This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] 213.0.0.0/8 and AS12445 (selenebs.it aka "A2A Smart City S.P.A"/Italy)
- Previous message (by thread): [anti-abuse-wg] telia.lt: Ignoring abuse complaints (?)
- Next message (by thread): [anti-abuse-wg] 213.0.0.0/8 and AS12445 (selenebs.it aka "A2A Smart City S.P.A"/Italy)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ronald F. Guilmette
rfg at tristatelogic.com
Sun Apr 7 08:15:08 CEST 2019
I guess that I have a lot to learn yet about routing. Maybe some of you
folks will yet again take pity on me and explain this to me.
>From where I am sitting it appears that AS12445 is announcing a route to
all of 213.0.0.0/8. (I only happened to find out about this because,
as it happens there are some spamming inside of 213.0.0.0/8.)
Anyway, this is my reference source:
https://bgp.he.net/AS12445#_prefixes
I did think that I should try to just email the official contacts AS12445
privately to inquire about this, and so I sent email to all three of
the contact email addresses listed in the RIPE WHOIS record for AS12445,
but as you can all see below, that didn't really work out very well.
Anyway, this doesn't seem to be such a great idea, security-wise, i.e. to
allow random network to announce routes to entire /8s (or larger) that
don't actually belong to them.
It is hard for me to tell how long this has been ongoing in the case of
this specific prefix and this specific ASN. If anyone else can illuminate
me regarding that, then I would appreciate it.
------- Forwarded Message
Return-Path: <>
X-Original-To: rfg at tristatelogic.com
Delivered-To: rfg at tristatelogic.com
Received: by segfault.tristatelogic.com (Postfix)
id 323DF3AFF4; Sat, 6 Apr 2019 22:57:35 -0700 (PDT)
Date: Sat, 6 Apr 2019 22:57:35 -0700 (PDT)
From: MAILER-DAEMON at tristatelogic.com (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: rfg at tristatelogic.com
Auto-Submitted: auto-replied
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="8E09A3AEF2.1554616655/segfault.tristatelogic.com"
Message-Id: <20190407055735.323DF3AFF4 at segfault.tristatelogic.com>
This is a MIME-encapsulated message.
- --8E09A3AEF2.1554616655/segfault.tristatelogic.com
Content-Description: Notification
Content-Type: text/plain; charset=us-ascii
This is the mail system at host segfault.tristatelogic.com.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
<galasso at selenebs.it>: host
selenebs-it.mail.protection.outlook.com[104.47.10.36] said: 550 5.4.1
[galasso at selenebs.it]: Recipient address rejected: Access denied
[DB5EUR03FT051.eop-EUR03.prod.protection.outlook.com] (in reply to RCPT TO
command)
<gvinetti at selenebs.it>: host
selenebs-it.mail.protection.outlook.com[104.47.10.36] said: 550 5.4.1
[gvinetti at selenebs.it]: Recipient address rejected: Access denied
[DB5EUR03FT051.eop-EUR03.prod.protection.outlook.com] (in reply to RCPT TO
command)
- --8E09A3AEF2.1554616655/segfault.tristatelogic.com
Content-Description: Delivery report
Content-Type: message/delivery-status
Reporting-MTA: dns; segfault.tristatelogic.com
X-Postfix-Queue-ID: 8E09A3AEF2
X-Postfix-Sender: rfc822; rfg at tristatelogic.com
Arrival-Date: Sat, 6 Apr 2019 22:57:32 -0700 (PDT)
Final-Recipient: rfc822; galasso at selenebs.it
Original-Recipient: rfc822;galasso at selenebs.it
Action: failed
Status: 5.4.1
Remote-MTA: dns; selenebs-it.mail.protection.outlook.com
Diagnostic-Code: smtp; 550 5.4.1 [galasso at selenebs.it]: Recipient address
rejected: Access denied
[DB5EUR03FT051.eop-EUR03.prod.protection.outlook.com]
Final-Recipient: rfc822; gvinetti at selenebs.it
Original-Recipient: rfc822;gvinetti at selenebs.it
Action: failed
Status: 5.4.1
Remote-MTA: dns; selenebs-it.mail.protection.outlook.com
Diagnostic-Code: smtp; 550 5.4.1 [gvinetti at selenebs.it]: Recipient address
rejected: Access denied
[DB5EUR03FT051.eop-EUR03.prod.protection.outlook.com]
- --8E09A3AEF2.1554616655/segfault.tristatelogic.com
Content-Description: Undelivered Message
Content-Type: message/rfc822
Return-Path: <rfg at tristatelogic.com>
Received: from segfault-nmh-helo.tristatelogic.com (localhost [127.0.0.1])
by segfault.tristatelogic.com (Postfix) with ESMTP id 8E09A3AEF2;
Sat, 6 Apr 2019 22:57:32 -0700 (PDT)
From: "Ronald F. Guilmette" <rfg at tristatelogic.com>
To: gvinetti at selenebs.it, galasso at selenebs.it, abuse at selenebs.it
Subject: 213.0.0.0/8
Date: Sat, 06 Apr 2019 22:57:32 -0700
Message-ID: <32415.1554616652 at segfault.tristatelogic.com>
Greetings,
I waas wondering if you people could explain to me why your ASN (AS12445)
announcing a route at all of 213.0.0.0/8.
I don't think that your network has been assigned that entire huge block
of IPv4 addresses or that all of that IPv4 space belongs to you.
Do you disagree?
https://bgp.he.net/AS12445#_prefixes
- --8E09A3AEF2.1554616655/segfault.tristatelogic.com--
------- End of Forwarded Message
- Previous message (by thread): [anti-abuse-wg] telia.lt: Ignoring abuse complaints (?)
- Next message (by thread): [anti-abuse-wg] 213.0.0.0/8 and AS12445 (selenebs.it aka "A2A Smart City S.P.A"/Italy)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]