RE: DDOS-Guard [was: Parler]

[Jean St-Laurent via NANOG]

This one ended up in Junk. I guess you pasted too much domain names with "Junk" 
behaviours. 

I removed the domain names from this reply.

Interesting list though. Thanks for sharing. Any others got that in their junk?


Jean St-Laurent 
CISSP #634103

ddosTest me security inc
site:  https://ddostest.me 
email:  j...@ddostest.me 


-Original Message-
From: NANOG  On Behalf Of Rich 
Kulawiec
Sent: January 21, 2021 8:02 AM
To: nanog@nanog.org
Subject: DDOS-Guard [was: Parler]

About this network:

On Sun, Jan 17, 2021 at 01:27:10PM -0800, William Herrin wrote:

[snip]

> inetnum: 190.115.16.0/20
> status:  allocated
> aut-num: AS262254
> owner:   DDOS-GUARD CORP.
> ownerid: BZ-DALT-LACNIC
> responsible: Evgeniy Marchenko
> address: 1/2Miles Northern Highway, --, --
> address: -- - Belize - BZ

[snip]

I've taken a look at this /20 and recommend either firewalling it
(bidrectionally) or null-routing it.  It's loaded with scammy domains, many of 
which are typosquatting on Hulu, Roku, Netgear, ATT, Facebook, Norton, AOL, HP, 
Canon, SBC, Epson, Bitdefender, Rand-McNally, Roadrunner, McAfee, Magellan, 
Office365, Tomtom, Garmin, Webroot, Brother, Belkin, Linksys, and probably some 
others that I overlooked while eyeballing the list.

Appended below is a partial list of domains.  All of these either
(a) are using nameservers in that /20 or (b) have A records that resolve to 
that /20 or (c) both, as of when I checked this week.  Notes:
(1) this list is likely only a subset of what's actually there and
(2) h/t to Brian Krebs for cataloging some of these in a blog post.

---rsk

Weekly Routing Table Report

[Routing Analysis Role Account]

This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.

The posting is sent to APOPS, NANOG, AfNOG, SANOG, PacNOG, SAFNOG
TZNOG, MENOG, BJNOG, SDNOG, CMNOG, LACNOG and the RIPE Routing WG.

Daily listings are sent to bgp-st...@lists.apnic.net

For historical data, please see http://thyme.rand.apnic.net.

If you have any comments please contact Philip Smith .

Routing Table Report   04:00 +10GMT Sat 30 Jan, 2021

Report Website: http://thyme.rand.apnic.net
Detailed Analysis:  http://thyme.rand.apnic.net/current/

Analysis Summary


BGP routing table entries examined:  841044
Prefixes after maximum aggregation (per Origin AS):  321740
Deaggregation factor:  2.61
Unique aggregates announced (without unneeded subnets):  401597
Total ASes present in the Internet Routing Table: 70404
Prefixes per ASN: 11.95
Origin-only ASes present in the Internet Routing Table:   60529
Origin ASes announcing only one prefix:   25033
Transit ASes present in the Internet Routing Table:9875
Transit-only ASes present in the Internet Routing Table:309
Average AS path length visible in the Internet Routing Table:   4.4
Max AS path length visible:  33
Max AS path prepend of ASN ( 45582)  27
Prefixes from unregistered ASNs in the Routing Table:   880
Number of instances of unregistered ASNs:   882
Number of 32-bit ASNs allocated by the RIRs:  34869
Number of 32-bit ASNs visible in the Routing Table:   28943
Prefixes from 32-bit ASNs in the Routing Table:  134969
Number of bogon 32-bit ASNs visible in the Routing Table:14
Special use prefixes present in the Routing Table:1
Prefixes being announced from unallocated address space:728
Number of addresses announced to Internet:   2919079808
Equivalent to 173 /8s, 253 /16s and 159 /24s
Percentage of available address space announced:   78.8
Percentage of allocated address space announced:   78.8
Percentage of available address space allocated:  100.0
Percentage of address space in use by end-sites:   99.5
Total number of prefixes smaller than registry allocations:  285501

APNIC Region Analysis Summary
-

Prefixes being announced by APNIC Region ASes:   221165
Total APNIC prefixes after maximum aggregation:   65381
APNIC Deaggregation factor:3.38
Prefixes being announced from the APNIC address blocks:  216975
Unique aggregates announced from the APNIC address blocks:88079
APNIC Region origin ASes present in the Internet Routing Table:   11239
APNIC Prefixes per ASN:   19.31
APNIC Region origin ASes announcing only one prefix:   3213
APNIC Region transit ASes present in the Internet Routing Table:   1604
Average APNIC Region AS path length visible:4.6
Max APNIC Region AS path length visible: 30
Number of APNIC region 32-bit ASNs visible in the Routing Table:   6377
Number of APNIC addresses announced to Internet:  778701568
Equivalent to 46 /8s, 106 /16s and 11 /24s
APNIC AS Blocks4608-4864, 7467-7722, 9216-10239, 17408-18431
(pre-ERX allocations)  23552-24575, 37888-38911, 45056-46079, 55296-56319,
   58368-59391, 63488-64098, 64297-64395, 131072-143673
APNIC Address Blocks 1/8,  14/8,  27/8,  36/8,  39/8,  42/8,  43/8,
49/8,  58/8,  59/8,  60/8,  61/8, 101/8, 103/8,
   106/8, 110/8, 111/8, 112/8, 113/8, 114/8, 115/8,
   116/8, 117/8, 118/8, 119/8, 120/8, 121/8, 122/8,
   123/8, 124/8, 125/8, 126/8, 133/8, 150/8, 153/8,
   163/8, 171/8, 175/8, 180/8, 182/8, 183/8, 202/8,
   203/8, 210/8, 211/8, 218/8, 219/8, 220/8, 221/8,
   222/8, 223/8,

ARIN Region Analysis Summary


Prefixes being announced by ARIN Region ASes:243040
Total ARIN prefixes after maximum aggregation:   112030
ARIN Deaggregation factor: 2.17
Prefixes being announced from the ARIN address blocks:   243557
Unique aggregates announced from the ARIN address blocks:116174
ARIN Region origin ASes present in the Internet Routing Table:18696
ARIN Prefixes per ASN:13.03
ARIN