[db-wg] Faked entries in the RIPE db
- Previous message (by thread): [db-wg] Faked entries in the RIPE db
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Job Snijders
job at instituut.net
Tue May 31 12:36:28 CEST 2016
On Tue, May 31, 2016 at 10:21:31AM +0000, Dickinson, Ian wrote: > There appears to be abuse happening in the RIPE db - presumably to > allow other online activity to be done with abuse indirection to an > innocent bystander (e.g. my employer) - all over the last day or > two... > > The specific items I noticed are all inet6num maintained by > BSKYB-BROADBAND44-MNT, along with BSKYB-BROADBAND44-MNT itself, and > ORG-BBH4-RIPE and ACRO772-RIPE > This was due to the fake objects referring to our real role/person objects. > > It appears that there are many other faked entries under > 2a07:7ec0::/29 - pretending to be Deutsche Telekom or Time Warner > Cable for example. Either that LIR is a bad actor, or their > maintainer credentials have been 0wned. > > This needs to be killed off. I concur that this looks like a purposefully engineered effort to hide something. Review the output of the following command: $ whois -h whois.ripe.net -- "-M 2a07:7ec0::/29 -T inet6num" <snip tons of inet6nums> $ whois -h whois.ripe.net -- "-M 2a07:7ec0::/29 -T inet6num" | grep org-name | sort -u org-name: ASAHI Net,Inc. org-name: BSkyB Broadband Hostmaster org-name: Deutsche Telekom AG org-name: KPN B.V. org-name: Orange France S.A. org-name: Telstra Pty Ltd org-name: Time Warner Cable LLC Kind regards, Job
- Previous message (by thread): [db-wg] Faked entries in the RIPE db
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]