[162863] in North American Network Operators' Group
Illegal usage of AS51888 (and PI 91.220.85.0/24) from AS42989 and
daemon@ATHENA.MIT.EDU (Xavier Beaudouin)
Fri May 3 13:49:39 2013
From: Xavier Beaudouin <kiwi@oav.net>
Date: Fri, 3 May 2013 19:49:20 +0200
To: "NANOG (nanog@nanog.org)" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Hello there,
Seems there is some people in Ukraine that love to use IP and AS that =
doesn't belong to them.
See :
#sh ip bgp 91.220.85.0/24 =20
BGP routing table entry for 91.220.85.0/24, version 6661169
Paths: (2 available, best #1, table Default-IP-Routing-Table)
Advertised to update-groups:
1
174 8359 8359 13249 57954 42989 51888, (received & used)
149.11.xx.xx from 149.11.xxx.xxx (38.28.xx.xx)
Origin IGP, metric 14050, localpref 100, valid, external, best
Community: 11424365 11425269
24990 21371 8359 13249 57954 42989 51888, (received & used)
185.3.25.1 (metric 10) from 185.17.xxx.xxx (185.17.xxx.xxx)
Origin IGP, metric 0, localpref 100, valid, internal, not =
synchronized
According to RIPE database :
aut-num: AS51888
as-name: PILOTSYSTEMS-AS
descr: Pilot Systems consulting SARL
org: ORG-PS74-RIPE
import: from AS16128 accept ANY
import: from AS29075 accept ANY
import: from AS35189 accept ANY
export: to AS16128 announce AS51888
export: to AS29075 announce AS51888
export: to AS35189 announce AS51888
admin-c: DS7922-RIPE
tech-c: GLM89-RIPE
tech-c: XB80-RIPE
mnt-by: RIPE-NCC-END-MNT
mnt-by: MNT-KAZAR
mnt-by: MNT-PILOTSYSTEMS
mnt-routes: MNT-KAZAR
mnt-routes: MNT-PILOTSYSTEMS
source: RIPE #Filtered
Seems that there is no AS42989 as upstream.... So we can consider that =
AS42989 is handle illicit activities, and does not filter prefixes (same =
also for AS57954).
That's cool but those people in UA, use that prefix to send spam, as LIR =
member I got thousands of mails from people that get thoses IP as spam =
source.
Needs really that rpki and other stuff to be deployed massively.
If some people from those UA AS can do their job instead of getting the =
honeypot of spammers, this should be better for everyone.
I have already tried to contact abuse / email from ripe data base : no =
MX, mailbox doesn't exist, even the domain doesn't exist...
Maybe AS-MTU doesn't lookaround the quality of their customers ? So =
bad...
People there that have some PI and unused AS, have a look if your =
ressources are not used by someone that should not use them.
Xavier=
