[70640] in North American Network Operators' Group
66.164.232.0/24 HI-JACKED, I need some help
daemon@ATHENA.MIT.EDU (P.Schroebel)
Thu May 20 20:24:44 2004
From: "P.Schroebel" <crossfire@smsonline.net>
To: "NANOG" <nanog@merit.edu>
Date: Thu, 20 May 2004 20:22:35 -0400
Errors-To: owner-nanog-outgoing@merit.edu
This is a multi-part message in MIME format.
------=_NextPart_000_00C0_01C43EA8.2FF3C830
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hello Folks,
I have tried everything but keep running into walls, someone has =
hi-jacked a block 66.164.232.0/24 and is routing it out of Ga. They =
come online, we catch heck, they go offline and so it goes. I have =
called everyone and can't seem to get anyone to take the route out of =
their session. Can anyone in Nanog help out here, please.
Sincerely,
Peter
BGP routing table entry for , version 46510837
Paths: (4 available, best #2, table Default-IP-Routing-Table)
Not advertised to any peer
209 19262 6350 30174 <-----------------OK THIS IS US ;-)
165.117.201.58 from 165.117.201.58 (205.171.0.124)
Origin IGP, metric 100, localpref 100, valid, external
Community: 2548:666
=20
701 6389 6197 (HI-JACKED BLOCK 66.164.232.0/24) <------- BAD NEWS
204.255.169.61 (metric 342) from 165.117.162.200 (165.117.162.200)
Origin IGP, metric 100, localpref 100, valid, internal, best
Community: 2548:666
Originator: 165.117.162.10, Cluster list: 165.117.162.200
=20
701 6389 6197(HI JACKED OUR IPS)
204.255.169.61 (metric 342) from 165.117.162.201 (165.117.162.201)
Origin IGP, metric 100, localpref 100, valid, internal
Community: 2548:666
Originator: 165.117.162.10, Cluster list: 165.117.162.201
=20
701 6389 6197 (HI JACKED OUR IPS)
204.255.169.61 (metric 342) from 165.117.162.202 (165.117.162.202)
Origin IGP, metric 100, localpref 100, valid, internal
Community: 2548:666
Originator: 165.117.162.10, Cluster list: 165.117.162.202, =
165.117.162.200
AS6197 -------------------------------------------------------------|
=
\/
OrgName: BellSouth Network Solutions, Inc
OrgID: BNS-14
Address: 1100 Ashwood Parkway, Suite 200
City:
StateProv: GA
PostalCode:
Country: US
ASNumber: 6197
ASName: BATI-ATL
ASHandle: AS6197
Comment:
RegDate:
Updated: 1996-01-04
TechHandle: WD14-ARIN
TechName: Dawson, Willard
TechPhone: +1-770-814-5099
TechEmail: willard.dawson@sbs.siemens.com
**There is a old timer that answers the phone and has no idea what is =
going on; he mops the floors in the switch gear room.
AS6389.
http://ws.arin.net/cgi-bin/whois.pl
No match found for AS6389 !!
However . .=20
ASNumber: 6380 - 6389
ASName: BELLSOUTH-NET-BLK
ASHandle: AS6380
Comment:
RegDate: 1996-03-28
Updated: 2001-01-03
TechHandle: DR791-ARIN
TechName: Ringen, Deron
TechPhone: +1-678-441-7919
TechEmail: bgpadmin@corp.bellsouth.net
OrgAbuseHandle: ABUSE81-ARINOrgAbuseName: Abuse Group
OrgAbusePhone: +1-404-499-5224OrgAbuseEmail: abuse@bellsouth.net
OrgTechHandle: JG726-ARIN
OrgTechName: Geurin, Joe
OrgTechPhone: +1-404-499-5240
OrgTechEmail: ipoperations@bellsouth.net
------=_NextPart_000_00C0_01C43EA8.2FF3C830
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2800.1400" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Hello Folks,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> I have tried =
everything but keep=20
running into walls, someone has hi-jacked a block=20
<STRONG>66.164.232.0/24</STRONG> and is routing it out of Ga. =
They=20
come online, we catch heck, they go offline and so it goes. I =
have called=20
everyone and can't seem to get anyone to take the route out of their =
session.=20
Can anyone in Nanog help out here, please.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Sincerely,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Peter</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>BGP routing table entry for , version=20
46510837<BR>Paths: (4 available, best #2, table=20
Default-IP-Routing-Table)<BR> Not advertised to any peer<BR> =
209=20
19262 6350 30174 <STRONG><-----------------OK THIS IS US=20
;-)</STRONG><BR> 165.117.201.58 from 165.117.201.58=20
(205.171.0.124)<BR> Origin IGP, metric =
100,=20
localpref 100, valid, external<BR> =
Community:=20
2548:666<BR> </FONT></DIV>
<DIV><FONT face=3DArial size=3D2><STRONG>701 6389=20
6197</STRONG> (<STRONG>HI-JACKED BLOCK=20
66.164.232.0/24) <------- BAD =
NEWS</STRONG><BR> =20
204.255.169.61 (metric 342) from 165.117.162.200=20
(165.117.162.200)<BR> Origin IGP, metric =
100,=20
localpref 100, valid, internal, best<BR> =20
Community: 2548:666<BR> Originator:=20
165.117.162.10, Cluster list: 165.117.162.200<BR> </FONT></DIV>
<DIV><FONT face=3DArial size=3D2> 701 6389 6197(<STRONG>HI =
JACKED OUR=20
IPS</STRONG>)<BR> 204.255.169.61 (metric 342) from=20
165.117.162.201 (165.117.162.201)<BR> =
Origin IGP,=20
metric 100, localpref 100, valid, =
internal<BR> =20
Community: 2548:666<BR> Originator:=20
165.117.162.10, Cluster list: 165.117.162.201<BR> </FONT></DIV>
<DIV><FONT face=3DArial size=3D2>701 6389 6197 (<STRONG>HI =
JACKED OUR=20
IPS</STRONG>)<BR> 204.255.169.61 (metric 342) from=20
165.117.162.202 (165.117.162.202)<BR> =
Origin IGP,=20
metric 100, localpref 100, valid, =
internal<BR> =20
Community: 2548:666<BR> Originator:=20
165.117.162.10, Cluster list: 165.117.162.202, =
165.117.162.200<BR></FONT></DIV>
<DIV><FONT face=3DArial size=3D2>AS6197=20
-------------------------------------------------------------|</FONT></DI=
V>
<DIV><FONT face=3DArial><FONT size=3D2> =
=20
=
=20
=
=20
=
=20
=20
\/<BR><BR>OrgName: BellSouth =
Network=20
Solutions, Inc<BR>OrgID: </FONT><A=20
href=3D"http://ws.arin.net/cgi-bin/whois.pl?queryinput=3DO%20!%20BNS-14">=
<FONT=20
size=3D2>BNS-14</FONT></A><BR><FONT size=3D2>Address: =
1100 Ashwood=20
Parkway, Suite 200<BR>City:<BR>StateProv: =20
GA<BR>PostalCode:<BR>Country: =
US<BR><BR>ASNumber: =20
6197<BR>ASName: </FONT><A=20
href=3D"http://ws.arin.net/cgi-bin/whois.pl?queryinput=3DA%20.%20BATI-ATL=
"><FONT=20
size=3D2>BATI-ATL</FONT></A><BR><FONT size=3D2>ASHandle: =
</FONT><A=20
href=3D"http://ws.arin.net/cgi-bin/whois.pl?queryinput=3DA%20!%20AS6197">=
<FONT=20
size=3D2>AS6197</FONT></A><BR><FONT=20
size=3D2>Comment:<BR>RegDate:<BR>Updated: =20
1996-01-04<BR><BR>TechHandle: </FONT><A=20
href=3D"http://ws.arin.net/cgi-bin/whois.pl?queryinput=3DP%20!%20WD14-ARI=
N"><FONT=20
size=3D2>WD14-ARIN</FONT></A><BR><FONT size=3D2>TechName: =
Dawson,=20
Willard<BR>TechPhone: +1-770-814-5099<BR>TechEmail: =
</FONT><A=20
href=3D"mailto:willard.dawson@sbs.siemens.com"><FONT=20
size=3D2>willard.dawson@sbs.siemens.com</FONT></A></FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>**There is a old timer that answers the =
phone and=20
has no idea what is going on; he mops the floors in the switch gear=20
room.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial><FONT size=3D2>AS6389.<BR></FONT><A=20
href=3D"http://ws.arin.net/cgi-bin/whois.pl"><FONT=20
size=3D2>http://ws.arin.net/cgi-bin/whois.pl</FONT></A></FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>No match found for AS6389 =
!!</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>However . . </FONT></DIV>
<DIV><FONT face=3DArial><FONT size=3D2><FONT size=3D3><FONT=20
size=3D2>ASNumber: 6380 - =
6389<BR>ASName: =20
</FONT><A=20
href=3D"http://ws.arin.net/cgi-bin/whois.pl?queryinput=3DA%20.%20BELLSOUT=
H-NET-BLK"><FONT=20
size=3D2>BELLSOUTH-NET-BLK</FONT></A><BR><FONT =
size=3D2>ASHandle: =20
</FONT><A=20
href=3D"http://ws.arin.net/cgi-bin/whois.pl?queryinput=3DA%20!%20AS6380">=
<FONT=20
size=3D2>AS6380</FONT></A><BR><FONT =
size=3D2>Comment:<BR>RegDate: =20
1996-03-28<BR>Updated: 2001-01-03<BR><BR>TechHandle: =
</FONT><A=20
href=3D"http://ws.arin.net/cgi-bin/whois.pl?queryinput=3DP%20!%20DR791-AR=
IN"><FONT=20
size=3D2>DR791-ARIN</FONT></A><BR><FONT size=3D2>TechName: =
Ringen,=20
Deron<BR>TechPhone: +1-678-441-7919<BR>TechEmail: =20
bgpadmin@corp.bellsouth.net<BR><BR>OrgAbuseHandle: </FONT><A=20
href=3D"http://ws.arin.net/cgi-bin/whois.pl?queryinput=3DP%20!%20ABUSE81-=
ARIN"><FONT=20
size=3D2>ABUSE81-ARIN</FONT></A><FONT size=3D2>OrgAbuseName: Abuse =
Group
OrgAbusePhone: +1-404-499-5224OrgAbuseEmail: =
abuse@bellsouth.netOrgTechHandle:=20
</FONT><A=20
href=3D"http://ws.arin.net/cgi-bin/whois.pl?queryinput=3DP%20!%20JG726-AR=
IN"><FONT=20
size=3D2>JG726-ARIN</FONT></A><BR><FONT =
size=3D2>OrgTechName: Geurin,=20
Joe<BR>OrgTechPhone: +1-404-499-5240<BR>OrgTechEmail: =20
ipoperations@bellsouth.net<BR></FONT><BR></DIV>
<DIV><BR></DIV></FONT>
<DIV><BR></DIV></FONT></FONT>
<DIV><FONT size=3D2><FONT face=3DArial> </DIV><!--- end page =
content ---><!-- *** End Body of page HERE!!! =
--></FONT></FONT></BODY></HTML>
------=_NextPart_000_00C0_01C43EA8.2FF3C830--
