[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
AS3266: BitCanal hijack factory, courtesy of many connectivity providers
- Subject: AS3266: BitCanal hijack factory, courtesy of many connectivity providers
- From: adam at davenpro.com (Adam Davenport)
- Date: Wed, 27 Jun 2018 12:12:07 -0700
- In-reply-to: <[email protected]>
- References: <[email protected]>
GTT takes all AUP violations extremely seriously.Â Any offending parties mentioned in this thread
have been dealt with accordingly, and GTT now considers the matter resolved from its side.
On 6/25/2018 9:49 PM, Ronald F. Guilmette wrote:
> Sometimes I see stuff that just makes me shake my head in disbelief.
> Here is a good example:
> I mean seriously, WTF?
> As should be blatantly self-evident to pretty much everyone who has ever
> looked at any of the Internet's innumeriable prior incidents of very
> deliberately engineered IP space hijackings, all of the routes currently
> being announced by AS3266 (Bitcanal, Portugal) except for the ones in
> 213/8 are bloody obvious hijacks. (And to their credit, even Spamhaus
> has a couple of the U.S. legacy /16 blocks explicitly listed as such.)
> That's 39 deliberately hijacked routes, at least going by the data
> visible on bgp.he.net. But even that data from bgp.he.net dramatically
> understates the case, I'm sorry to say. According to the more complete
> and up-to-the-minute data that I just now fetched from RIPEstat, the real
> number of hijacked routes is more on the order of 130 separate hijacked
> routes for a total of 224,512 IPv4 addresses:
> In simpler terms, Bitcanal has made off with the rough equivalent of an
> entire /14 block of IPv4 addresses that never belonged to them. (And of
> course, they haven't paid a dime to anyone for any of that space.)
> Of couse we could all be shocked (Shocked!) at this turn of events if
> it were not for the fact that Bitcanal already has a rich, longstanding,
> and sordid history of involvement with IP space hijacks. All one has to
> do is google for "Bitcanal" and "hijack" to find that out. This isn't
> exactly a state secret. In fact if you lookup "IP space hijacking" in
> any modern Internet dictionary you'll find Mr. Joao Silveira's picture
> next to the definition: https://twitter.com/bitcanal :-)
> This guy Silveira has obviously decided that he is a law unto himself,
> and can grab whatever IP space happens to be lying around for his own
> purposes... and no need to fill out any tedious forms -or- pay any fees
> for using any of this space to any of those annoying Regional Internet
> As usual, and as I have said here previously, I generally don't mind too
> much when these kinds of greedy idiots decide to color outside the lines.
> As long as they just confine themselves to hijacking abandoned IP blocks
> belonging to banks and/or government agencies, well then it's no skin off
> my nose. But when they start reselling their stolen IP space to spammers,
> as Mr. Silveira is apparently in the habit of doing, then I get ticked off.
> And actually, Mr. Silveira must be *exceptionally* greedy in that he is
> apparently not satisfied to just sub-lease his own legitimate IP space to
> snowshoe spammers, as he is clearly doing:
> Obviously, merely hosting snowshoe spammers in his own IP space isn't enough
> to keep Mr. Silveira in the style to which he has become accustomned, so he
> has to go out and rip off other people's IP space and then resell that to
> spammers also.
> The fact that there exists a jerk like this on the Internet isn't really
> all that surprising. What I personally -do- find rather surprising is that
> three companies that each outght to know better, namely Cogent, GTT, and
> Level3 are collectively supplying more than 3/4ths of this guy's IPv4
> connectivity, at least according to the graph displayed here:
> Without the generous support of Cogent, GTT, and Level3 this dumbass
> lowlife IP address space thief would be largely if not entirely toast.
> So what are they waiting for? Why don't their turf this jackass? Are
> they waiting for an engraved invitation or what?
> As I always ask, retorically, in cases like this: Where are the grownups?
> I would like everyone reading this who is a customer of Cogent, GTT, or
> Level3 to try to contact these companies and ask them why they are providing
> connectivity/peering to a hijacking jerk like this Silveira character.
> Ask them why -you- have to endure more spam in your inbox just so that
> -they- can make another one tenth of one percent profit by peering with
> this hijacking, spammer-loving miscreant. I would ask them myself, but
> I personally am not a direct customer of any of them, so they would all,
> most probably, just tell me to go pound sand.
> If you do manage to make contact, please be sure to mention all three of
> Mr. Silveira's ASNs, i.e. AS42229, AS197426, and AS3266. And don't let
> whoever you talk to try to weasel out of responsibility for this travesty,
> e.g. by claiming that they don't know anything about what's been going on
> with all those hijacks announced by AS3266, and/or that they only provide
> peering for AS197426. The hijacks may all be originating from Mr. Silveira's
> AS3266, but bgp.he.net makes clear that AS3266 has one, and only one peer,
> i.e. Mr. Silveira's AS197426:
> So basically, Cogent, GTT, and Level3 are the prime enablers of this
> massive theft of IP space. (They might try to claim that BitCanal's
> historical propensity to engage in hijacks is sonmething "brand new"
> or at least that -they- may not have been aware of it until now, in which
> case you should ask them if they have anybody on staff who is paying
> attention. As noted above, it isn't as if Bitcanal just started pulling
> this crap yesterday. Far from it.)
> Oh! And you might also mention the fact that Spamhaus, and, I would guess,
> at least a few of the oether public blacklists already have most or all of
> Mr. Silveira's IP space... hijacked or otherwise... blacklisted, presumably
> for good and ample cause.
> As long as Cogent, GTT, and Level3 are willing to go along with this
> nonsense, i.e. by selling peering to this Silveira thief, crime on
> the Internet -does- pay, and the theft of other people's IP space
> will continue to be rewarded rather than punished, as it should be.
> If that becomes the new normal for Internet behavior, then god help us