[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AS3266: BitCanal hijack factory, courtesy of Cogent, GTT, and Level3

On 26/06/2018 17:08, Thomas King wrote:

Kudos to DE-CIX for getting it right.

-Hank

> I am the guy who gave the presentation. We ask our customers to report misbehavior of peers at DE-CIX IXPs (e.g. IP hijack, ASN hijacks) to abuse at de-cix.net. We will look into reported cases and collect evidence so that we can act accordingly. So far, this process helped us to identify and fix configuration errors from peers on a few occasions. Also, as a last resort we expelled a small number of permanent and notorious rule breakers.
>
> Best regards,
> Thomas
>
>
> On 26.06.18, 15:16, "IXP User One" <ixp.user.one at gmail.com> wrote:
>
>     Hi all,
>     
>     I have heard that DE-CIX expelled BitCanal from their IXPs. One of their
>     guys also gave a presentation about how DE-CIX handles abuse cases:
>     https://ripe75.ripe.net/archives/video/103/
>     
>     I don't know how other IXPs are handling such cases. Would be interesting
>     to know.
>     
>     Best regards,
>     IUO
>     
>     
>     On Tue, Jun 26, 2018 at 9:35 AM, Hank Nussbacher <hank at efes.iucc.ac.il>
>     wrote:
>     
>     > On 26/06/2018 07:49, Ronald F. Guilmette wrote:
>     >
>     > You are mistaken.  Cogent and Level3 are signatories to MANRS:
>     > https://www.manrs.org/participants/
>     > so this clearly can't happen and you are making this up.
>     >
>     > :-)
>     >
>     > -Hank
>     >
>     > >
>     > >
>     > > The fact that there exists a jerk like this on the Internet isn't really
>     > > all that surprising.  What I personally -do- find rather surprising is
>     > that
>     > > three companies that each outght to know better, namely Cogent, GTT, and
>     > > Level3 are collectively supplying more than 3/4ths of this guy's IPv4
>     > > connectivity, at least according to the graph displayed here:
>     > >
>     > >     https://bgp.he.net/AS197426
>     > >
>     > > Without the generous support of Cogent, GTT, and Level3 this dumbass
>     > > lowlife IP address space thief would be largely if not entirely toast.
>     > > So what are they waiting for?  Why don't their turf this jackass?  Are
>     > > they waiting for an engraved invitation or what?
>     > >
>     > > As I always ask, retorically, in cases like this:  Where are the
>     > grownups?
>     > >
>     > > I would like everyone reading this who is a customer of Cogent, GTT, or
>     > > Level3 to try to contact these companies and ask them why they are
>     > providing
>     > > connectivity/peering to a hijacking jerk like this Silveira character.
>     > > Ask them why -you- have to endure more spam in your inbox just so that
>     > > -they- can make another one tenth of one percent profit by peering with
>     > > this hijacking, spammer-loving miscreant.  I would ask them myself, but
>     > > I personally am not a direct customer of any of them, so they would all,
>     > > most probably, just tell me to go pound sand.
>     > >
>     > > If you do manage to make contact, please be sure to mention all three of
>     > > Mr. Silveira's ASNs, i.e. AS42229, AS197426, and AS3266.  And don't let
>     > > whoever you talk to try to weasel out of responsibility for this
>     > travesty,
>     > > e.g. by claiming that they don't know anything about what's been going on
>     > > with all those hijacks announced by AS3266, and/or that they only provide
>     > > peering for AS197426.  The hijacks may all be originating from Mr.
>     > Silveira's
>     > > AS3266, but bgp.he.net makes clear that AS3266 has one, and only one
>     > peer,
>     > > i.e. Mr. Silveira's AS197426:
>     > >
>     > >     https://bgp.he.net/AS3266
>     > >
>     > > So basically, Cogent, GTT, and Level3 are the prime enablers of this
>     > > massive theft of IP space.  (They might try to claim that BitCanal's
>     > > historical propensity to engage in hijacks is sonmething "brand new"
>     > > or at least that -they- may not have been aware of it until now, in which
>     > > case you should ask them if they have anybody on staff who is paying
>     > > attention.  As noted above, it isn't as if Bitcanal just started pulling
>     > > this crap yesterday.  Far from it.)
>     > >
>     > > Oh!  And you might also mention the fact that Spamhaus, and, I would
>     > guess,
>     > > at least a few of the oether public blacklists already have most or all
>     > of
>     > > Mr.  Silveira's IP space... hijacked or otherwise... blacklisted,
>     > presumably
>     > > for good and ample cause.
>     > >
>     > > As long as Cogent, GTT, and Level3 are willing to go along with this
>     > > nonsense, i.e. by selling peering to this Silveira thief, crime on
>     > > the Internet -does- pay, and the theft of other people's IP space
>     > > will continue to be rewarded rather than punished, as it should be.
>     > >
>     > > If that becomes the new normal for Internet behavior, then god help us
>     > > all.
>     > >
>     > >
>     > > Regards,
>     > > rfg
>     > >
>     >
>     >
>