Re: 157.112.0.0/16 ARIN info updated, AT&T still announcing /16

North American Network Operators Group

Re: 157.112.0.0/16 ARIN info updated, AT&T still announcing /16

From: Richard Cox
Date: Thu Sep 11 13:04:24 2003

On Thu, 11 Sep 2003 16:32 UTC John Payne <[email protected]> wrote:

| I stopped seeing 157.112.0.0/16 announced via AT&T earlier this week.

So did many people.  That route came back again soon afterwards.

I have received an assurance directly from senior AT&T management that
the route has - in the last few minutes - been removed with prejudice.
It will not be returning.

We will now be working with AT&T management to help them to identify
exactly and how where their internal processes failed on this issue.

Way back on Thu, 10 Apr 2003 01:06 UTC I wrote:

| I've been asked to draw the attention of Network administrators to the
| recent hijacking of various large blocks of ARIN IP-space: particularly
| six /16 blocks allocated to the London-based Trafalgar House Group.
| 
| Trafalgar House Group (THG):
| Trafalgar House Group TRAF  (NET-144-176-0-0-1) 144.176.0.0/16
| Trafalgar House Group THIN1 (NET-144-177-0-0-1) 144.177.0.0/16
| Trafalgar House Group THIN3 (NET-144-179-0-0-1) 144.179.0.0/16
| Trafalgar House Group THIN4 (NET-144-180-0-0-1) 144.180.0.0/16
| Trafalgar House Group THIN5 (NET-144-181-0-0-1) 144.181.0.0/16
| Trafalgar House Group THIN2 (NET-158-181-0-0-1) 158.181.0.0/16

The other good news is that all those blocks have now been either
returned to Aker Kvaerner Group (successors-in-title to Trafalgar
House Group) or returned to ARIN for reuse, as appropriate.  Any
filters you routing people may have put in place to prevent abuse
from those blocks can be - and, please, SHOULD be, removed as soon
as practicable.  The DNSBL entries for them at Spamhaus and SORBS
have already been removed.

Anyone wanting more information is welcome to join the "Hijacked"
list (mailto:[email protected]?subject="subscribe hijacked")
which is where we discuss and resolve the Hijacking incidents as
they occur.  Most network operators are now represented there, and
as a result we have been able to resolve most of the hijacking
incidents within a very short time of their coming to notice.

-- 
Richard Cox
(Listowner, Hijacked List)
Mandarin Technology Ltd, Wales

\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
Contribute to the SpamCon Legal Fund!! http://www.spamcon.org/legalfund/

Follow-Ups:
- Re: 157.112.0.0/16 ARIN info updated, AT&T still announcing /16 Chris Lewis

References:
- 157.112.0.0/16 ARIN info updated, AT&T still announcing /16 Kai Schlichting
- Re: 157.112.0.0/16 ARIN info updated, AT&T still announcing /16 John Payne

Prev by Date: Re: 157.112.0.0/16 ARIN info updated, AT&T still announcing /16
Next by Date: Re: 157.112.0.0/16 ARIN info updated, AT&T still announcing /16
Date Index
Thread Index
Author Index
Historical