Re: Cogent Abuse - Bogus Propagation of ASN 36471

Eric, That's one of the reasons why I jumped on this.  I really don't have time to get "Droned".  My only early warning system is store bought ADS-B, and those devices are exempt from 14 CFR 91.225 & 91.227.  I wouldn't even see it coming. It's resolved now.  With the good help of this list.

Re: Cogent Abuse - Bogus Propagation of ASN 36471

I might note for those who are unfamiliar with it, that the "Kratos" entity is a major US defense contractor and manufacturer of advanced UAVs, so if this issue is not addressed it has a high likelihood of getting attention from some of the more clued-in folks in the federal government. https://en

Re: RESOLVED: Cogent Abuse - Bogus Propagation of ASN 36471

cs-il.com Midwest-IX http://www.midwest-ix.com *From: *"Tom Beecher" *To: *"Matthew Petach" *Cc: *nanog@nanog.org *Sent: *Thursday, July 20, 2023 11:38:50 AM *Subject: *Re: Cogent Abuse - Bogus Pr

Re: Cogent Abuse - Bogus Propagation of ASN 36471

On Thu Jul 20 Mike Hammet wrote: > If they (or anyone else) want to give me free service to use as I see fit > (well, legally), I'll gladly accept their offer. I once had free IP transit from Cogent for about a year after I told them to shove it. Not that it did me much good. - Jared

Re: Cogent Abuse - Bogus Propagation of ASN 36471

Martin, It's my former employer's router.  It's more like a 4 hour day to get in/out of the city even though I'm only 20 miles from the PoP.  Top that off with a $90 parking bill.  Nobody is paying me to do that work.  There are no more employees left in the company. Pete Stage2 "Survivor Is

Re: Cogent Abuse - Bogus Propagation of ASN 36471

On Thu, Jul 20, 2023 at 2:34 PM Ian Chilton wrote: > On Thu, 20 Jul 2023, at 7:02 PM, Martin Hannigan wrote: > > Pete, if all the data I see ties together like it looks aren't you able to > take the 15m taxi ride to 60 Hudson and recover the router or shut it off? > It's your router. Right? > > >

Re: Cogent Abuse - Bogus Propagation of ASN 36471

On Thu, 20 Jul 2023, at 7:02 PM, Martin Hannigan wrote: > Pete, if all the data I see ties together like it looks aren't you able to > take the 15m taxi ride to 60 Hudson and recover the router or shut it off? > It's your router. Right? I would assume if the company no longer exists, they won't

Re: Cogent Abuse - Bogus Propagation of ASN 36471

Pete, if all the data I see ties together like it looks aren't you able to take the 15m taxi ride to 60 Hudson and recover the router or shut it off? It's your router. Right? On Thu, Jul 20, 2023 at 11:10 AM Pete Rohrman wrote: > Ben, > > Compromised as in a nefarious entity went into the route

Re: RESOLVED: Cogent Abuse - Bogus Propagation of ASN 36471

- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com From: "Tom Beecher" To: "Matthew Petach" Cc: nanog@nanog.org Sent: Thursday, July 20, 2023 11:38:50 AM Subject: Re:

Re: Cogent Abuse - Bogus Propagation of ASN 36471

om Beecher" To: "Matthew Petach" Cc: nanog@nanog.org Sent: Thursday, July 20, 2023 11:38:50 AM Subject: Re: Cogent Abuse - Bogus Propagation of ASN 36471 In short--I'm having a hard time understanding how a non-paying entity still has working connectivity and BGP sessions, wh

Re: Cogent Abuse - Bogus Propagation of ASN 36471

> From: "Tom Beecher" > To: "Matthew Petach" > Cc: nanog@nanog.org > Sent: Thursday, July 20, 2023 11:38:50 AM > Subject: Re: Cogent Abuse - Bogus Propagation of ASN 36471 > >> In short--I'm having a hard time understanding

RESOLVED: Cogent Abuse - Bogus Propagation of ASN 36471

" *Cc: *nanog@nanog.org *Sent: *Thursday, July 20, 2023 11:38:50 AM *Subject: *Re: Cogent Abuse - Bogus Propagation of ASN 36471 In short--I'm having a hard time understanding how a non-paying entity still has working connectivity and BGP sessions, which makes me suspect there&#x

Re: Cogent Abuse - Bogus Propagation of ASN 36471

om Beecher" To: "Matthew Petach" Cc: nanog@nanog.org Sent: Thursday, July 20, 2023 11:38:50 AM Subject: Re: Cogent Abuse - Bogus Propagation of ASN 36471 In short--I'm having a hard time understanding how a non-paying entity still has working connectivity and BGP se

Re: Cogent Abuse - Bogus Propagation of ASN 36471

> > In short--I'm having a hard time understanding how a non-paying entity > still has working connectivity and BGP sessions, which makes me suspect > there's a different side to this story we're not hearing yet. ^_^; > I know Cogent has long offered very cheap transit prices, but this seems ver

Re: Cogent Abuse - Bogus Propagation of ASN 36471

On Thu, Jul 20, 2023 at 8:06 AM Pete Rohrman wrote: > On 7/20/23 10:40, Ben Cox wrote: >> Can you confirm what you mean by compromised here? > Compromised as in a nefarious entity went into the router and changed > passwords and did whatever. Hi Pete, I think Ben is asking you to "be more speci

Re: Cogent Abuse - Bogus Propagation of ASN 36471

On Thu, Jul 20, 2023 at 8:09 AM Pete Rohrman wrote: > Ben, > > Compromised as in a nefarious entity went into the router and changed > passwords and did whatever. Everything advertised by that comprised router > is bogus. The compromised router is owned by OrgID: S2NL (now defunct). > AS 36471

Re: Cogent Abuse - Bogus Propagation of ASN 36471

Ben, Compromised as in a nefarious entity went into the router and changed passwords and did whatever.  Everything advertised by that comprised router is bogus.  The compromised router is owned by OrgID: S2NL (now defunct).  AS 36471 belongs to KDSS-23

Re: Cogent Abuse - Bogus Propagation of ASN 36471

Can you confirm what you mean by compromised here? The prefixes currently (as far as I can see from bgp.tools) originated are: Prefix Description 209.255.244.0/24 Windstream Communications LLC 209.255.245.0/24 CONSOLIDATED TECHNOLOGIES INC 325 HUDSON 209.255.246.0/24 Windstream

Cogent Abuse - Bogus Propagation of ASN 36471

NANOG, A customer of Cogent has a compromised router that is announcing prefixes sourced from AS 36471.   Cogent is propagating that to the world.  Problem is, those prefixes and AS don't belong to that customer of Cogent - AS 36471 belongs to Kratos Defense & Security Solutions, Inc. (see wh