[anti-abuse-wg] Hijack Factory: AS201640 / AS200002
- Previous message (by thread): [anti-abuse-wg] Hijack Factory: AS201640 / AS200002
- Next message (by thread): [anti-abuse-wg] Hijack Factory: AS201640 / AS200002
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Suresh Ramasubramanian
ops.lists at gmail.com
Fri Nov 7 04:05:50 CET 2014
This one is, yes. No shortage of previous incidents though as you're probably aware. Anyway the question before the house here is NCC policies, not which country a specific incident took place in. On Nov 7, 2014 8:23 AM, "Elvis Daniel Velea" <elvis at velea.eu> wrote: > Nex time, before sending an e-mail learn how to use whois. > > the AS is assigned and used in Bulgaria and the Sponsoring LIR is also > from Bulgaria (Nettera Ltd) > > Btw, how are the laws against spam in India? I see it's still in top 10 > countries sending spam... > > Excuse the briefness of this mail, it was sent from a mobile device. > > On 07 Nov 2014, at 01:23, Suresh Ramasubramanian <ops.lists at gmail.com> > wrote: > > There are two or three things here. > > RIPE is under dutch law and the Netherlands does have a law against spam, > and other cybercrime legislation as well that has historically been > actively enforced. > > The LIR is under romanian law and that does appear to have some laws > against spam on their books but none of it appears to have been tested in > court. > > As a LE organization, Europol, like Interpol, deals with coordination and > clearinghouse work between national LE and neither is an international > police force. > > This simply means that LE or the appropriate regulator in either country > where the different parts of this contract exist (the Netherlands - opta or > dutch high tech crime police, and whoever are their peers in Romania) > should be able to act on this information. > > U.S. LE as well given that the actual perpetrators are there. > > Whether dutch, romanian or US law are able to take cognizance of publicly > available information to open an investigation, or they need a local victim > of IP hijacking (or an international victim through the normal LE channels) > remains to be seen. > > In either case we do need to see how much RIPE NCC can do to exercise its > fiduciary duty over v4 space. > > A bank manager who loaned money on the same slapdash implementation of > criteria that NCC allocates IP space on (due diligence being interpreted as > 'internet policing' might explain that) would be fired and/or prosecuted in > very short order indeed. > On Fri, 7 Nov 2014 at 02:21 Reza Mahmoudi <R.mahmoudi at mobinnet.net> wrote: > >> I was wondering if this kind of hijacking falls into the category of >> Cybercrime and authorities like Europol (https://www.europol.europa.eu/ >> ) can help? >> >> Reza Mahmoudi >> ________________________________________ >> From: anti-abuse-wg-bounces at ripe.net [anti-abuse-wg-bounces at ripe.net] on >> behalf of Ronald F. Guilmette [rfg at tristatelogic.com] >> Sent: Friday, November 07, 2014 12:02 AM >> To: anti-abuse-wg at ripe.net >> Subject: Re: [anti-abuse-wg] Hijack Factory: AS201640 / AS200002 >> >> In message <20141106150814.GX31092 at Space.Net>, >> Gert Doering <gert at space.net> wrote: >> >> >In this particular case, I wonder why nobody is yelling at the upstream >> >who is happily forward packets for that AS... due dilligence at >> >accepting customer prefixes would have easily caught the announcements. >> >> I personally would be ``yelling at the upstream'' right now, but someone >> made a comment on the NANOG mailing list which sort-of hinted that this >> would be entirely futile in the case of AS200002. I don't know, but I >> suspect that he already knows something that I don't know, so I'm not >> wasting my time on sending comlaints to an entity that, it seems, may >> perhaps not give a damn. >> >> >(Yes, I understand that I'm now officially part of the problem, as >> >I'm obviously not willing to do everything technically possible to >> >stop particular sorts of badness) >> >> To the extent that you might be able to avoid forwarding route >> announcements which originate from AS201640, allow me to express >> my personal opinion that doing so would be admirable. >> >> >> Regards, >> rfg >> >> >> -- >> This email was Virus checked by Juniper Security Gateway. >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.ripe.net/ripe/mail/archives/anti-abuse-wg/attachments/20141107/9e3ef0aa/attachment.html>
- Previous message (by thread): [anti-abuse-wg] Hijack Factory: AS201640 / AS200002
- Next message (by thread): [anti-abuse-wg] Hijack Factory: AS201640 / AS200002
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]