Important realization: Things don’t always work there like they work here (wherever “here” is for you).
-Ben > On Sep 6, 2019, at 6:57 AM, Carlos Friaças via NANOG <nanog@nanog.org> wrote: > > > Hi, > > (Also never been in Australia, unfortunately...) > > Netname is "PMANET": > ...isn't it OK to assume it could stand for "Port of Melbourne Authority > Network"? > > * pma.vic.gov.au is not operational > (i wonder what can be found with passive dns) > > * vic.gov.au is still operational. > > > Quick googling also allowed me to find this: > > https://www.portofmelbourne.com/about-us/port-history/timeline/ > > "1996 Melbourne Port Corporation established as successor to Port of > Melbourne Authority." > > > Regards, > Carlos > > > >> On Fri, 6 Sep 2019, Mel Beckman wrote: >> >> A quick check of one of your facts produces unexpected results, so you might >> want to perform more research. According the APNIC, >> 139.44.0.0/16 does not ?belong unambiguously to the Port Authority of >> Melbourne?. It belongs to an individual, with an office address >> at a building called ?Port Authority of Melbourne?: >> person: >> Rob Shute >> address: >> Port of Melbourne Authority >> Level 47 South >> 525 Collins St >> country: >> AU >> phone: >> +61 3 9628 7613 >> e-mail: >> d...@pma.vic.gov.au >> nic-hdl: >> RS54-AP >> remarks: >> ---------- >> remarks: >> imported from ARIN object: >> remarks: >> remarks: >> poc-handle: RS546-ARIN >> remarks: >> is-role: N >> remarks: >> last-name: Shute >> remarks: >> first-name: Rob >> remarks: >> street: Port of Melbourne Authority >> Level 47 South >> 525 Collins St >> remarks: >> country: AU >> remarks: >> mailbox: d...@pma.vic.gov.au >> remarks: >> bus-phone: +61 3 9628 7613 >> remarks: >> reg-date: 1970-01-01 >> remarks: >> changed: hostmas...@arin.poc 20001127 >> remarks: >> source: ARIN >> remarks: >> remarks: >> ---------- >> notify: >> d...@pma.vic.gov.au >> mnt-by: >> MNT-ERX-PRTMELAUTH-NON-AU >> last-modified: >> 2008-09-04T07:31:33Z >> source: >> APNIC >> The building called the Port Authority of Melbourne is not, by all accounts, >> a government agency. It?s just the name of a 54-story >> office building, like the World Trade Center in NYC. In fact, World Trade >> Centre (Melbourne) is another name for the building, and >> although it houses the Port of Melbourne Authority agency (on Level 4, not >> Level 47), it appears to be largely just a toney address >> for business offices. Some, perhaps, not unlike American ?Mail Boxes Etc? >> (although I haven?t confirmed this). But the following Wikipedia >> excerpt says this unambiguously: >> The building currently houses some offices of the headquarters of Victoria >> Police, and the Victoria Police Museum , a collection of >> exhibits and memorabilia from over 150 years of policing in Victoria.[3] It >> also houses offices for companies, including Thales >> Australia. >> https://en.m.wikipedia.org/wiki/Port_of_Melbourne_Authority >> Now, I?m not an Ossie, and in fact have never been down under, but it seems >> likely that the address in the registration is akin to a >> US business having a World Trade Center address in NYC. It means nothing as >> far as APNIC asset ownership is concerned. It?s just an >> address. >> I could be wrong. However, it seems a simple fact to verify by calling >> management at that building. I tried sending email to the >> registered ?.gov.au? address: >> d...@pma.vic.gov.au >> But the domain does not exist. >> -mel beckman >> On Sep 6, 2019, at 1:30 AM, Ronald F. Guilmette <r...@tristatelogic.com> >> wrote: >> >> Few of you here probably know about this, but nearly a week ago now >> an article appeared in South Africa's largest and most popular online >> tech publication, MyBroadband.co.za. It detailed many, but certainly >> not >> all of the results of my multi-month investigation of a massive and >> ongoing fraud involving the theft of large numbers of large (generally >> /16 or larger) abandoned legacy blocks, taken from the AFRINIC region >> and beyond: >> https://mybroadband.co.za/news/internet/318205-the-big-south-african-ip-address-heist-how-millions-are-made-on-the-grey-market.html >> >> For various editorial reasons, the article that was published actually >> downplayed the magnitude of the of the thefts quite dramatically. The >> totality of the IPv4 space that has been stolen or squatted, primarily >> but not exclusively, from South African companies and South African >> national >> goverment agencies and departments is actually at least 5x bigger than >> what >> was reported in the MyBroadband.co.za article. >> >> The overwhelming majority of this stolen and squatted IPv4 space has >> been helpfully routed by Cogent (AS174), to their customer, FDCServers >> of Chicago, and then on to the prefered destinations of a certain Mr. >> Elad Cohen of Israel, and his company Netstyle Atarim, Ltd. (I have >> saved traceroutes up the wazoo that prove the involvement of FDCServers, >> in particular, in all of this.) >> >> Mr. Cohen has been exceptionally prolific in his IPv4 theft and >> squatting >> activities, basically grabbing everything that wasn't nailed down, both >> within the AFRINIC region and also within the APNIC region. >> >> In order to try to legitimize all of these thefts and squats, Mr. Cohen >> created quite a sizable number of fradulent route: objects within the >> Merit/RADB data base which, as most here should already know, has >> essentially zero authentication of any kind before it allows J. Random >> Luser to add pretty much any any route: object he wants to the RADB. >> >> Here's a full listing of all of Mr. Cohen's RADB route: objects as they >> existed as recently as August 17th: >> >> https://pastebin.com/raw/ZNgNuvtt >> >> And here is the short summary version showing just all of the >> prefixes/CIDRs >> that Mr. Cohen was effectively claiming rights and/or title to as of >> that >> same date: >> >> https://pastebin.com/raw/4LTaCg5R >> >> Plese do note the numerous blocks of size /16 or greater. >> >> The bottom line is that this one tiny little Israeli company was >> effectively >> claiming rights to a total of no fewer than 1,015,808 IPv4 addresses as >> of >> August 17th, 2019. (Not too shabby for one lone guy who teaches >> programming >> classes as a side job!) Vitrually all of the space is "legacy" IPv4 >> space, >> and generally consists of blocks having sizes of /16 or larger. >> >> Some of Mr. Cohen claims in his RADB entries are as humorous as they >> are pathetically fradulent. For example, Mr. Cohen has effectively >> claimed rights to 139.44.0.0/16 which unambiguously belongs to the Port >> Authority of the City of Melbourne, Australia. But hell! That's merely >> city property! Mr. Cohen's limitless appetite for other people's IPv4 >> space is more vividly on display in his claims to ownerhip over the >> 168.198.0.0/16 block, which actually belongs to the Department of >> Finance >> of the Australian national government. And I haven't even mentioned yet >> another of Mr. Cohen volumous IPv4 acqusitions, the 165.25.0.0/16 block, >> which he did not see fit to create an RADB entry for, but which he's >> been squatting on for for quite some time now, quite clearly with the >> aid and assistance of both Cogent and FDCServers. That one belongs to >> th City of Cape Town, South Africa. That city's engineers have been >> struggling to regain control of their block back from Cogent, from >> FDCServers, and from Mr. Cohen for some time now. I know because I've >> personally spoken to them about it. Cogent, in its infinite wisdom, is >> continuing to fight the city for control over property that clearly and >> righfully belongs to the City of Cape Town, even as we speak: >> >> >> https://drive.google.com/file/d/1ytRj1CtuVhDa0eGu4BT-oEz593y5EwJa/view >> >> When asked for LOAs attesting to his legitimate authority to route at >> least a few of these blocks, Mr. Cohen has produced blatantly forged >> documents, many of which appeared in the MyBroadband.co.za story. And >> when I say "blatant" that's a gross understatement. Any half-way decent >> forger would consider these documents an embarrasment. The documents >> all >> bear identical signatures, and identical and vaguely official looking >> stamps, and purport to actually be sales reciepts attesting to the >> alleged purchases, by Mr. Cohen's offshore Seychelles Islands shell >> company, Afri Holdings, Ltd., of various /16 blocks from a mysterious >> company called Afrivestment, Ltd., which may actually exist in some >> faraway galaxy, or in Mr. Cohen's active imagination, but which both >> Google and OpenCorporates.com seem to agree exists exactly noplace on >> this planet. Here are the manufactured LOAs supplied by Mr. Cohen: >> >> >> https://drive.google.com/file/d/1hVjmR6u0ANltuXtZ-Kng8io-EGFyevTR/view >> >> https://drive.google.com/file/d/1x_44_H5hkcFLhEwpkwfFoR5PJUyXHzxJ/view >> >> https://drive.google.com/file/d/1yQyqn4q_f3bt-wDVoN1FzbXf1k58DXtK/view >> >> Recently, Cohen started to move some, but not all, of his stolen and >> squatted >> IPv4 blocks off of Cogent/FDCServers and onto a friendly little >> bullet-proof >> hosting company in the Netherlands named IP Volume, Inc. (AS202425) >> and/or >> to its several sister networks, e.g. AS204655 - Novogara Ltd., all of >> which, >> coincidently, just happen to be owned by the exact same pair of Dutch >> gentlemen who previously owned the notorious Ecatel, follwed by the >> notorious >> Quasi Networks. (IP Volume, Inc. appears to have intherited all or >> nearly >> all of its legitimately assigned IP space from its predecessor entities, >> Ecatel and Quasi Networks.) >> >> Despite these relocations, many of Mr. Cohen's stolen and squatted >> blocks >> are still helpfully being routed to Mr. Cohen's preferred desitnations >> by >> his good friends at Cogent and FDCServers, even as we speak. The >> current >> set of such routes that Cogent is maintaining, at the moment, >> apparently on >> behalf of their customer, Mr. Cohen, consists of the prefixes listed >> here: >> >> https://pastebin.com/raw/EA3xJVLF >> >> When I noticed two days ago that all of these routes were still up I was >> deeply confused. Did both Cogent and FDCServrs not get the memo?? Do >> they not know yet that Cohen is stealing stuff, left, right, and >> sideways? >> Did nobody even tell them about the MyBroadband.co.za article which was >> published this past Sunday? I decided that it was incumbant upon me to >> find out. >> >> Thus, more that 48 hours ago now I sent the following polite but firm >> inquiry to Cogent, and a separate nearly identical one directly to the >> CEO of FDCServers, Mr. Petr Kral (petr(at)fdcservers.net). >> >> https://pastebin.com/raw/ztipqE96 >> >> A full forty eight hours later, I have received no reply whatsoever from >> either Cogent or FDCServers, not even a "Go pound sand" type of >> response. >> >> More importantly, most of the stolen IPv4 space that I called out, very >> specifically, to both Cogent and FDCservers two+ days ago now is still >> being routed by Cogent/FDCservers to their fun-loving and, I'm sure, >> promptly paying customer, Mr. Cohen. If neither Cogent nor FDCServers >> still do not know now that Mr. Cohen is a crook, and that he has glommed >> onto quite a lot of stolen and squatted IPv4 space... which they have >> been helpfully routing for him, no doubt in exchange for some handsome >> payments... then I am foreced to say that it appears to be a reasonable >> conclusion that it must be because neither Cogent nor FDCServers really >> wants to know what sort of a character Cohen is, or what he has been up >> to, specifically with their ongoing and material assistance. >> >> But you all be the judges. What does it look like to you? >> >> Regards, >> rfg >>