[149293] in North American Network Operators' Group
RE: Hijacked Network Ranges
daemon@ATHENA.MIT.EDU (George Bonser)
Tue Jan 31 23:11:32 2012
From: George Bonser <gbonser@seven.com>
To: John Schneider <str8steelerfan@gmail.com>
Date: Wed, 1 Feb 2012 04:10:32 +0000
In-Reply-To: <CAKGDpZ75Vs+s1+1XzDjQhzswR8Y7mC7_jOuAtYjBqrJDLguXTw@mail.gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> -----Original Message-----
> From: John Schneider
> Sent: Tuesday, January 31, 2012 5:34 PM
> To: Kelvin Williams
> Subject: Re: Hijacked Network Ranges
>=20
> Another interesting thing that I noticed, is that AS33611 is not
> advertising any prefixes other than yours. Either they do not have any
> of their own (unlikely) or they are advertising their own legitimate
> prefixes from another AS however I doubt that is the case. It sounds
> like you were able to verify that this is indeed a malicious attack.=20
If I read the previous material correctly, it seems to have gone something =
like:
Customer was initially a customer of Kelvin's firm and had the address assi=
gnments in question.
Customer relationship with Kelvin's firm terminated and they contracted for=
service elsewhere but are apparently attempting to maintain the use of the=
address allocation(s) they received from Kelvin's firm. They apparently d=
id this by misrepresenting the fact that they were entitled to use that add=
ress space.
If that is the case, it isn't so much a "malicious attack" as it is just pl=
ain stealing the use of IP address space they aren't entitled to.
