Re: AS29073, 196.16.0.0/14, Level3: Why does anyone peer with these schmucks?

[Suresh Ramasubramanian]

1. They aren’t the internet police either or so quite a few of them think 

2. Hanlon’s razor

--srs

> On 15-Aug-2017, at 2:17 AM, Baldur Norddahl  wrote:
> 
> Why are domain registrars allowing some of those domains, which are clearly
> advertising highly illegal content that will get you in jail in most of the
> world?

Anyone from AS62052 ASNICOM here?

[John Neiberger]

Sorry for posting to the list, but we are unable to find any working
contact information. If anyone from AS 62052 (ASNICOM) is on the list,
please contact me. You're advertising some of our IP space and we need to
get that corrected.

Thanks,
John

Re: AS29073, 196.16.0.0/14, Level3: Why does anyone peer with these schmucks?

[Baldur Norddahl]

Den 14. aug. 2017 21.51 skrev "Ronald F. Guilmette" :


Sorry for the re-post, but it has been brought to my attention that
my inclusion, in my prior posting, of various unsavory FQDNs resolving
to various IPv4 addresses on AS29073 has triggered some people's
spam filters.  (Can't imagine why. :-)  So I am re-posting this message
now, with just a link to where those shady FQDNs and their current
forward resolutions may be found.  (I also took the opportunity to
clean up some minor typos.)


Why are domain registrars allowing some of those domains, which are clearly
advertising highly illegal content that will get you in jail in most of the
world?

RE: AS29073, 196.16.0.0/14, Level3: Why does anyone peer with these schmucks?

[Siegel, David]

If you believe that a customer of a network service provider is in violation of 
that service providers AUP, you should email ab...@serviceprovider.net.  Most 
large networks have a security team that monitors that email address regularly 
and will cooperate with you to address the problem.

Dave




-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Ronald F. Guilmette
Sent: Monday, August 14, 2017 1:50 PM
To: nanog@nanog.org
Subject: AS29073, 196.16.0.0/14, Level3: Why does anyone peer with these 
schmucks?


Sorry for the re-post, but it has been brought to my attention that my 
inclusion, in my prior posting, of various unsavory FQDNs resolving to various 
IPv4 addresses on AS29073 has triggered some people's spam filters.  (Can't 
imagine why. :-)  So I am re-posting this message now, with just a link to 
where those shady FQDNs and their current forward resolutions may be found.  (I 
also took the opportunity to clean up some minor typos.)

%%%

I think that this is primarily Level3's problem to fix.  But you be the judge.  
Please, read on.

+_+_+_+_+_+_+_+_

Over the weekend, I stumbled upon an interesting blog calld "Bad Packets", 
where a fellow named Troy has written about various unsavory goings on 
involving various newtorks.  One network that he called out in particular was 
AS29073, formerly called "Ecatel".  on his blog, this fellow Troy has noted at 
length some break-in attempts originating from AS29073 and his inability to get 
anyone, in particular RIPE NCC, to give a damn.

https://badpackets.net/the-master-needler-80-82-65-66/

https://badpackets.net/a-conversation-with-ripe-ncc-regarding-quasi-networks-ltd/

https://badpackets.net/quasi-networks-responds-as-we-witness-the-death-of-the-master-needler-80-82-65-66-for-now/

The fact that RIPE NCC declined to accept the role of The Internet Police 
didn't surprise me at all... they never have and probably never will.
But I decided to have a quick look at what this newtork was routing, at 
present, which can be easily see here:

http://bgp.he.net/AS29073#_prefixes

So I was looking through the announced routes for AS29073, and it all looked 
pretty normal... a /24 block, check, a /24 block, check, a /21 block check... 
another /24 block, and then ... WAIT A SECOND!  HOLY MOTHER OF GOD!  WHAT'S 
THIS???  196.16.0.0/14 !!!

So how does a little two-bit network with a rather dubious reputation and a 
grand total of only about a /19 to its name suddenly come to be routing an 
entire /14 block??

And of course, its a legacy (abandoned) Afrinic block.

And of course, there's no reverse DNS for any of it, because there is no valid 
delegation for the reverse DNS for any of it... usually a good sign that 
whoever is routing the block right now -does not- have legit rights to do so.  
(If they did, then they would have presented their LOAs or whatever to Afrinic 
and thus gotten the reverse DNS properly delegated to their own name servers.)

I've seen this movie before.  You all have.  This gives every indication of 
being just another sad chapter in the ongoing mass pillaging of unused Afrinic 
legacy IPv4 space, by various actors with evil intent.
I've already documented this hightly unfortunate fad right here on multiple 
occasions:

https://mailman.nanog.org/pipermail/nanog/2016-November/089232.html
https://mailman.nanog.org/pipermail/nanog/2017-August/091821.html

This incident is a bit different from the others however, in that it -does not- 
appear that the 196.16.0.0/14 block has been filed to the brim with snowshoe 
spammers.  Well, not yet anyway.

But if in fact the stories are correct, and if AS29073 does indeed have a 
history of hosting outbound hacking activities, then the mind reels when 
thinking about how much mischief such bad actors could get into if given an 
entire /14 to play with.  (And by the way, this is a new world's record I 
think, for largest single-route deliberate hijack.
I've seen plenty of /16s go walkabout before, and even a whole /15.
But an entire /14?!?! That is uniquely brazen.)

In addition to the above, and the points raised within the Bad Packets blog 
(see links above) I found, via passive DNS, a number of other causes for 
concern about AS29073, to wit:

Shady FQDNs (incl possible child porn ones) on AS29073 moved here:
https://pastebin.com/raw/f4M09UKL

(In addition to the above, I've also found plenty more domain names associated 
with AS29073 which incorporate the names "Apple" "AirBnB", "Facebook", and 
"Groupon", as well as dozens of other legitimate companies and organizations.)

I confess that I have not had the time to look at any of the web sites that may 
or may not be associated with any of the above FQDNs, but the domain names 
themselves are certainly strongly suggestive of (a) the possible hosting of 
child porn and also and separately (b) the possible 

AS29073, 196.16.0.0/14, Level3: Why does anyone peer with these schmucks?

[Ronald F. Guilmette]

Sorry for the re-post, but it has been brought to my attention that
my inclusion, in my prior posting, of various unsavory FQDNs resolving
to various IPv4 addresses on AS29073 has triggered some people's
spam filters.  (Can't imagine why. :-)  So I am re-posting this message
now, with just a link to where those shady FQDNs and their current
forward resolutions may be found.  (I also took the opportunity to
clean up some minor typos.)

%%%

I think that this is primarily Level3's problem to fix.  But you be
the judge.  Please, read on.

+_+_+_+_+_+_+_+_

Over the weekend, I stumbled upon an interesting blog calld "Bad Packets",
where a fellow named Troy has written about various unsavory goings on
involving various newtorks.  One network that he called out in particular
was AS29073, formerly called "Ecatel".  on his blog, this fellow Troy has
noted at length some break-in attempts originating from AS29073 and his
inability to get anyone, in particular RIPE NCC, to give a damn.

https://badpackets.net/the-master-needler-80-82-65-66/

https://badpackets.net/a-conversation-with-ripe-ncc-regarding-quasi-networks-ltd/

https://badpackets.net/quasi-networks-responds-as-we-witness-the-death-of-the-master-needler-80-82-65-66-for-now/

The fact that RIPE NCC declined to accept the role of The Internet Police
didn't surprise me at all... they never have and probably never will.
But I decided to have a quick look at what this newtork was routing, at
present, which can be easily see here:

http://bgp.he.net/AS29073#_prefixes

So I was looking through the announced routes for AS29073, and it all
looked pretty normal... a /24 block, check, a /24 block, check, a /21
block check... another /24 block, and then ... WAIT A SECOND!  HOLY
MOTHER OF GOD!  WHAT'S THIS???  196.16.0.0/14 !!!

So how does a little two-bit network with a rather dubious reputation
and a grand total of only about a /19 to its name suddenly come to
be routing an entire /14 block??

And of course, its a legacy (abandoned) Afrinic block.

And of course, there's no reverse DNS for any of it, because there is
no valid delegation for the reverse DNS for any of it... usually a good
sign that whoever is routing the block right now -does not- have legit
rights to do so.  (If they did, then they would have presented their
LOAs or whatever to Afrinic and thus gotten the reverse DNS properly
delegated to their own name servers.)

I've seen this movie before.  You all have.  This gives every indication
of being just another sad chapter in the ongoing mass pillaging of
unused Afrinic legacy IPv4 space, by various actors with evil intent.
I've already documented this hightly unfortunate fad right here on
multiple occasions:

https://mailman.nanog.org/pipermail/nanog/2016-November/089232.html
https://mailman.nanog.org/pipermail/nanog/2017-August/091821.html

This incident is a bit different from the others however, in that it
-does not- appear that the 196.16.0.0/14 block has been filed to the
brim with snowshoe spammers.  Well, not yet anyway.

But if in fact the stories are correct, and if AS29073 does indeed have
a history of hosting outbound hacking activities, then the mind reels
when thinking about how much mischief such bad actors could get into
if given an entire /14 to play with.  (And by the way, this is a new
world's record I think, for largest single-route deliberate hijack.
I've seen plenty of /16s go walkabout before, and even a whole /15.
But an entire /14?!?! That is uniquely brazen.)

In addition to the above, and the points raised within the Bad Packets
blog (see links above) I found, via passive DNS, a number of other
causes for concern about AS29073, to wit:

Shady FQDNs (incl possible child porn ones) on AS29073 moved here:
https://pastebin.com/raw/f4M09UKL

(In addition to the above, I've also found plenty more domain names
associated with AS29073 which incorporate the names "Apple" "AirBnB",
"Facebook", and "Groupon", as well as dozens of other legitimate companies
and organizations.)

I confess that I have not had the time to look at any of the web sites that
may or may not be associated with any of the above FQDNs, but the domain names
themselves are certainly strongly suggestive of (a) the possible hosting of
child porn and also and separately (b) the possible hosting of phishing sites.

So, given the history of this network (as is well documented on the Bad
Packets blog) and given all of the above, and given what would appear to
be the unauthorized "liberation" of the entire 196.16.0.0/14 block by
AS29073, one cannot help but wonder: Why does anybody still even peer
with these jerks?

The always helpful and informative web site bgp.he.net indicates that very
nearly 50% of the connectivity currently enjoyed by AS29073 is being provided
to them by Level3.  I would thus like to ask Level3 to reconsider that peering
arrangement in light of the 

Re: For the Wireless Guys

[Rod Beck]

I had my suspicions. 



From: Curtis Maurand 
Sent: Monday, August 14, 2017 9:44 PM
To: Dan Hollis
Cc: Rod Beck; nanog@nanog.org
Subject: Re: For the Wireless Guys

The higher the frequency, the more it acts like light.  at that frequency, it 
wouldn't take much to block it.  even 2.4GHz is stopped by a tree.

On Mon, Aug 14, 2017 at 12:54 PM, Dan Hollis 
> wrote:
Good for a few meters at best? Terahertz is blocked by air.

-Dan

On Mon, 14 Aug 2017, Rod Beck wrote:

https://phys.org/news/2017-08-transmission-terahertz-multiplexer.html


Roderick Beck

Director of Global Sales

United Cable Company

DRG Undersea Consulting

Affiliate Member

www.unitedcablecompany.com

85 Király utca, 1077 Budapest

rod.b...@unitedcablecompany.com

36-30-859-5144


[1467221477350_image005.png]




--
--Curtis

Re: Puerto Rico Internet Exchange

[Jeremy Austin]

On Sun, Aug 13, 2017 at 2:04 PM, Martin Hannigan  wrote:

> Hi Arturo,
>
> Good call. I believe the funds are coming from the USF? (Mike Hammet knows
> more about this than me). I had conversations with multiple congressional
> staffers about using USF funds for IXP development. They're in for good
> projects. The USG and US congress is more than willing to fund IXPs using
> USF funds. Commercial or otherwise, depending on the bnenefits and commits.
>
>
Hi Martin

I'm curious about the mechanism for funding such a thing. Historically the
majority of USF funds have gone to telcos rather than ISPs, if I am not
mistaken.

I'd love to continue this discussion off list if necessary.

-- 
Jeremy Austin

(907) 895-2311 office
(907) 803-5422 cell
jhaus...@gmail.com

Heritage NetWorks
Whitestone Power & Communications
Vertical Broadband, LLC

Re: For the Wireless Guys

[Matt Freitag]

Turn up the Tx power a bit and you'll have a nice little heater too.

Matt Freitag
Network Engineer
Information Technology
Michigan Technological University
(906) 487-3696 <%28906%29%20487-3696>
https://www.mtu.edu/
https://www.mtu.edu/it

On Mon, Aug 14, 2017 at 12:54 PM, Dan Hollis 
wrote:

> Good for a few meters at best? Terahertz is blocked by air.
>
> -Dan
>
>
> On Mon, 14 Aug 2017, Rod Beck wrote:
>
> https://phys.org/news/2017-08-transmission-terahertz-multiplexer.html
>>
>>
>> Roderick Beck
>>
>> Director of Global Sales
>>
>> United Cable Company
>>
>> DRG Undersea Consulting
>>
>> Affiliate Member
>>
>> www.unitedcablecompany.com
>>
>> 85 Király utca, 1077 Budapest
>>
>> rod.b...@unitedcablecompany.com
>>
>> 36-30-859-5144
>>
>>
>> [1467221477350_image005.png]
>>
>>

Re: For the Wireless Guys

[Dan Hollis]

Good for a few meters at best? Terahertz is blocked by air.

-Dan

On Mon, 14 Aug 2017, Rod Beck wrote:


https://phys.org/news/2017-08-transmission-terahertz-multiplexer.html


Roderick Beck

Director of Global Sales

United Cable Company

DRG Undersea Consulting

Affiliate Member

www.unitedcablecompany.com

85 Király utca, 1077 Budapest

rod.b...@unitedcablecompany.com

36-30-859-5144


[1467221477350_image005.png]

For the Wireless Guys

[Rod Beck]

https://phys.org/news/2017-08-transmission-terahertz-multiplexer.html


Roderick Beck

Director of Global Sales

United Cable Company

DRG Undersea Consulting

Affiliate Member

www.unitedcablecompany.com

85 Király utca, 1077 Budapest

rod.b...@unitedcablecompany.com

36-30-859-5144


[1467221477350_image005.png]

2nd call for presentations RIPE 75

[Benno Overeinder]

Dear colleagues,

Please note the approaching deadline of *20 August 2017* for RIPE 75
plenary programme submissions.

You can find the CFP for RIPE 75 below or at
https://ripe75.ripe.net/submit-topic/cfp/, for your proposals for
plenary session presentations, tutorials, workshops, BoFs (Birds of a
Feather sessions) and lightning talks.

Please also note that speakers do not receive any extra reduction or
funding towards the meeting fee at the RIPE Meetings.

Note: Due to UAE law, confirmed speakers will need to submit a copy of
their passport and contact information in advance of the meeting.  More
details are available here:
https://ripe75.ripe.net/attend/dctm-requirements

Kind regards,

Benno Overeinder
RIPE PC Chair
https://ripe75.ripe.net/ripe-pc/

>>><<<

Call for Presentations

A RIPE Meeting is an open event where Internet Service Providers,
network operators and other interested parties get together.  Although
the meeting is mostly technical, it is also a chance for people to meet
and network with others in their field.

RIPE 75 will take place from 22-26 October in Dubai, UAE.

The RIPE Programme Committee (PC) is now seeking content proposals from
the RIPE community for the plenary sessions, BoFs (Birds of a Feather
sessions), panels, workshops, tutorials and lightning talks at RIPE 75.
See the full descriptions of the different presentation formats,
https://ripe75.ripe.net/submit-topic/presentation-formats/.

Proposals for plenary sessions, BoFs, panels, workshops and tutorials
must be submitted for full consideration no later than *20 August 2017*.
Proposals submitted after this date will be considered depending on the
remaining available space in the programme.

The PC is looking for presentations covering topics of network
engineering and operations, including but not limited to:

- IPv6 deployment
- Managing IPv4 scarcity
- Data centre technologies
- Network and DNS operations
- Internet governance and regulatory practices
- Network and routing security
- Content delivery
- Internet peering and mobile data exchange
- Connected Things (aka. Internet of Things - IoT)

Speakers

Due to UAE law, confirmed speakers will need to submit a copy of their
passport and contact information in advance of the meeting.  More
details are available here:
https://ripe75.ripe.net/attend/dctm-requirements

Please also note that speakers do not receive any discount or funding
towards the meeting fee at RIPE Meetings.

Submissions

RIPE Meeting attendees are quite sensitive to keeping presentations
non-commercial, and product marketing talks are strongly discouraged.
Repeated audience feedback shows that the most successful talks focus on
operational experience, research results, or case studies.  For example,
presenters wishing to describe a commercial solution should focus on the
underlying technology and not attempt a product demonstration.

Presenters should indicate how much time they will require.  In general,
the time allocated for the different presentation formats is as follows:

- Plenary presentations: 20-25 minutes presentation with 5-10 minutes
  discussion
- Tutorials: up to two hours (Monday morning)
- Workshops: one hour (during evening sessions) to two hours (Monday
  morning)
- BoFs: approximately one hour
- Lightning talks: 10 minutes total for both presentation and any
  discussion

The following general requirements apply:

- Proposals must be submitted using the meeting submission system,
  https://ripe75.ripe.net/submit-topic/
- Lightning talks should also be submitted using the meeting submission
  system (https://ripe75.ripe.net/submit-topic/) and can
  be submitted any time up to and including the meeting week. The
  allocation of lightning talks will be announced on short notice, in
  some cases on the same day but often one day prior to the time slot
  allocated.
- Presenters who propose a panel or BoF are encouraged to include
  speakers from several (perhaps even competing) companies and/or a
  neutral facilitator.
- All presentation proposals will only be considered by the PC if they
  contain at least draft presentation slides (slides may be updated
  later on). For panels, proposals must contain a clear description, as
  well as the names of invited panellists, presenters and moderators.

If you have any questions or requests concerning content submissions,
please email pc [at] ripe [dot] net.


-- 
Benno J. Overeinder
NLnet Labs
http://www.nlnetlabs.nl/