Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Mass Hijacking of AFRINIC IPv4 Space by U.S.A. Spammers

Ronald F. Guilmette rfg at tristatelogic.com
Thu Nov 17 21:58:04 UTC 2016


In message <C9C12670-318D-4802-A290-C8E89CBEAFAA at liquidtelecom.com>, 
Andrew Alston <Andrew.Alston at liquidtelecom.com> wrote:

>... blah blah blah... legacy space... no control.... blah blah blah...

You seem to be assuming that any of what is going on has been endorsed
in some way by the actual and -legitimate- registered (legacy) resource
holders.  But there's no evidence that any of them sold their space,
or their ASNs, or that any of them are even aware of what is going on
here.  (And of course, I'm only speaking about the ones that even still
exist.  It appears that many may not, and should have been struck off
years ago.)

There are only two possibilities here.  Either (a) nobody on this list,
or in Afrinic gives a damn about what's going on here, in which case
it will be left to me alone to try to pursue other avenues to get this
mess cleaned up... even though I've already got more than enough work
on my plate, and should really be working on a botnet takedown... or else
(b) -somebody- on this list and/or in Afrinic actually does give a damn
about this mess, maybe even enough to help me out here and take it the
last mile to get this resolved, you know, now that I've done all of the
hard investigation work.

If possibility (a) applies, then I guess I'm on my own and I'll have to
go elsewhere in order to create heat on the appropriate people.

If, on the other hand, possibility (b) applies, then -somebody- who is
willing to help should start by trying to make contact with a company
called Xconnect24, Ltd (AS260), which is apparently headquartered in
the Netherlands, and try to make contact with one of the following
three officials of this company.  (I've tried to contact the company
already via email, a week ago, but it has not replied to my emails.)

    CEO - Olav van Doorn
    https://nl.linkedin.com/in/olavvandoorn
    Co-founder Jan Willem Meijer:
    https://www.loth.nl/company-profile-custom-connect/
    CTO - Rutger Bevaart
    https://nl.linkedin.com/in/rutgerbevaart

This company is the one and only BGP peer for the following *SIX*
Afrinic-issued ASNs, each of which is currently announcing routes
which are, at the very least, deeply suspicious:

AS7971
AS10505  -- hijacking lots of Chinese IPv4 space
AS6560
AS14029
AS37135
AS37137

Note:  I already knew, well before now, that this company, Xconnect24, Ltd.
was the one and only BGP peer for at least *two* of the above deeply
suspicious ASNs... or perhaps three.  I didn't realize until just now
that the actual count is at least six (as listed above).  Now that I
know that, I'll have to go and investigate -all- of the peers of AS260,
to see if there are maybe even some more, after which I'm also going to
rat these assholes out on the NANOG list.

So, is anybody willing to help?  Or is everybody here just committed to
making excuses and offering well-reasoned explanations for why nothing
can be done and nobody can do anything?


Regards,
rfg



More information about the RPD mailing list