Search RPD Archives
[rpd] Mass Hijacking of AFRINIC IPv4 Space by U.S.A. Spammers
dogwallah at gmail.com
Thu Nov 17 23:25:45 UTC 2016
On Fri, Nov 18, 2016 at 3:28 AM, Ronald F. Guilmette
<rfg at tristatelogic.com> wrote:
> In message <C9C12670-318D-4802-A290-C8E89CBEAFAA at liquidtelecom.com>,
> Andrew Alston <Andrew.Alston at liquidtelecom.com> wrote:
> >... blah blah blah... legacy space... no control.... blah blah blah...
> You seem to be assuming that any of what is going on has been endorsed
> in some way by the actual and -legitimate- registered (legacy) resource
> holders. But there's no evidence that any of them sold their space,
> or their ASNs, or that any of them are even aware of what is going on
> here. (And of course, I'm only speaking about the ones that even still
> exist. It appears that many may not, and should have been struck off
> years ago.)
> There are only two possibilities here. Either (a) nobody on this list,
> or in Afrinic gives a damn about what's going on here, in which case
> it will be left to me alone to try to pursue other avenues to get this
> mess cleaned up... even though I've already got more than enough work
> on my plate, and should really be working on a botnet takedown... or else
> (b) -somebody- on this list and/or in Afrinic actually does give a damn
> about this mess, maybe even enough to help me out here and take it the
> last mile to get this resolved, you know, now that I've done all of the
> hard investigation work.
not a binary choice at all.
c) People care, but what you are asking for is beyond the remit of any RIR.
> If possibility (a) applies, then I guess I'm on my own and I'll have to
> go elsewhere in order to create heat on the appropriate people.
You should probably try the above.
RIRs are not the Internet police.
> If, on the other hand, possibility (b) applies, then -somebody- who is
> willing to help should start by trying to make contact with a company
> called Xconnect24, Ltd (AS260), which is apparently headquartered in
> the Netherlands, and try to make contact with one of the following
> three officials of this company. (I've tried to contact the company
> already via email, a week ago, but it has not replied to my emails.)
> CEO - Olav van Doorn
> Co-founder Jan Willem Meijer:
> CTO - Rutger Bevaart
> This company is the one and only BGP peer for the following *SIX*
> Afrinic-issued ASNs, each of which is currently announcing routes
> which are, at the very least, deeply suspicious:
> AS10505 -- hijacking lots of Chinese IPv4 space
> Note: I already knew, well before now, that this company, Xconnect24, Ltd.
> was the one and only BGP peer for at least *two* of the above deeply
> suspicious ASNs... or perhaps three. I didn't realize until just now
> that the actual count is at least six (as listed above). Now that I
> know that, I'll have to go and investigate -all- of the peers of AS260,
> to see if there are maybe even some more, after which I'm also going to
> rat these assholes out on the NANOG list.
> So, is anybody willing to help? Or is everybody here just committed to
> making excuses and offering well-reasoned explanations for why nothing
> can be done and nobody can do anything?
We seem to be committed to educating you about the roles that are
appropriate for a RIR to take on.
"A name indicates what we seek. An address indicates where it is. A
route indicates how we get there." Jon Postel
More information about the RPD