[130111] in North American Network Operators' Group
AS11296 -- Hijacked?
daemon@ATHENA.MIT.EDU (Ronald F. Guilmette)
Tue Sep 28 15:22:16 2010
To: nanog@nanog.org
Date: Tue, 28 Sep 2010 12:21:43 -0700
From: "Ronald F. Guilmette" <rfg@tristatelogic.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Evidence strongly suggests that AS11296 together with all of the IPv4
space it is currently announcing routes for, i.e.:
63.247.160.0/19
199.241.64.0/19
206.226.64.0/24
206.226.65.0/24
206.226.66.0/24
206.226.67.0/24
206.226.68.0/24
206.226.69.0/24
206.226.70.0/24
206.226.71.0/24
206.226.72.0/24
206.226.73.0/24
206.226.74.0/24
206.226.75.0/24
206.226.76.0/24
206.226.77.0/24
206.226.78.0/24
206.226.79.0/24
206.226.96.0/19
have all been hijacked. I will be reporting this formally to ARIN today,
via their helpful fraud reporting web form.
In the meantime, while this case is being carefully adjudicated by ARIN,
some folks may wish to blackhole the above. (The IP space appears to be
in use by some sort of snowshoe spamming operation.)
Regards,
rfg
P.S. Connectivity for AS11296 appears to come from only one place:
http://www.robtex.com/as/as11296.html#graph
