[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AS3266: BitCanal hijack factory, courtesy of Cogent, GTT, and Level3

I am the guy who gave the presentation. We ask our customers to report misbehavior of peers at DE-CIX IXPs (e.g. IP hijack, ASN hijacks) to abuse at de-cix.net. We will look into reported cases and collect evidence so that we can act accordingly. So far, this process helped us to identify and fix configuration errors from peers on a few occasions. Also, as a last resort we expelled a small number of permanent and notorious rule breakers.

Best regards,

On 26.06.18, 15:16, "IXP User One" <ixp.user.one at gmail.com> wrote:

    Hi all,
    I have heard that DE-CIX expelled BitCanal from their IXPs. One of their
    guys also gave a presentation about how DE-CIX handles abuse cases:
    I don't know how other IXPs are handling such cases. Would be interesting
    to know.
    Best regards,
    On Tue, Jun 26, 2018 at 9:35 AM, Hank Nussbacher <hank at efes.iucc.ac.il>
    > On 26/06/2018 07:49, Ronald F. Guilmette wrote:
    > You are mistaken.  Cogent and Level3 are signatories to MANRS:
    > https://www.manrs.org/participants/
    > so this clearly can't happen and you are making this up.
    > :-)
    > -Hank
    > >
    > >
    > > The fact that there exists a jerk like this on the Internet isn't really
    > > all that surprising.  What I personally -do- find rather surprising is
    > that
    > > three companies that each outght to know better, namely Cogent, GTT, and
    > > Level3 are collectively supplying more than 3/4ths of this guy's IPv4
    > > connectivity, at least according to the graph displayed here:
    > >
    > >     https://bgp.he.net/AS197426
    > >
    > > Without the generous support of Cogent, GTT, and Level3 this dumbass
    > > lowlife IP address space thief would be largely if not entirely toast.
    > > So what are they waiting for?  Why don't their turf this jackass?  Are
    > > they waiting for an engraved invitation or what?
    > >
    > > As I always ask, retorically, in cases like this:  Where are the
    > grownups?
    > >
    > > I would like everyone reading this who is a customer of Cogent, GTT, or
    > > Level3 to try to contact these companies and ask them why they are
    > providing
    > > connectivity/peering to a hijacking jerk like this Silveira character.
    > > Ask them why -you- have to endure more spam in your inbox just so that
    > > -they- can make another one tenth of one percent profit by peering with
    > > this hijacking, spammer-loving miscreant.  I would ask them myself, but
    > > I personally am not a direct customer of any of them, so they would all,
    > > most probably, just tell me to go pound sand.
    > >
    > > If you do manage to make contact, please be sure to mention all three of
    > > Mr. Silveira's ASNs, i.e. AS42229, AS197426, and AS3266.  And don't let
    > > whoever you talk to try to weasel out of responsibility for this
    > travesty,
    > > e.g. by claiming that they don't know anything about what's been going on
    > > with all those hijacks announced by AS3266, and/or that they only provide
    > > peering for AS197426.  The hijacks may all be originating from Mr.
    > Silveira's
    > > AS3266, but bgp.he.net makes clear that AS3266 has one, and only one
    > peer,
    > > i.e. Mr. Silveira's AS197426:
    > >
    > >     https://bgp.he.net/AS3266
    > >
    > > So basically, Cogent, GTT, and Level3 are the prime enablers of this
    > > massive theft of IP space.  (They might try to claim that BitCanal's
    > > historical propensity to engage in hijacks is sonmething "brand new"
    > > or at least that -they- may not have been aware of it until now, in which
    > > case you should ask them if they have anybody on staff who is paying
    > > attention.  As noted above, it isn't as if Bitcanal just started pulling
    > > this crap yesterday.  Far from it.)
    > >
    > > Oh!  And you might also mention the fact that Spamhaus, and, I would
    > guess,
    > > at least a few of the oether public blacklists already have most or all
    > of
    > > Mr.  Silveira's IP space... hijacked or otherwise... blacklisted,
    > presumably
    > > for good and ample cause.
    > >
    > > As long as Cogent, GTT, and Level3 are willing to go along with this
    > > nonsense, i.e. by selling peering to this Silveira thief, crime on
    > > the Internet -does- pay, and the theft of other people's IP space
    > > will continue to be rewarded rather than punished, as it should be.
    > >
    > > If that becomes the new normal for Internet behavior, then god help us
    > > all.
    > >
    > >
    > > Regards,
    > > rfg
    > >
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5353 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20180626/0bb19102/attachment.bin>