[anti-abuse-wg] Hijack Factory: AS201640 / AS200002
- Previous message (by thread): [anti-abuse-wg] Hijack Factory: AS201640 / AS200002
- Next message (by thread): [anti-abuse-wg] Hijack Factory: AS201640 / AS200002
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Laura Cobley
laura at ripe.net
Thu Nov 6 15:27:14 CET 2014
Dear Ronald and all, The RIPE NCC investigates reports about Internet number resource registrations. These fall into different categories: - Violation of RIPE Policies and RIPE NCC Procedures - Provision of untruthful information to the RIPE NCC - Bankruptcy, liquidation or insolvency - Incorrect contact information in the RIPE Database You can read more about the procedure together with a link for submitting a report at: https://www.ripe.net/contact/reporting-procedure Kind regards, Laura Cobley Customer Services Manager RIPE NCC On 05/11/14 21:38, Ronald F. Guilmette wrote: > How does one go about making a formal request to RIPE NCC to investigate > a given AS registrant/registration? > > Given that AS201640 appears to exist exclusively for the purpose of > hijacking multiple/numerous blocks of IPv4 space that it rather clearly > has no rights to, I would like to formally lodge exactly such a request. > > http://blogs.cisco.com/security/talos/help-my-ip-address-has-been-hijacked/ > > http://mailman.nanog.org/pipermail/nanog/2014-October/071056.html > > This is ongoing, as we speak. Among the many IP blocks being hijacked, > one of them even belongs to the Taiwan Network Information Center. > > Note that the hijacked IP space is being used, perhaps by multiple > parties, by also by at least one convicted felon, and for one very > specific purpose... > > http://krebsonsecurity.com/2014/11/still-spamming-after-all-these-years/ > > > Regards, > rfg > > > P.S. To be clear, I would like to see there be an investigation of > _both_ AS201640 and also the one and only other AS that appears to > connect AS201640 to the rest of the world, i.e. AS200002. > > Somebody please help me here. I did try to read at least one of the > official RIPE NCC registration requirement documents yesterday, and > I was left with the impression... perhaps incorrect on my part... that > in order to obtain an AS, the network in question must be multi-homed. > Doesn't that mean that the network in question must have connectivity > to the outside world via *more than one* other AS? > > > P.P.S. Unlike RIPE number resource allocations, it _is_ easily possible > to find the registration date for most domain names in most TLDs. The > AS primarily at issue here is AS201640 and it seems to be associated > with a (contact) domain name of "grimhosting.com". (The associated web > site, by the way, is _not_ hosted within any IP space which is being > announced by AS201640. Rather it is hosted on Cloudflare.) Anyway, > the registration date for the domain name grimhosting.com is 2014-06-18. > > The person name on the registration for both the AS and that domain name > is "Bogomil Simeonov". In the domain name registration, this name is > associated with the e-mail address <simeonov_zepter at abv.bg>. That address > in turn seems to be associated with some company named Zepter Bulgaria Ltd., > which is apparently a "direct sales" organization, and also, perhaps, with > the young man who is pictured in/on this web page: > > http://cv-simeonov.hit.bg/ > > >
- Previous message (by thread): [anti-abuse-wg] Hijack Factory: AS201640 / AS200002
- Next message (by thread): [anti-abuse-wg] Hijack Factory: AS201640 / AS200002
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]