North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re[2]: Hijacking of address blocks assigned to Trafalgar House Group , London UK

  • From: Richard Cox
  • Date: Sun Apr 13 19:23:37 2003

On 13 Apr 2003 15:11 UTC, David Temkin <[email protected]> wrote:

| Maybe they should do everyone a favor and return the hijacked blocks
| to ARIN....  I mean hell, does anyone really think that they have
| 6 /16's worth of machines directly accessible via the 'net?

Maybe so indeed.  We've been asked to help clear up the mess, and to my
mind it's far more important to limit the damage to the rest of the net
from the hard-to-trace abuse and the other evils that were the reason
why the blocks were hijacked in the first place, than to deal with the
consequential admin issues.  But those issues *will* be addressed.

So that's why we first gave you all an update on what was happening,
while I try to reach the security teams at the networks that are still
allowing the bogus announcements to go out.  Sprint responded quickly,
and thanks to those of you here who mailed me better contact details,
I was able to reach Telia who filtered their announcements promptly.

Some networks however are proving rather more difficult to "reach"!

Once we've shut the abuse down, we'll be sure to brief Aker Kvaerner's
management on all the issues involved and, from what I've seen so far,
I'm completely satisfied that they will then "do the right thing".

| Obviously if they have been hijacked and the admins had the time
| to post here about it, it's not the end of the world for them...

Aker Kvaerner were until last week unaware that the company they had
acquired had ever had any allocations from ARIN.  We've been asked to
clear up the mess, and to that extent only we are the "admins".  When
one of the hijackers lost their connection, and was immediately able
to get a new connection from another provider, we realised just how
important it was to ensure that network operators were generally made
aware of what was going on: firstly so that they didn't inadvertently
allow anyone else to announce anything in those netblocks, and also so
that any network could, if they wished, could keep traffic from those
netblocks off their systems.

At our request ARIN have now deleted all contact handles from those
blocks, so that further identity-spoofing should be more difficult.

-- 
Richard Cox
Mandarin Technology Ltd, Penarth, UK