This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/routing-wg@ripe.net/
[routing-wg] Delivery Status Notification (Delay)
- Previous message (by thread): [routing-wg] AS34991 -- hijacked
- Next message (by thread): [routing-wg] Delivery Status Notification (Delay)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
a61ec514 at opayq.com
a61ec514 at opayq.com
Wed Jun 7 13:22:38 CEST 2017
** Delivery incomplete ** There was a temporary problem delivering your message to curtiskwong9 at gmail.com. Gmail will retry for 46 more hours. You'll be notified if the delivery fails permanently. -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/routing-wg/attachments/20170607/4875bf24/attachment.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: icon.png Type: image/png Size: 3910 bytes Desc: not available URL: </ripe/mail/archives/routing-wg/attachments/20170607/4875bf24/attachment.png> -------------- next part -------------- ; Tue, 06 Jun 2017 03:00:18 -0700 (PDT) ARC-Seal: i=3D1; a=3Drsa-sha256; t=3D1496743218; cv=3Dnone; d=3Dgoogle.com; s=3Darc-20160816; b=3DlhTa3+xkSnhP7rYA90jzrHnTgtCoahkcD95972KwIJS0CAR+RbAVuwTVL1eSW5M= mqN M+rXuPPUAdfgYWLhqieOiGN9cQnUFnaD5GcRgfTe4xhpta7/KRHvMwbfrZmntwjJSD= PZ q2t70GytBJQXC9ITaEMVNP1rUqZn8x6MyI//+PdD3hVG7SRAGoC0N60TpJfNWmqn1Z= HR QdBI4eCfwLEbd8/HdJ1BJqD84YnUzO/9UySBCeS6VZrqaoQ9t4wLTeik4eaNPR2Yji= /b cn6KB9JqSl/MGv48WrMlHcjhnFtJMLcsROQrtWTguLbwDlG1krXSnGRlXq/DQerw6D= 6J QvGA=3D=3D ARC-Message-Signature: i=3D1; a=3Drsa-sha256; c=3Drelaxed/relaxed; d=3Dgoog= le.com; s=3Darc-20160816; h=3Dlist-subscribe:list-help:list-post:list-archive:list-unsubscrib= e :list-unsubscribe:list-id:precedence:message-id:date:subject:to :reply-to:sender:from:content-transfer-encoding:mime-version :dkim-signature:delivery-date:arc-authentication-results; bh=3DUnJqZUxWS1M0ZHRJNnSMH0By/nCNL/IKEQ97yDwKao4=3D; b=3DC0ZXUVe/1Nyl19musv9zzZXNsY/N5mb4EFZJxJ8geA05xeQwp7eVI9xqbOW3cwg= 4Yh dM8gRTZGwFG6orHfWhRs36djRrsCec33tkazlcYuIZXecVC9gCK/kHMDA2kyp+6w7b= HU 31GUf430u/P6FPC06xI1K1XzK5LqeFualKr5BxusHx+4L5KvN/M+UwKZai6AvrPLHl= So KHPCqqfBLESVJlOAhFJ/u20PFR6AaZPiEZe7GkbL+Oja5Wv9QGwKEq44ApcRUrrw0f= bf yi0yoeAc49IQOI8t2sgIOJO+PXFWVmgFRqgfNJKNBFhktolkG7KlTugbCIf9v2Eqi8= jW PxgA=3D=3D ARC-Authentication-Results: i=3D1; mx.google.com; dkim=3Dpass header.i=3D at opayq.com; spf=3Dpass (google.com: domain of fwd-737qty3mjnahycmahmtrqnsas4ocaf= ruacibjyb2hmykafzaimqgyiqz2agiafncibgcaiaaea=3D=3D=3D=3D=3D=3D at opayq.com de= signates 184.105.182.156 as permitted sender) smtp.mailfrom=3DFWD-737QTY3MJ= NAHYCMAHMTRQNSAS4OCAFRUACIBJYB2HMYKAFZAIMQGYIQZ2AGIAFNCIBGCAIAAEA=3D=3D=3D= =3D=3D=3D at opayq.com; dmarc=3Dpass (p=3DNONE sp=3DNONE dis=3DNONE) header.from=3Dopayq.com Return-Path: <FWD-737QTY3MJNAHYCMAHMTRQNSAS4OCAFRUACIBJYB2HMYKAFZAIMQGYIQZ2= AGIAFNCIBGCAIAAEA=3D=3D=3D=3D=3D=3D at opayq.com> Received: from opayq-out-06.junkemailfilter.com (opayq-out-06.junkemailfilt= er.com. [184.105.182.156]) by mx.google.com with ESMTPS id r24si7383460pgn.25.2017.06.06.03.00= .18 for <curtiskwong9 at gmail.com> (version=3DTLS1_2 cipher=3DECDHE-RSA-AES128-GCM-SHA256 bits=3D128/1= 28); Tue, 06 Jun 2017 03:00:18 -0700 (PDT) Received-SPF: pass (google.com: domain of fwd-737qty3mjnahycmahmtrqnsas4oca= fruacibjyb2hmykafzaimqgyiqz2agiafncibgcaiaaea=3D=3D=3D=3D=3D=3D at opayq.com d= esignates 184.105.182.156 as permitted sender) client-ip=3D184.105.182.156; Authentication-Results: mx.google.com; dkim=3Dpass header.i=3D at opayq.com; spf=3Dpass (google.com: domain of fwd-737qty3mjnahycmahmtrqnsas4ocaf= ruacibjyb2hmykafzaimqgyiqz2agiafncibgcaiaaea=3D=3D=3D=3D=3D=3D at opayq.com de= signates 184.105.182.156 as permitted sender) smtp.mailfrom=3DFWD-737QTY3MJ= NAHYCMAHMTRQNSAS4OCAFRUACIBJYB2HMYKAFZAIMQGYIQZ2AGIAFNCIBGCAIAAEA=3D=3D=3D= =3D=3D=3D at opayq.com; dmarc=3Dpass (p=3DNONE sp=3DNONE dis=3DNONE) header.from=3Dopayq.com Delivery-date: Tue, 06 Jun 2017 03:00:18 -0700 Received: from smtp2.opayq.com ([54.235.124.91]:58910) helo=3D[54.235.124.9= 1] by opayq-outbound.junkemailfilter.com with esmtps (TLSv1.2:AES256-SHA256:2= 56) (Exim 4.89) id 1dIBHe-0005lA-2u on interface=3D184.105.182.150 for curtiskwong9 at gmail.com; Tue, 06 Jun 2017 03:00:18 -0700 DKIM-Signature: v=3D1; d=3Dopayq.com; t=3D1496743216; b=3DA+ZtHuumOAnm6livs= mQ0mqLLE2SK0Z6Yd48DCLPbw4fmD+vVVaHCrQ2vvEdp+bq7f+i+mkWd+bk1d0DXpjrU44yVjKgy= Wkcf2eueM8KAPIjWP8rLyBNTmkWzCc0tpcwjJ87sSFzslV8lkien3fyUijlxCSaVJYvdGYVsOe0= aE+g=3D; s=3Dabine; c=3Drelaxed/relaxed; a=3Drsa-sha256; bh=3DUnJqZUxWS1M0Z= HRJNnSMH0By/nCNL/IKEQ97yDwKao4=3D; h=3DDate:From:Reply-To:Subject:To:List-U= nsubscribe; MIME-Version: 1.0 Content-Type: text/plain; charset=3D"us-ascii" Content-Transfer-Encoding: 7bit X-GetAbine-Processed: 1 From: "ripe.net [Masked]" <FWD-737QTY3MJNAHYCMAHMTRQNSAS4OCAFRUACIBJYB2HMYK= AFZAIMQGYIQZ2AGIAFNCIBGCAIAAEA=3D=3D=3D=3D=3D=3D at opayq.com> Sender: "ripe.net [Masked]" <FWD-737QTY3MJNAHYCMAHMTRQNSAS4OCAFRUACIBJYB2HM= YKAFZAIMQGYIQZ2AGIAFNCIBGCAIAAEA=3D=3D=3D=3D=3D=3D at opayq.com> Reply-To:=20 FWD-737QTY3MJNAHYCMAHMTRQNSAS4OCAFRUACIBJYB2HMYKAFZAIMQGYIQZ2AGIAFNCIBGCAI= AAEA=3D=3D=3D=3D=3D=3D at opayq.com To: a61ec514 at opayq.com X-GetAbine-Sender: routing-wg-bounces at ripe.net X-GetAbine-Disposable: a61ec514 at opayq.com X-GetAbine-Host-Address: 54.235.124.91 Subject: routing-wg Digest, Vol 70, Issue 2 Date: Tue, 06 Jun 2017 12:00:02 +0200 Message-ID: <mailman.17.1496743202.21548.routing-wg at ripe.net> X-BeenThere: routing-wg at ripe.net X-Mailman-Version: 2.1.15 Precedence: list List-Id: RIPE Routing Working Group <routing-wg.ripe.net> List-Unsubscribe: <https://lists.ripe.net/mailman/options/routing-wg>, <mailto:routing-wg-request at ripe.net?subject=3Dunsubscribe> List-Unsubscribe: <mailto:unsubscribe-1334138444-a61ec514 at opayq.com>, <http= s://emails.abine.com/disableDisposable?fwd=3DFWD-737QTY3MJNAHYCMAHMTRQNSAS4= OCAFRUACIBJYB2HMYKAFZAIMQGYIQZ2AGIAFNCIBGCAIAAEA=3D=3D=3D=3D=3D=3D at opayq.co= m> List-Archive: <https://lists.ripe.net/ripe/mail/archives/routing-wg/> List-Post: <mailto:routing-wg at ripe.net> List-Help: <mailto:routing-wg-request at ripe.net?subject=3Dhelp> List-Subscribe: <https://mailman.ripe.net/>, <mailto:routing-wg-request at ripe.net?subject=3Dsubscribe> X-ACL-Warn: Delaying message X-RIPE-Spam-Level: ------- X-RIPE-Spam-Report: Spam Total Points: -7.5 points pts rule name description ---- ---------------------- ------------------------------------ -7.5 ALL_TRUSTED Passed through trusted hosts only via SMTP X-RIPE-Signature: 72fc7cbcf996e20927a5a01bc5571c7b6c3f473e3ee605d3722d70187= 58a3064 X-Sender-Domain: ripe.net X-Spamfilter-host: plato.junkemailfilter.com - http://www.junkemailfilter.c= om X-Key-ID: YTYxZWM1MTRAb3BheXEuY29tIHJvdXRpbmctd2ctYm91bmNlc0ByaXBlLm5ldCAyM= DE3LTA2LTA2IDAzOjAwOjExIDFkSUJIWC0wMDA0cVYtMGs=3D X-Content-flags: chance contact email-adr equalspace https ip-address link = optout phone-num please re register request success time-ref unsubscribe=20 X-Domain-list: ripe.net opayq.com X-Mail-from: routing-wg-bounces at ripe.net X-Sender-Host-Address: 193.0.19.114 X-Sender-Host-Name: mahimahi.ripe.net X-Key-ID: Y3VydGlza3dvbmc5QGdtYWlsLmNvbSBmd2QtNzM3cXR5M21qbmFoeWNtYWhtdHJxb= nNhczRvY2FmcnVhY2lianliMmhteWthZnphaW1xZ3lpcXoyYWdpYWZuY2liZ2NhaWFhZWE9PT09= PT1Ab3BheXEuY29tIDIwMTctMDYtMDYgMDM6MDA6MTggMWRJQkhlLTAwMDVsQS0ydQ=3D=3D -------------------------Blur------------------------- This email is forwarded from a MASKED EMAIL you created using Blur. (https= ://dnt.abine.com/#help/faq/faq-whataremaskedemails). IF THIS IS SPAM, CLICK HERE TO BLOCK: https://dnt.abine.com/#/block_email/a61ec514@opayq.com/FWD-737QTY3MJNAHYCMA= HMTRQNSAS4OCAFRUACIBJYB2HMYKAFZAIMQGYIQZ2AGIAFNCIBGCAIAAEA=3D=3D=3D=3D=3D= =3D at opayq.com Want to shop safely and privately online? Go Premium: https://dnt.abine.com= /?pk_campaign=3DmaskHeader#premium -------------------------by Abine------------------------- Send routing-wg mailing list submissions to routing-wg at ripe.net To subscribe or unsubscribe via the World Wide Web, visit https://mailman.ripe.net/ or, via email, send a message with subject or body 'help' to routing-wg-request at ripe.net You can reach the person managing the list at routing-wg-owner at ripe.net When replying, please edit your Subject line so it is more specific than "Re: Contents of routing-wg digest..." Today's Topics: 1. AS34991 -- hijacked (Ronald F. Guilmette) ---------------------------------------------------------------------- Message: 1 Date: Tue, 06 Jun 2017 01:40:58 -0700 From: "Ronald F. Guilmette" <rfg at tristatelogic.com> To: anti-abuse-wg at ripe.net, db-wg at ripe.net, routing-wg at ripe.net, connect-wg at ripe.net Subject: [routing-wg] AS34991 -- hijacked Message-ID: <93070.1496738458 at segfault.tristatelogic.com> Is there any chance that any of you might be persuaded to have a word or two with either or both of the upstreams for AS34991, specifically with respect to the fact that that whole and entire AS has quite obviously been hijacked, and that it is currently being used and abused to announce a total of 20 completely and transparently bogus routes into various bits of IPv4 space that are allocated to various parties within the nation of Columbia, including but not limited to the National University thereof? I have already attempted to make contact with both upstreams in this case with no success and no reply so far, perhaps because I am not a european, or perhaps because I myself am not a network operator, or perhaps because I do not speak (or write) bulgarian. Below is a listing of the currently hijacked routes. Please note that the hijacker in this case quite obviously planned this all, quite carefully, and in advance of the actual hijackings, and he tried (and succeded!) to effectively legitimize all of these bogus route announcement via the simple and easy ruse of also pre-creating a set of matching, and equally bogus route objects within the RIPE data base. (As I learned the last time a case like this came up, the RIPE community, in its infinite wisdom, had made it so easy to create such route objects in the data base, with no authority or authorization whatsoever, that any baboon with a keyboard and a pulse may easily do so.) Of course, as the more observant among you may note, the domain name used for the contact email address for AS34991 has recently been re-registered, presumably after having lapsed. This indicates rather clearly, I think, that it is not merely the IPv4 blocks listed below that have been and are being hijacked, but also the AS34991 ASN itself. covfefe P.S. For the record, yes, some of the hijacked blocks in this case have already been sub-leased out to snowshoe spammers, and are being actively used for snowshoe spamming as we speak. =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D 152.204.132.0/24 -- Columbia 152.204.133.0/24 -- Columbia 152.231.25.0/24 -- Columbia 152.231.28.0/24 -- Columbia 168.176.187.0/24 -- Columbia, National University of 168.176.192.0/24 -- Columbia, National University of 168.176.194.0/24 -- Columbia, National University of 168.176.218.0/24 -- Columbia, National University of 168.176.219.0/24 -- Columbia, National University of 179.1.71.0/24 -- Columbia 181.57.40.0/24 -- Columbia 186.113.13.0/24 -- Columbia 186.113.15.0/24 -- Columbia 186.147.230.0/24 --=20 ----- Message truncated -----
- Previous message (by thread): [routing-wg] AS34991 -- hijacked
- Next message (by thread): [routing-wg] Delivery Status Notification (Delay)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]