Re: AS202746 Hijacks: Is Telia (a) stupid, or (b) lazy, or (c) complicit?

[Jima]

On 2017-08-13 10:05, Ca By wrote:

On Sun, Aug 13, 2017 at 8:53 AM Dovid Bender  wrote:


It seems that his emails are accomplishing something!

http://bgp.he.net/AS202746



Name and shame does work sometimes


IMO, this works better than most name-and-shame efforts because the 
behavior being called out is fairly universally indefensible. I think we 
can all agree to hate prefix hijackers (when we all pay for our IP 
assets) and spammers (because they cause most of us varying levels of 
grief), whereas "I personally don't like $x" (e.g., slow IPv6/BCP 
adoption) is often met with "I don't care about this, so fooey on your 
initiative."


There may be a pointed statement in there -- thanks. ;-)

 Jima

Re: AS202746 Hijacks: Is Telia (a) stupid, or (b) lazy, or (c) complicit?

[Ca By]

On Sun, Aug 13, 2017 at 8:53 AM Dovid Bender  wrote:

> It seems that his emails are accomplishing something!
>
> http://bgp.he.net/AS202746
>

Name and shame does work sometimes


The tier 1s like Telia need to be the “grownups” and not let hijacks invade
the DFZ

CB


>
>
> On Wed, Aug 2, 2017 at 11:51 AM, Sebastian Wiesinger <
> sebast...@karotte.org>
> wrote:
>
> > * Ronald F. Guilmette  [2017-08-02 09:37]:
> > >
> > > The annotations in the RIPE WHOIS record for AS202746 seem pretty clear
> > to me.
> > > This thing is B-O-G-U-S!
> >
> > You know, people might be more willing to listen to you when you
> > express your points in a less emotional and aggressive tone.
> >
> > Regards
> >
> >
> > Sebastian
> >
> > --
> > GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A  9D82 58A2 D94A 93A0 B9CE)
> > 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE
> > SCYTHE.
> > -- Terry Pratchett, The Fifth Elephant
> >
>

Re: AS202746 Hijacks: Is Telia (a) stupid, or (b) lazy, or (c) complicit?

[Dovid Bender]

It seems that his emails are accomplishing something!

http://bgp.he.net/AS202746



On Wed, Aug 2, 2017 at 11:51 AM, Sebastian Wiesinger 
wrote:

> * Ronald F. Guilmette  [2017-08-02 09:37]:
> >
> > The annotations in the RIPE WHOIS record for AS202746 seem pretty clear
> to me.
> > This thing is B-O-G-U-S!
>
> You know, people might be more willing to listen to you when you
> express your points in a less emotional and aggressive tone.
>
> Regards
>
>
> Sebastian
>
> --
> GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A  9D82 58A2 D94A 93A0 B9CE)
> 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE
> SCYTHE.
> -- Terry Pratchett, The Fifth Elephant
>

Re: AS202746 Hijacks: Is Telia (a) stupid, or (b) lazy, or (c) complicit?

[Rich Kulawiec]

On Wed, Aug 02, 2017 at 05:51:43PM +0200, Sebastian Wiesinger wrote:
> You know, people might be more willing to listen to you when you
> express your points in a less emotional and aggressive tone.

You know, lots of us tried that for the first ten or twenty years.

But snark aside, I care a lot more about the actionable intelligence
being provided than the manner of its presentation.  Ron has been doing
valuable, useful research for years and has been kind enough to share
the results with us.  For free.  I'm grateful for that.

---rsk

Re: AS202746 Hijacks: Is Telia (a) stupid, or (b) lazy, or (c) complicit?

[Sebastian Wiesinger]

* Ronald F. Guilmette  [2017-08-02 09:37]:
> 
> The annotations in the RIPE WHOIS record for AS202746 seem pretty clear to me.
> This thing is B-O-G-U-S!

You know, people might be more willing to listen to you when you
express your points in a less emotional and aggressive tone.

Regards


Sebastian

-- 
GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A  9D82 58A2 D94A 93A0 B9CE)
'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE.
-- Terry Pratchett, The Fifth Elephant

Re: AS202746 Hijacks: Is Telia (a) stupid, or (b) lazy, or (c) complicit?

[Christopher Morrow]

On Wed, Aug 2, 2017 at 3:36 AM, Ronald F. Guilmette 
wrote:

>
>
> P.S.   Over on some of the RIPE mailing lists, they've recently been
> discussing
> whether or not to continue allowing Joe Random Criminal to create totally
> unauthorized and totally unchecked/unverified (and typically bogus) route
> objects in the RIPE data base for so-called "out of region" IP address
> block
> resources.  Of course, if anybody had any brains or any backbone over on
> that
> side of the pond, they would have done this already ten years ago.  But
> such
> is the pace of change in the Old World, where even the most obvious things
> can't be implemented until everybody and his brother agrees, including even
> the stupid kid.
>

There are/were providers which required RIPE-IRR registration to accept
routes, I don't know that this is still the case, but it might account for
unwillingness to remove 'out of region' content. As well, there are folk
with space from more than just one RIR, who may have chosen (for a myriad
of resaons) to centralize their IRR content on a single IRR.

Sometimes your message is lost in the emotive editorializing :(

AS202746 Hijacks: Is Telia (a) stupid, or (b) lazy, or (c) complicit?

[Ronald F. Guilmette]

The annotations in the RIPE WHOIS record for AS202746 seem pretty clear to me.
This thing is B-O-G-U-S!

Even RIPE, which is always reticent to say any bad things about any of its
crooked customers... even after they have kicked them out of RIPE altogether,
e.g. for being just too obviously and blatantly crooked...  was able to
determine that this particular AS is rubbish, and said so, right in the
WHOIS record:

   remarks: this object has been locked by the RIPE NCC pending deregistration

So, you know, what's up with Telia (AS1299) which is the one and only peer of
this stupid thing (AS202746)?

I only ask because AS202746 is currently blatantly and obviously hijacking the
following four separate Brazillian /22 blocks:

200.220.160.0/22
200.220.164.0/22
200.220.168.0/22
200.220.172.0/22

Unlike a lot of other cases I've seen of late, Telia can't even fall back on
the lame excuse that "Oh!  Gosh!  We are only passing those routes through
for our customer because they have corresponding route objects properly
registered in the RIPE IRR telling us that it's A-OK for them to route this
stuff."

Whoever the actual hijacker is in this case, he/she/it didn't even bother to
create bogus route objects in the RIPE data base, even though it is trivially
easy for any criminal who can fog a mirror to do that.

So, as the Subject line above says, I'd like to hear opinions on the following
pertinent question:

   Is Telia (a) stupid, or (b) lazy, or (c) complicit?

Vote early!  Vote often!

(I wouldn't even mind about these blatant hijackings if it were not for the
fact that all of those hijacked /22 blocks have, quite predictably, been
filed to the brim with outbound mail servers belonging to some snowshoe
spammer... which is par for the course these days when it comes to IPv4
space hijackings.)


Regards,
rfg


P.S.   Over on some of the RIPE mailing lists, they've recently been discussing
whether or not to continue allowing Joe Random Criminal to create totally
unauthorized and totally unchecked/unverified (and typically bogus) route
objects in the RIPE data base for so-called "out of region" IP address block
resources.  Of course, if anybody had any brains or any backbone over on that
side of the pond, they would have done this already ten years ago.  But such
is the pace of change in the Old World, where even the most obvious things
can't be implemented until everybody and his brother agrees, including even
the stupid kid.

My point, of course, is that even when and if those crazy europeans get around
to doing the obviously rational thing... like locking the door to the bank
before you leave at night... even that won't and wouldn't have made one wit
of difference to this case of Telia's passing of the bogus/hijacked routes
being announced by AS202746, which is ongoing, as we speak.  There's no
authority anywhere that I am aware of that is telling the Telia folks that
it is OK for either them or their customer to pass out those routes.  They
are just doing it, because, quite obviously, they are being -paid- to do it,
and screw everybody else.  We can all just shut up and eat our spam, I guess.