nanog mailing list archives

Re: Prefix hijacking by Michael Lindsay via Internap

From: Denis Spirin <noc () link-telecom net>
Date: Sun, 21 Aug 2011 04:05:53 +0200

Right now there are:
46.96.0.0/16
83.223.224.0/19
94.250.128.0/19
94.250.160.0/19
188.164.0.0/24

As I can see in the spam block lists like Spamhaus, all our networks was
affected:
83.223.224.0/20
86.59.128.0/17
79.174.128.0/18
94.250.128.0/17
188.164.0.0/16
46.96.0.0/16


2011/8/21 Arturo Servin <arturo.servin () gmail com>


       What's the prefix you claim is hijacked?

/as

On 20 Aug 2011, at 22:05, Denis Spirin wrote:

Hello All,

I was hired by the Russian ISP company to get it back to the business.

Due

to impact of the financial crisis, the company was almost bankrupt, but

then

found the investor and have a big wish to life again.

When I tried to announce it's networks, upstreams rejected to accept it
because of Spamhaus listings. But our employer sworn there is not and was
not any spamming from the company. The Spamhaus lists all our networks as
spamming Zombies. And it IS announced and used now!!! The announce is

from

American based company Internap (AS12182). I wrote the abuse report them,
but instead of stop unauthorized announces of our networks, I was

contacted

by a person named 'Michael Lindsay' - he tell me he buy our networks from
some other people and demand we get back our abuse reports. Of course, we
don't. After a short googling, I found this is well-known cyber crime
person: http://www.spamhaus.org/rokso/listing.lasso?file=818&skip=0, and

he

did IP hijacking with the fake letter of authorization before:
http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK8686 so our

company

is not a first victim of him. Yes, our company "help" him with the

mistake

of loosing old domain link-telecom.biz he was also squatted. This domain

was

listed as contact at RIPE Database.

It is a good topic why these easy-to-forge LOAs is still in use, as
RADB/RIPE DB/other routing database with the password access is a common
thing. But this is not the main thing. The main thing is why Internap

helps

to commit a crime to the well-known felony person, and completely ignores
our requests? Is there any way to push them to stop doing that

immediately?

If anybody can - please help...

Current thread:

Prefix hijacking by Michael Lindsay via Internap Denis Spirin (Aug 20)
- Re: Prefix hijacking by Michael Lindsay via Internap Arturo Servin (Aug 20)
  - Re: Prefix hijacking by Michael Lindsay via Internap Denis Spirin (Aug 20)
    - Re: Prefix hijacking by Michael Lindsay via Internap Arturo Servin (Aug 20)
    - Re: Prefix hijacking by Michael Lindsay via Internap Denis Spirin (Aug 20)
    - Re: Prefix hijacking by Michael Lindsay via Internap Arturo Servin (Aug 20)
    - Re: Prefix hijacking by Michael Lindsay via Internap David Conrad (Aug 20)
    - Re: Prefix hijacking by Michael Lindsay via Internap Tammy A. Wisdom (Aug 20)
    - Re: Prefix hijacking by Michael Lindsay via Internap Joel Jaeggli (Aug 21)
    - Re: Prefix hijacking by Michael Lindsay via Internap Jimmy Hess (Aug 21)
    - Re: Prefix hijacking by Michael Lindsay via Internap David Conrad (Aug 21)
    - RE: Prefix hijacking by Michael Lindsay via Internap Nathan Eisenberg (Aug 21)
    - resolving prefix hijacks (was Re: Prefix hijacking by Michael Lindsay via Internap) Ken Chase (Aug 21)

(Thread continues...)