Message-ID: <93070.1496738458 at segfault.tristatelogic.com>


Is there any chance that any of you might be persuaded to have a
word or two with either or both of the upstreams for AS34991,
specifically with respect to the fact that that whole and entire AS
has quite obviously been hijacked, and that it is currently being
used and abused to announce a total of 20 completely and transparently
bogus routes into various bits of IPv4 space that are allocated to
various parties within the nation of Columbia, including but not
limited to the National University thereof?

I have already attempted to make contact with both upstreams in this
case with no success and no reply so far, perhaps because I am not
a european, or perhaps because I myself am not a network operator,
or perhaps because I do not speak (or write) bulgarian.

Below is a listing of the currently hijacked routes.  Please note that
the hijacker in this case quite obviously planned this all, quite
carefully, and in advance of the actual hijackings, and he tried
(and succeded!) to effectively legitimize all of these bogus route
announcement via the simple and easy ruse of also pre-creating a set
of matching, and equally bogus route objects within the RIPE data base.
(As I learned the last time a case like this came up, the RIPE community,
in its infinite wisdom, had made it so easy to create such route objects
in the data base, with no authority or authorization whatsoever, that
any baboon with a keyboard and a pulse may easily do so.)

Of course, as the more observant among you may note, the domain name
used for the contact email address for AS34991 has recently been
re-registered, presumably after having lapsed.  This indicates rather
clearly, I think, that it is not merely the IPv4 blocks listed below
that have been and are being hijacked, but also the AS34991 ASN itself.


covfefe


P.S.  For the record, yes, some of the hijacked blocks in this case have
already been sub-leased out to snowshoe spammers, and are being actively
used for snowshoe spamming as we speak.

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
152.204.132.0/24 -- Columbia
152.204.133.0/24 -- Columbia
152.231.25.0/24 -- Columbia
152.231.28.0/24 -- Columbia
168.176.187.0/24 -- Columbia, National University of
168.176.192.0/24 -- Columbia, National University of
168.176.194.0/24 -- Columbia, National University of
168.176.218.0/24 -- Columbia, National University of
168.176.219.0/24 -- Columbia, National University of
179.1.71.0/24 -- Columbia
181.57.40.0/24 -- Columbia
186.113.13.0/24 -- Columbia
186.113.15.0/24 -- Columbia
186.147.230.0/24 --=20
----- Message truncated -----
Previous message (by thread): [routing-wg] AS34991 -- hijacked
Next message (by thread): [routing-wg] Delivery Status Notification (Delay)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ routing-wg Archives ]