[anti-abuse-wg] Notice: Fradulent RIPE ASNs
- Previous message (by thread): [anti-abuse-wg] Notice: Fradulent RIPE ASNs
- Next message (by thread): [anti-abuse-wg] Notice: Fradulent RIPE ASNs
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Suresh Ramasubramanian
ops.lists at gmail.com
Tue Jan 15 01:12:56 CET 2013
The last time a romanian I know checked, most of these appear to be set up with business registration that was valid at the time the netblocks were registered but mostly lapsed a year or so later. Almost as if someone in bucharest walks into a bar, pays people there a few euro in drinking money if they will let their ID get used to register a shell company that can then register for a /16 or larger netblock. --srs (htc one x) On 15-Jan-2013 4:30 AM, "Ronald F. Guilmette" <rfg at tristatelogic.com> wrote: > > After a careful investigation, I am of the opinion that each of the > following 18 ASNs was registered (via RIPE) with fradulent information > purporting to represent the identity of the true registrant, and that > in fact, all 18 of these ASNs were registered by a single party, > apparently as part of a larger scheme to provide IP space to various > snowshoe spammers. > > Evidence I have in hand strongly links this scheme and these ASNs and > their associated IPv4 route announcements to Jump Network Services, > aka JUMP.RO. Furthermore, all of these ASNs are apparently peering > with exactly and only the same two other ASNs in all cases, i.e. > GTS Telecom SRL (AS5606) and Net Vision Telecom SRL (AS39737). These > peers and the fradulent ASNs listed below are all apparently originated > out of Romania. > > AS16011 (fiberwelders.ro) > AS28822 (creativitaterpm.ro) > AS48118 (telecomhosting.ro) > AS49210 (rom-access.ro) > AS50659 (grandnethost.com) > AS57131 (speedconnecting.ro) > AS57133 (nordhost.ro) > AS57135 (fastcable.ro) > AS57176 (bucovinanetwork.ro) > AS57184 (kaboomhost.ro) > AS57415 (highwayinternet.ro) > AS57695 (effidata.ro) > AS57724 (id-trafic.ro) > AS57738 (mclick.ro) > AS57786 (hosting-www.ro) > AS57837 (romtechinnovation.ro) > AS57906 (momy.ro) > AS57917 (nature-design.ro) > > At present, the above 18 ASNs are currently announcing routes for a total > amount of IP space equal to 1,022 /24s, which is the rough equivalent of > an entire /14 block. These IPv4 route announcements are listed below, > sorted by IPv4 (32-bit) start address. > > Additional potentially relevant background information: > > > http://threatpost.com/en_us/blogs/attackers-buying-own-data-centers-botnets-spam-122109 > > http://www.spamhaus.org/rokso/evidence/ROK9107/world-company-register-eu-business-register/rogue-ases-as43332-as44414-as44520-as49173-as49643 > http://www.spamhaus.org/sbl/listings/jump.ro > > > Current route announcements: > > 31.14.30.0/24 > 31.14.32.0/24 > 31.14.33.0/24 > 31.14.34.0/23 > 31.14.36.0/22 > 31.14.40.0/22 > 31.14.44.0/24 > 31.14.45.0/24 > 31.14.46.0/23 > 31.14.48.0/24 > 31.14.49.0/24 > 31.14.50.0/23 > 31.14.52.0/22 > 31.14.56.0/21 > 31.14.64.0/24 > 31.14.65.0/24 > 31.14.66.0/23 > 31.14.68.0/22 > 31.14.72.0/21 > 31.14.80.0/20 > 31.14.112.0/20 > 31.14.144.0/20 > 37.153.128.0/22 > 37.153.132.0/22 > 37.153.140.0/22 > 37.153.144.0/21 > 37.153.152.0/22 > 37.153.160.0/21 > 37.153.168.0/22 > 37.153.172.0/23 > 37.153.174.0/23 > 37.153.176.0/20 > 37.156.0.0/22 > 37.156.4.0/22 > 37.156.8.0/21 > 37.156.16.0/23 > 37.156.18.0/23 > 37.156.20.0/23 > 37.156.22.0/23 > 37.156.24.0/23 > 37.156.26.0/23 > 37.156.28.0/23 > 37.156.30.0/23 > 37.156.36.0/24 > 37.156.37.0/24 > 37.156.38.0/23 > 37.156.48.0/21 > 37.156.56.0/22 > 37.156.100.0/22 > 37.156.104.0/22 > 37.156.108.0/22 > 37.156.112.0/20 > 37.156.128.0/20 > 37.156.144.0/22 > 37.156.148.0/22 > 37.156.152.0/21 > 37.156.160.0/21 > 37.156.168.0/22 > 37.156.172.0/23 > 37.156.180.0/23 > 37.156.184.0/22 > 37.156.188.0/22 > 37.156.208.0/22 > 37.156.216.0/22 > 37.156.224.0/24 > 37.156.225.0/24 > 37.156.226.0/23 > 37.156.228.0/23 > 37.156.230.0/23 > 37.156.232.0/23 > 37.156.234.0/23 > 37.156.236.0/23 > 37.156.238.0/23 > 37.156.240.0/21 > 37.156.248.0/22 > 37.156.252.0/22 > 46.102.128.0/20 > 46.102.144.0/20 > 46.102.160.0/21 > 77.81.120.0/23 > 77.81.126.0/24 > 77.81.160.0/22 > 84.247.4.0/22 > 84.247.18.0/23 > 84.247.40.0/22 > 85.204.18.0/24 > 85.204.20.0/23 > 85.204.30.0/23 > 85.204.36.0/22 > 85.204.54.0/23 > 85.204.64.0/23 > 85.204.66.0/24 > 85.204.76.0/23 > 85.204.96.0/23 > 85.204.104.0/23 > 85.204.120.0/24 > 85.204.121.0/24 > 85.204.124.0/24 > 85.204.132.0/23 > 85.204.152.0/23 > 85.204.176.0/21 > 85.204.194.0/23 > 86.104.0.0/23 > 86.104.2.0/24 > 86.104.4.0/24 > 86.104.9.0/24 > 86.104.10.0/24 > 86.104.96.0/21 > 86.104.115.0/24 > 86.104.116.0/24 > 86.104.118.0/23 > 86.104.121.0/24 > 86.104.122.0/23 > 86.104.132.0/23 > 86.104.192.0/24 > 86.104.195.0/24 > 86.104.212.0/23 > 86.104.215.0/24 > 86.104.240.0/22 > 86.104.245.0/24 > 86.104.248.0/23 > 86.105.178.0/24 > 86.105.195.0/24 > 86.105.196.0/24 > 86.105.200.0/22 > 86.105.225.0/24 > 86.105.227.0/24 > 86.105.230.0/24 > 86.105.242.0/23 > 86.105.248.0/22 > 86.106.0.0/21 > 86.106.8.0/23 > 86.106.10.0/24 > 86.106.11.0/24 > 86.106.12.0/24 > 86.106.24.0/24 > 86.106.25.0/24 > 86.106.90.0/24 > 86.106.95.0/24 > 86.106.169.0/24 > 86.107.8.0/21 > 86.107.28.0/23 > 86.107.74.0/23 > 86.107.104.0/24 > 86.107.195.0/24 > 86.107.216.0/21 > 86.107.242.0/23 > 89.32.122.0/23 > 89.32.176.0/23 > 89.32.192.0/23 > 89.32.196.0/23 > 89.32.204.0/24 > 89.33.46.0/23 > 89.33.108.0/23 > 89.33.117.0/24 > 89.33.168.0/21 > 89.33.233.0/24 > 89.33.246.0/24 > 89.33.255.0/24 > 89.34.16.0/22 > 89.34.94.0/23 > 89.34.102.0/23 > 89.34.112.0/21 > 89.34.128.0/20 > 89.34.148.0/23 > 89.34.200.0/23 > 89.34.216.0/23 > 89.34.236.0/22 > 89.35.32.0/24 > 89.35.56.0/24 > 89.35.77.0/24 > 89.35.133.0/24 > 89.35.156.0/23 > 89.35.176.0/23 > 89.35.196.0/24 > 89.35.240.0/21 > 89.36.16.0/23 > 89.36.32.0/23 > 89.36.34.0/24 > 89.36.35.0/24 > 89.36.96.0/21 > 89.36.104.0/21 > 89.36.178.0/23 > 89.36.182.0/23 > 89.36.184.0/21 > 89.36.226.0/23 > 89.36.236.0/22 > 89.37.48.0/21 > 89.37.64.0/22 > 89.37.76.0/22 > 89.37.102.0/23 > 89.37.107.0/24 > 89.37.129.0/24 > 89.37.133.0/24 > 89.37.143.0/24 > 89.37.240.0/21 > 89.38.26.0/24 > 89.38.216.0/22 > 89.38.220.0/22 > 89.39.76.0/22 > 89.39.168.0/22 > 89.39.180.0/23 > 89.39.216.0/22 > 89.40.40.0/24 > 89.40.66.0/24 > 89.40.133.0/24 > 89.40.240.0/21 > 89.40.254.0/23 > 89.41.16.0/21 > 89.41.44.0/22 > 89.42.27.0/24 > 89.42.33.0/24 > 89.42.150.0/23 > 89.42.208.0/23 > 89.43.182.0/23 > 89.43.184.0/23 > 89.43.216.0/21 > 89.43.224.0/21 > 89.44.94.0/23 > 89.44.115.0/24 > 89.44.120.0/21 > 89.44.190.0/23 > 89.45.11.0/24 > 89.45.14.0/24 > 89.45.72.0/21 > 89.45.126.0/23 > 89.46.8.0/22 > 89.46.44.0/23 > 89.46.47.0/24 > 89.46.60.0/24 > 89.46.88.0/22 > 89.46.192.0/21 > 89.47.34.0/24 > 89.47.44.0/22 > 92.114.36.0/24 > 92.114.38.0/24 > 92.114.83.0/24 > 93.113.216.0/22 > 93.114.24.0/21 > 93.114.85.0/24 > 93.114.86.0/23 > 93.114.128.0/24 > 93.114.133.0/24 > 93.115.32.0/23 > 93.115.62.0/23 > 93.115.130.0/23 > 93.115.134.0/23 > 93.115.138.0/23 > 93.115.142.0/23 > 93.115.192.0/21 > 93.115.253.0/24 > 93.117.112.0/21 > 93.117.120.0/21 > 93.119.112.0/23 > 93.119.118.0/23 > 93.119.120.0/23 > 93.119.124.0/23 > 94.176.224.0/20 > 176.126.168.0/23 > 176.126.170.0/23 > 176.126.172.0/23 > 176.126.174.0/23 > 176.223.64.0/23 > 176.223.108.0/24 > 176.223.111.0/24 > 176.223.116.0/23 > 176.223.118.0/24 > 176.223.167.0/24 > 176.223.172.0/22 > 176.223.176.0/24 > 176.223.177.0/24 > 176.223.178.0/23 > 176.223.190.0/24 > 188.212.22.0/24 > 188.212.48.0/20 > 188.213.64.0/20 > 188.213.112.0/22 > 188.213.116.0/23 > 188.213.118.0/24 > 188.213.119.0/24 > 188.213.120.0/23 > 188.213.122.0/23 > 188.213.124.0/22 > 188.213.144.0/20 > 188.213.176.0/22 > 188.213.180.0/22 > 188.213.184.0/22 > 188.213.188.0/22 > 188.215.18.0/23 > 188.215.20.0/22 > 188.215.192.0/19 > 188.241.188.0/23 > 188.241.192.0/22 > 217.19.4.0/24 > > -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.ripe.net/ripe/mail/archives/anti-abuse-wg/attachments/20130115/3bef2d3f/attachment.html>
- Previous message (by thread): [anti-abuse-wg] Notice: Fradulent RIPE ASNs
- Next message (by thread): [anti-abuse-wg] Notice: Fradulent RIPE ASNs
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]