Re: AS3266: BitCanal hijack factory, courtesy of many connectivity providers

[Simon Muyal <smuyal () franceix net>]

Hi Job, all,

On the France-IX route servers, we are applying filters based on IRR 
DBs. I double checked the list https://pastebin.com/raw/Jw1my9Bb and 
these prefixes should be filtered if bitcanal starts announcing them.
Currently, bitcanal/AS197426 is not announcing any prefix on our route 
servers:

https://lg.franceix.net/irr_found_for/RS1+RS2/ipv4?q=197426
https://lg.franceix.net/irr_notfound_for/RS1+RS2/ipv4?q=197426

regards,
Simon

--
Simon Muyal
CTO
FranceIX
Tél: +33 (0)1 70 61 97 74
Mob: +33 (0)6 21 17 29 51




<https://t.co/dN09RCYsX9>
Le 26/06/2018 à 11:22, Job Snijders a écrit :
> (I've updated the email subject to make it more accurate)
>
> On Tue, Jun 26, 2018 at 12:18:19PM -0400, Stephen Fulton wrote:
> > Unless of course they are not actually on an IXP listed.
> Of course.
>
> > Bitcanal is not a member of TorIX and as far as I recall, never has
> > been. The IP they list in PeeringDB was never assigned to them at any
> > point and in fact was used by an AS112 instance which was run by TorIX
> > directly on the fabric for a time.  I sent in a note to PeeringDB
> > several years ago about Bitcanal claiming to be a peer when they were
> > not and never heard back.. I'll resend.
> Thank you for this clarification. Indeed a note to the PeeringDB Admin
> committee should help clean this up. Please note that this organisation
> also goes under the name of "Ebony Horizon".
>
> I've manually confirmed bitcanal/AS 197426 is connected to AMS-IX, ECIX
> Frankfurt, ESPANIX, FranceIX Paris, GigaPIX, and LINX LON1.
>
> At most of these IXPs, bitcanal seems to be connected the the IXP's
> route servers. In my mind, if we want to consider responsibility, these
> IXPs are as much at fault as any upstream provider. Connectivity is
> connectivity.
>
> Kind regards,
>
> Job