North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Yet more hijacked space? - deru.net

  • From: Darin Wayrynen
  • Date: Sun May 04 04:56:03 2003

<esc>%sFriday<ret>Saturday<ret>!

Grumble.

Darin

> 
> 
> I try to make it a habit of responding only to accusations when I can
> identify the accuser, but well, it's Friday night and I have a few
> minutes of time to spare.  Btw, Hushmail is great for stirring up crap
> and hiding from the potential backlash.
> 
> Wonder what you will, but our space is not hijacked.  Only Networking
> is Deru - always has been - some of our equipment/colo facilities are
> (and have been) on the address on our AS registration.  The ins/outs
> of DSS are public, you just need to dig deeper than you have - we are
> not required to justify anything to you.
> 
> 
> Personally, I think Deru has done it's part to help the Nanog
> community - I seem to vaguely remember us providing the bandwidth to
> the last Nanog here in Phoenix a couple of months ago, gratis, free of
> charge, provided over this very ip space.
> 
> 
> Thanks for your support in return!  Wait, you don't represent Nanog,
> you represent a no-name anonymous email address...
> 
> 
> We (including Richard Rupp) have better things to spend our time on...
> Like pondering why so many "backbones" still don't source filter their
> customers so we wouldn't have to play around with 500Kpps syn floods
> (with randomized ips) aimed at us on Friday nights...
> 
> Ciao,
> 
> Darin
> 
> 
> 
> 
> > 
> > 
> > Since were on the topic of hijacked ipspace, i find myself wondering
> > about deru.net
> > 
> > 
> > "Deru, the name you can trust, from people you can trust." - Quoted from
> > www.deru.net
> > 
> > Ok, so this is the name you can trust, from the people you can trust,
> >  right?  Well then, why would it appear that Deru.net, the local ISP
> > you can trust is using hijacked ip space?
> > 
> > It would appear as if Deru.net is using:
> > 
> > www.deru.net has address 140.99.0.15
> > 
> > My handy dandy whois tool tells me this range belongs to:
> > 
> > 
> > OrgName:    Datability Software Systems, Inc.
> > OrgID:      DERU
> > Address:    14982 N 83rd PL Ste 201
> > City:       Scottsdale
> > StateProv:  AZ
> > PostalCode: 85260
> > Country:    US
> > 
> > NetRange:   140.99.0.0 - 140.99.255.255
> > CIDR:       140.99.0.0/16
> > NetName:    DSS1
> > NetHandle:  NET-140-99-0-0-1
> > Parent:     NET-140-0-0-0-0
> > NetType:    Direct Allocation
> > NameServer: NS1.DERU.NET
> > NameServer: NS2.DERU.NET
> > Comment:
> > RegDate:    1990-04-12
> > Updated:    2001-08-01
> > 
> > TechHandle: DW19-ARIN
> > TechName:   Wayrynen, Darin
> > TechPhone:  +1-480-998-7237
> > TechEmail:  [email protected]
> > 
> > Before this network was modified it contained:
> > 
> > 140.99.0.0 Datability Software Systems, Inc. NET-DSS1 322 Eighth Avenue
> > New York, NY 10001 US 
> > 
> > 140.99.0.0      C                DSS1
> >  Rupp, Richard L. (RLP39)        [email protected]
> >    (201) 438-2400
> > 
> > 
> > Handy dandy route-server tells us:
> > 
> > 
> > route-server.cw.net>sh ip bgp 140.99.0.0 255.255.0.0 l
> > BGP table version is 2788023425, local router ID is 209.1.220.234
> > Status codes: s suppressed, d damped, h history, * valid, > best, i -
> >  internal
> > Origin codes: i - IGP, e - EGP, ? - incomplete
> > 
> >    Network          Next Hop            Metric LocPrf Weight Path
> > *>i140.99.0.0       208.172.146.30                100      0 1239 11588
> > 2 7136 i
> > * i                 208.172.146.29                100      0 1239 11588
> > 2 7136 i
> > *>i140.99.96.0/19   208.172.146.30                100      0 1239 11588
> > 2 i
> > * i                 208.172.146.29                100      0 1239 11588
> > 2 i
> > * i140.99.120.0/22  208.172.146.29                100      0 1239 11588
> > 2 26978 i
> > *>i                 208.172.146.30                100      0 1239 11588
> > 2 26978 i
> > route-server.cw.net>
> > 
> > And once again, handy dandy whois tool tells us:
> > 
> > OrgName:    Only Networking Inc. (ONLY2-DOM)
> > OrgID:      ONIO
> > Address:    3443 North Central, 17th Floor
> > City:       Phoenix
> > StateProv:  AZ
> > PostalCode: 85013
> > Country:    US
> > 
> > ASNumber:   7136
> > ASName:     ONLY
> > ASHandle:   AS7136
> > Comment:
> > RegDate:    1996-09-16
> > Updated:    1996-09-16
> > 
> > TechHandle: DW19-ARIN
> > TechName:   Wayrynen, Darin
> > TechPhone:  +1-480-998-7237
> > TechEmail:  [email protected]
> > 
> > 
> > Im finding it odd that not a single thing, other than the POC email for
> > a questionable /16 and the ASN announcing questionable /16 has anything
> > to do with deru.net.
> > 
> > 
> > 
> > Also, my friend google tells me this:
> > 
> > http://216.239.57.100/search?q=cache:aHJS20Er5m0C:members.aol.com/karima4483/resume_c.html+%22Datability+Software+Systems,
> > +Inc.%22&hl=en&ie=UTF-8
> > 
> > smlnk: http://smlnk.com/?21ZQK6FP 
> > 
> > So it would appear that Datability Software Systems, Inc. was located
> > in Natick, Mass, and became Penril Datability Networks
> > 
> > http://216.239.37.100/search?q=cache:87PPbzXONd0C:isdn.modemhelp.net/p/penrildatabilitynetworks.shtml+Penril+Datability+Networks+&hl=en&ie=UTF-
> > 8
> > 
> > smlnk:http://smlnk.com/?08DJKDW3
> > 
> > It now appears that Penril Datability Networks was split up, with thier
> > assets being aquired by Bay Networks, and Access Beyond.
> > 
> > http://216.239.33.100/search?q=cache:jSOOHJ6s9fkC:www.cgraphix.com/39_detail_clients.html+Access+Beyond+%2BPenril&hl=en&ie=UTF-
> > 8
> > 
> > smlnk: http://smlnk.com/?UHXEPYDC
> > 
> > That leaves us with Access Beyond, a manufacturer of remote access telecom
> > products.  And whose website is now owned by a cybersquatter.
> > 
> > 
> > Now the question at hand is, at which point did this hardware company
> > become Deru.net, the Internet Service Provider you can trust? was this
> > before, or after Penril Datability Networks Inc/Bay Networks/Access Beyond.?
> > 
> > Did everyone decide to move to arizona and start an ISP? or is this just
> > another example of IP hijacking that we all find ourselves taking a look
> > at.
> > 
> > Can deru.net provide documents that say they bought or were aquired by
> > Datability Software Systems, Inc/Penril Datability Networks/Bay Networks/Access
> > Beyond.?
> > 
> > There are other companies using this address space (eldosales.com) but
> > they dont have the appearance of owning a possibly hijacked /16
> > 
> > Regards,
> > 
> > IP Police
> > 
> > 
> > 
> > Concerned about your privacy? Follow this link to get
> > FREE encrypted email: https://www.hushmail.com/?l=2 
> > 
> > Big $$$ to be made with the HushMail Affiliate Program: 
> > https://www.hushmail.com/about.php?subloc=affiliate&l=427
> > 
> > 
> > 
> 
> 
> 
>