[139270] in North American Network Operators' Group
RE: HIJACKED: 159.223.0.0/16 -- WTF? Does anybody care?
daemon@ATHENA.MIT.EDU (John van Oppen)
Fri Apr 1 02:01:47 2011
From: John van Oppen <jvanoppen@spectrumnet.us>
To: "'Ronald F. Guilmette'" <rfg@tristatelogic.com>
Date: Fri, 1 Apr 2011 06:00:54 +0000
In-Reply-To: <49839.1301618784@tristatelogic.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Why does it matter what his position is? Sounds like they had a forged LO=
A from the customer and that they fixed the issue when they found out about=
it. I am not sure you can ask too much more from a network operator, th=
e best thing we can hope for are companies that will cancel customers if th=
ey are abuse sources, that is exactly what happened here.
Lots of people are posting on nanog with outside email addresses because th=
ey don't want to be tied too closely to the corporation for which they work=
, it seems totally reasonable to me especially given the mix of personal an=
d professional ties a lot of us have in this community. The main issue h=
ere is getting results and it sounds like that happened here pretty quickly=
. Most technical types are good people and for the most part will work th=
ough their corporate BS to get abuse issues solved as quickly as they can. =
I know we do try to resolve abuse quickly and people who are nice and pro=
vide data up front just help expedite the process further, acting like a je=
rk is by far the least productive way to engage people in the nanog communi=
ty.=20
John
-----Original Message-----
From: Ronald F. Guilmette [mailto:rfg@tristatelogic.com]=20
Sent: Thursday, March 31, 2011 5:46 PM
To: nanog@nanog.org
Subject: Re: HIJACKED: 159.223.0.0/16 -- WTF? Does anybody care?=20
In message <AANLkTinVLqeFVYkc91d8P-N9zvDGR5PrXREypTuiM0jg@mail.gmail.com>,
rr <rooknee@gmail.com> wrote:
>Hmm, thought it was a NANOG prerequisite to be able to do a google=20
>search. Should be pretty easy to find this info with that tool in your=20
>handbag.
Which info is that, exactly? Your title at Integra Telecom?
Umm... well... yes.... I guess this is you, right?
http://www.linkedin.com/pub/randy-rooney/6/9ab/22a
So, are you THE Engineering Manager, or merely AN Engineering Manager at In=
tegra Telecom? I'm guessing that it is a big enough outfit that you probab=
ly have more than one.
(Sorry, but I can't help snickering a bit at your _prior_ employment.
As I feel sure you are already painfully aware, having that on your resume =
does not exactly inspire a whole lotta confidence in the notion that you ar=
e a straight shooter. The words ``cover up'' are the ones that come most i=
mmediately to mind.)
>With the above tool I've got your phone # and would be happy to call=20
>you if you'd like clarification on our process.
No thanks. I didn't ask for "clarification" of your "process" (whatever th=
e hell THAT might mean), and frankly it doesn't interest me. Your
process is... well... your process. Whatever it may be, it belongs to
you and you should probably keep it to yourself. (Who knows? Since busine=
ss processes are now patentable, maybe someday you can get a patent on it!)
I did however ask for the name of the crook whose name was on the check tha=
t paid for the hijacked space routing. Is that something you can respond t=
o, or no? If not, why not?
Was Integra Telecom _actually_ defrauded? If so, who defrauded you?
Did your customer, Circle Internet defraud you? If you are claining that T=
HEY are also an innocent party in this, then who defrauded them? Whose nam=
e was on the check that THEY cashed?
It really is a rather simple question, and doesn't require an elaborate, co=
nvoluted, or lengthy digression into the details of your "process".
Ya know, maybe it's just me, but it would seem to me that that if either yo=
u or your customer, Circle Internet, were in fact defrauded in this case, t=
hat both of you would be altogether ready, willing, and indeed eager to ``o=
ut'' the actual crooked perpetrator... you know... instead of, like, hiding=
the perp's identity and thus helping him to cover his tracks.
But I guess that's just me. (When somebody cheats _me_, I am not myself in=
the habit of then going out of my way to protect him.)
Don't misunderstand me. If your company was in fact dedrauded, then allow =
me to express my sincere condolences for your loss. Or would it be more ac=
curate to say your gain? You DID cash the check right? I mean your compan=
y does NOT have a policy of granting everybody three months of free service=
, right?
>Please just reply to me off-list.
No thanks.
As Jodie Foster said in the movie Contact, ``This isn't a person to person =
call.''
Crooks, hijacking, and mass spamming affect everybody on the whole Internet=
.
I didn't ask for the name of the crook who signed the check just for my pri=
vate or personal edification. Other ISPs should know who they need to be o=
n the lookout for.
I can assure you that just because YOU have now stopped routing space for t=
his crook, that doesn't mean that he's going to just fold up his tent and s=
link quietly away into oblivion. In fact I already have evidence in hand t=
hat he's still got both IP space and snowshoe spamming domains located else=
where (including elsewhere on Circle Internet, see below) that he is contin=
uing to use, even as we speak.
On the other hand, of course, if Integra and/or Circle Internet were in fac=
t ``in on the game'' from the get-go, then in that case I could well and tr=
uly understand why both of your companies might now be reluctant to give up=
your cohort.
Regards,
rfg
P.S. I gather that nobody at your place even so much as raised an eyebrow =
when tiny little Circle Internet, a company whose biggest _legitimate_ IP b=
lock prior to this incident was a mere /21, suddenly showed up on your door=
step asking to have an entire fresh new /16, belonging to an major, interna=
tionally known chemical company routed for them, correct?
P.P.S. OK, so you are reluctant to give up the actual hijacker. So let's =
just skip that for now. Instead how about if you just tell us who owns the=
followng domain names which are all getting DNS from Circle Internet IP sp=
ace, even as we speak. And no, I _do not_ want you to just regurgitate the=
fradulent bull puckey that's present within the relevant WHOIS records.
(To paraphrase Red Riding Hood "My my grandma! What a lot of domains you h=
ave!" Odd that all of them were created so recently, and that none of them=
seem even have associated web sites. But again, I'm sure that I'm the onl=
y one in the Universe who finds any of that odd. Yea.)
208.85.32.114
dns2.virtualcheck.info
pinkcreditscore.info
pinkcreditreport.info
pinkcreditdeals.info
orangereports.info
orangeoffers.info
orangegifts.info
orangecreditsco.info
orangecreditreport.info
orangecreditdeals.info
onlinecredit-check.info
myfreecredtiscore.info
knowyourself.info
healthsample.info
happinessonline.info
freecreditscore360.info
doctors-orders.info
creditscorealerts.info
208.85.32.246
ns2.rockboys1a.com
yesimprove.info
withoutinvestigate.info
withoutcritique.info
withinfocus.info
withenable.info
visionconsolidate.info
versuscoordinate.info
validateinstruct.info
untilreview.info
untilfocus.info
unforgettableidea.info
underneathunlikemeasure.info
underneathunlike.info
uncommonsuggestion.info
uncommonguidance.info
unbelievableguidance.info
trumpenforce.info
totutor.info
topconvert.info
tipsproduce.info
timesenable.info
throughreview.info
throughoutcompare.info
thansurvey.info
terrificexplain.info
surveydelegate.info
supremeteach.info
supplyindividualize.info
submitteach.info
submitinstruct.info
strikingtrust.info
strikingproposal.info
staggeringlearn.info
sincesurvey.info
searchrecommend.info
searchproduce.info
searchprioritize.info
retrievelive.info
retrievechic.info
reserveenable.info
researchgrow.info
remarkablesubject.info
registersimulate.info
registeradvise.info
reducequick.info
recordteach.info
recordinstruct.info
recordenable.info
reconcilelearn.info
reconcilefresh.info
raresubject.info
quickhandle.info
projectmaxi.info
projectabc.info
phenomenalmentor.info
pastexperiment.info
outstandingprove.info
orderinstil.info
orderevaluate.info
operateinstil.info
operateevaluate.info
ontostimulate.info
ontoexperiment.info
ontoadvise.info
offconduct.info
noteworthyeducation.info
nearbyinvestigate.info
nearbyindividualize.info
moremanage.info
measurenavigate.info
measurecontract.info
marvellousteach.info
marvellousintroduce.info
magnificienttell.info
locatemerge.info
locateimprove.info
locatehire.info
locatedelegate.info
likesurvey.info
keyinspect.info
investigatereview.info
investigateinspect.info
inexamine.info
hotappoint.info
groovyrecommend.info
forsimulate.info
followingteach.info
flexlead.info
flexconsider.info
filecoordinate.info
fantasticlearn.info
failingevaluate.info
extraordinarysuggestion.info
extraordinaryproposal.info
extraordinarylearn.info
extractterminate.info
extractapprove.info
experimentsecure.info
executeenable.info
excludingdetect.info
exceptionalwisdom.info
exceptionaltutor.info
exceptionalinfo.info
examinelead.info
estimateok.info
estimatedouble.info
dreamsupervise.info
downmeasure.info
distributefocus.info
determineup.info
detectlead.info
despiteinstruct.info
dealsstrengthen.info
dayinspect.info
critiqueattain.info
cooloversee.info
conservemax.info
conductimprove.info
conducthandle.info
conducteliminate.info
concerningfocus.info
concerning.info
computefind.info
completehire.info
compiletutor.info
compileevaluate.info
codesimulate.info
coachstimulate.info
classifytrain.info
classifycoordinate.info
circainform.info
butindividualize.info
budgetover.info
budgetgrow.info
besthandle.info
besideevaluate.info
beneathsimulate.info
belowexamine.info
behindsimulate.info
barringcoordinate.info
atopsurvey.info
atopextract.info
atenable.info
atcompare.info
assistindividualize.info
answersimulate.info
amongextract.info
againstsimulate.info
advocateevaluate.info
abovemotivate.info
finelovewithme.com
whosthefarest.com
rockboys1b.com
rockboys1a.com
leanbackfront.com
ns1.rockboys1a.com 155
yesimprove.info
withoutinvestigate.info
withoutcritique.info
withinfocus.info
withenable.info
visionconsolidate.info
versuscoordinate.info
validateinstruct.info
untilreview.info
untilfocus.info
unforgettableidea.info
underneathunlikemeasure.info
underneathunlike.info
uncommonsuggestion.info
uncommonguidance.info
unbelievableguidance.info
trumpenforce.info
totutor.info
topconvert.info
tipsproduce.info
timesenable.info
throughreview.info
throughoutcompare.info
thansurvey.info
terrificexplain.info
surveydelegate.info
supremeteach.info
supplyindividualize.info
submitteach.info
submitinstruct.info
strikingtrust.info
strikingproposal.info
staggeringlearn.info
sincesurvey.info
searchrecommend.info
searchproduce.info
searchprioritize.info
retrievelive.info
retrievechic.info
reserveenable.info
researchgrow.info
remarkablesubject.info
registersimulate.info
registeradvise.info
reducequick.info
recordteach.info
recordinstruct.info
recordenable.info
reconcilelearn.info
reconcilefresh.info
raresubject.info
quickhandle.info
projectmaxi.info
projectabc.info
phenomenalmentor.info
pastexperiment.info
outstandingprove.info
orderinstil.info
orderevaluate.info
operateinstil.info
operateevaluate.info
ontostimulate.info
ontoexperiment.info
ontoadvise.info
offconduct.info
noteworthyeducation.info
nearbyinvestigate.info
nearbyindividualize.info
moremanage.info
measurenavigate.info
measurecontract.info
marvellousteach.info
marvellousintroduce.info
magnificienttell.info
locatemerge.info
locateimprove.info
locatehire.info
locatedelegate.info
likesurvey.info
keyinspect.info
investigatereview.info
investigateinspect.info
inexamine.info
hotappoint.info
groovyrecommend.info
forsimulate.info
followingteach.info
flexlead.info
flexconsider.info
filecoordinate.info
fantasticlearn.info
failingevaluate.info
extraordinarysuggestion.info
extraordinaryproposal.info
extraordinarylearn.info
extractterminate.info
extractapprove.info
experimentsecure.info
executeenable.info
excludingdetect.info
exceptionalwisdom.info
exceptionaltutor.info
exceptionalinfo.info
examinelead.info
estimateok.info
estimatedouble.info
dreamsupervise.info
downmeasure.info
distributefocus.info
determineup.info
detectlead.info
despiteinstruct.info
dealsstrengthen.info
dayinspect.info
critiqueattain.info
cooloversee.info
conservemax.info
conductimprove.info
conducthandle.info
conducteliminate.info
concerningfocus.info
concerning.info
computefind.info
completehire.info
compiletutor.info
compileevaluate.info
codesimulate.info
coachstimulate.info
classifytrain.info
classifycoordinate.info
circainform.info
butindividualize.info
budgetover.info
budgetgrow.info
besthandle.info
besideevaluate.info
beneathsimulate.info
belowexamine.info
behindsimulate.info
barringcoordinate.info
atopsurvey.info
atopextract.info
atenable.info
atcompare.info
assistindividualize.info
answersimulate.info
amongextract.info
againstsimulate.info
advocateevaluate.info
abovemotivate.info
finelovewithme.com
whosthefarest.com
rockboys1b.com
rockboys1a.com
leanbackfront.com
