I would encourage anyone who is not familiar with the full situation to
read the recent history of AFRINIC events:
https://afrinic.net/ast/pdf/afrinic-whois-audit-report-full-20210121.pdf
https://afrinic.net/20200826-ceo-statement-on-ip-address-misappropriation
https://krebsonsecurity.com/2019/1
Hi Brian
On Thu, Mar 11, 2021 at 1:51 PM Brian Turnbow via NANOG
wrote:
> Hi Daniel,
>
>
> >
> > Tracing it back to the originator of the route is of course a good first
> step.
>
> Yes, we have done that and the results were not good.
The company that created the LOA is registered in the Seych
Hi Noah,
> Would you care to share the said prefix?
This is the prefix we found associated with their name in the afrinic db.
inetnum:169.239.204.0 - 169.239.207.255
Cheers,
Brian
Hi Daniel,
>
> Tracing it back to the originator of the route is of course a good first step.
Yes, we have done that and the results were not good.
The company that created the LOA is registered in the Seychelles and they have
IPs that were/are being revoked by Afrinic
remarks:* * * *
Tracing it back to the originator of the route is of course a good first
step.
I would send an FYI to the RIR that allocated the prefix; preferably
after the initial investigation established that it was not a genuine
mistake. In that message I would make very clear if any action is
requested
Beckman
*Inviato:* martedì 9 marzo 2021 19:17
*A:* Brian Turnbow
*Cc:* North American Network Operators' Group
*Oggetto:* Re: an IP hijacking attempt
It could just be a typo on the LOA. It seems unlikely any ISP would
approve a forged LOA that could readily be debunked by contacting the
IP space
9 marzo 2021 19:17
A: Brian Turnbow
Cc: North American Network Operators' Group
Oggetto: Re: an IP hijacking attempt
It could just be a typo on the LOA. It seems unlikely any ISP would approve a
forged LOA that could readily be debunked by contacting the IP space owner. The
whole point of
Inviato: martedì 9 marzo 2021 19:17
A: Brian Turnbow
Cc: North American Network Operators' Group
Oggetto: Re: an IP hijacking attempt
It could just be a typo on the LOA. It seems unlikely any ISP would approve a
forged LOA that could readily be debunked by contacting the IP space owner. The
It could just be a typo on the LOA. It seems unlikely any ISP would approve a
forged LOA that could readily be debunked by contacting the IP space owner. The
whole point of LOA’s is to facilitate this verification.
-mel via cell
> On Mar 9, 2021, at 10:01 AM, Brian Turnbow via NANOG wrote:
>
Hello everyone,
We received a strange request that I wanted to share.
An email was sent to us asking to confirm a LOA from a diligent ISP.
The Loa was a request to open bgp for an AS , that is not ours, to announce a
/23 prefix that is ours.
So basically this entity sent to their upstream a reque
10 matches
Mail list logo
