nanog mailing list archives
Re: Prefix hijacking by Michael Lindsay via Internap
From: Denis Spirin <noc () link-telecom net>
Date: Sun, 21 Aug 2011 04:05:53 +0200
Right now there are: 46.96.0.0/16 83.223.224.0/19 94.250.128.0/19 94.250.160.0/19 188.164.0.0/24 As I can see in the spam block lists like Spamhaus, all our networks was affected: 83.223.224.0/20 86.59.128.0/17 79.174.128.0/18 94.250.128.0/17 188.164.0.0/16 46.96.0.0/16 2011/8/21 Arturo Servin <arturo.servin () gmail com>
What's the prefix you claim is hijacked? /as On 20 Aug 2011, at 22:05, Denis Spirin wrote:Hello All, I was hired by the Russian ISP company to get it back to the business.Dueto impact of the financial crisis, the company was almost bankrupt, butthenfound the investor and have a big wish to life again. When I tried to announce it's networks, upstreams rejected to accept it because of Spamhaus listings. But our employer sworn there is not and was not any spamming from the company. The Spamhaus lists all our networks as spamming Zombies. And it IS announced and used now!!! The announce isfromAmerican based company Internap (AS12182). I wrote the abuse report them, but instead of stop unauthorized announces of our networks, I wascontactedby a person named 'Michael Lindsay' - he tell me he buy our networks from some other people and demand we get back our abuse reports. Of course, we don't. After a short googling, I found this is well-known cyber crime person: http://www.spamhaus.org/rokso/listing.lasso?file=818&skip=0, andhedid IP hijacking with the fake letter of authorization before: http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK8686 so ourcompanyis not a first victim of him. Yes, our company "help" him with themistakeof loosing old domain link-telecom.biz he was also squatted. This domainwaslisted as contact at RIPE Database. It is a good topic why these easy-to-forge LOAs is still in use, as RADB/RIPE DB/other routing database with the password access is a common thing. But this is not the main thing. The main thing is why Internaphelpsto commit a crime to the well-known felony person, and completely ignores our requests? Is there any way to push them to stop doing thatimmediately?If anybody can - please help...
Current thread:
- Prefix hijacking by Michael Lindsay via Internap Denis Spirin (Aug 20)
- Re: Prefix hijacking by Michael Lindsay via Internap Arturo Servin (Aug 20)
- Re: Prefix hijacking by Michael Lindsay via Internap Denis Spirin (Aug 20)
- Re: Prefix hijacking by Michael Lindsay via Internap Arturo Servin (Aug 20)
- Re: Prefix hijacking by Michael Lindsay via Internap Denis Spirin (Aug 20)
- Re: Prefix hijacking by Michael Lindsay via Internap Arturo Servin (Aug 20)
- Re: Prefix hijacking by Michael Lindsay via Internap David Conrad (Aug 20)
- Re: Prefix hijacking by Michael Lindsay via Internap Tammy A. Wisdom (Aug 20)
- Re: Prefix hijacking by Michael Lindsay via Internap Joel Jaeggli (Aug 21)
- Re: Prefix hijacking by Michael Lindsay via Internap Jimmy Hess (Aug 21)
- Re: Prefix hijacking by Michael Lindsay via Internap David Conrad (Aug 21)
- Re: Prefix hijacking by Michael Lindsay via Internap Denis Spirin (Aug 20)
- RE: Prefix hijacking by Michael Lindsay via Internap Nathan Eisenberg (Aug 21)
- resolving prefix hijacks (was Re: Prefix hijacking by Michael Lindsay via Internap) Ken Chase (Aug 21)
- Re: Prefix hijacking by Michael Lindsay via Internap Arturo Servin (Aug 20)