[rpd] Mass Hijacking of AFRINIC IPv4 Space by U.S.A. Spammers

[McTim]

On Fri, Nov 18, 2016 at 3:28 AM, Ronald F. Guilmette
<rfg at tristatelogic.com> wrote:
>
>
> In message <C9C12670-318D-4802-A290-C8E89CBEAFAA at liquidtelecom.com>,
> Andrew Alston <Andrew.Alston at liquidtelecom.com> wrote:
>
> >... blah blah blah... legacy space... no control.... blah blah blah...
>
> You seem to be assuming that any of what is going on has been endorsed
> in some way by the actual and -legitimate- registered (legacy) resource
> holders.  But there's no evidence that any of them sold their space,
> or their ASNs, or that any of them are even aware of what is going on
> here.  (And of course, I'm only speaking about the ones that even still
> exist.  It appears that many may not, and should have been struck off
> years ago.)
>
> There are only two possibilities here.  Either (a) nobody on this list,
> or in Afrinic gives a damn about what's going on here, in which case
> it will be left to me alone to try to pursue other avenues to get this
> mess cleaned up... even though I've already got more than enough work
> on my plate, and should really be working on a botnet takedown... or else
> (b) -somebody- on this list and/or in Afrinic actually does give a damn
> about this mess, maybe even enough to help me out here and take it the
> last mile to get this resolved, you know, now that I've done all of the
> hard investigation work.



not a binary choice at all.

c)  People care, but what you are asking for is beyond the remit of any RIR.








>
>
> If possibility (a) applies, then I guess I'm on my own and I'll have to
> go elsewhere in order to create heat on the appropriate people.


You should probably try the above.

RIRs are not the Internet police.





>
> If, on the other hand, possibility (b) applies, then -somebody- who is
> willing to help should start by trying to make contact with a company
> called Xconnect24, Ltd (AS260), which is apparently headquartered in
> the Netherlands, and try to make contact with one of the following
> three officials of this company.  (I've tried to contact the company
> already via email, a week ago, but it has not replied to my emails.)
>
>     CEO - Olav van Doorn
>     https://nl.linkedin.com/in/olavvandoorn
>     Co-founder Jan Willem Meijer:
>     https://www.loth.nl/company-profile-custom-connect/
>     CTO - Rutger Bevaart
>     https://nl.linkedin.com/in/rutgerbevaart
>
> This company is the one and only BGP peer for the following *SIX*
> Afrinic-issued ASNs, each of which is currently announcing routes
> which are, at the very least, deeply suspicious:
>
> AS7971
> AS10505  -- hijacking lots of Chinese IPv4 space
> AS6560
> AS14029
> AS37135
> AS37137
>
> Note:  I already knew, well before now, that this company, Xconnect24, Ltd.
> was the one and only BGP peer for at least *two* of the above deeply
> suspicious ASNs... or perhaps three.  I didn't realize until just now
> that the actual count is at least six (as listed above).  Now that I
> know that, I'll have to go and investigate -all- of the peers of AS260,
> to see if there are maybe even some more, after which I'm also going to
> rat these assholes out on the NANOG list.
>
> So, is anybody willing to help?  Or is everybody here just committed to
> making excuses and offering well-reasoned explanations for why nothing
> can be done and nobody can do anything?


We seem to be committed to educating you about the roles that are
appropriate for a RIR to take on.


-- 
Cheers,

McTim
"A name indicates what we seek. An address indicates where it is. A
route indicates how we get there."  Jon Postel