Re: IP Hijacking For Dummies
On Mon, Jun 05, 2017 at 04:46:04PM -0700, Ronald F. Guilmette wrote a message of 85 lines which said: > Late last night, I put together the following simple annotated listing of > the routes being announced by AS34991. Note that they apparently stopped on 7 june.
Re: IP Hijacking For Dummies
On Mon, Jun 05, 2017 at 04:46:04PM -0700, Ronald F. Guilmette wrote a message of 85 lines which said: > I just think that by now, in 2017, we should have a somewhat more > skilled class of frauds, rogues, criminals and spies on the > Internet. "This city deserves a better class of criminal and I'm gonna give it to them." -- The Joker (in one of the Batman movies)
Re: IP Hijacking For Dummies
On Mon, Jun 05, 2017 at 04:46:04PM -0700, Ronald F. Guilmette wrote: > It did also strike me as passing strange that this company has apparently > elected to not actually put its own web server, name servers, or mail > server anywhere within its own duly allocated IPv4 blocks. Out of curiosity, I ran a DNS scan against all of the /24's that you enumerated (thank you, by the way). I am also perplexed that a hosting company which has "sold out" of virtual servers seems to have precious few servers -- of any type -- represented in its DNS records. To save everyone else the trouble, I'm appending below all the results (1023) that did not result in NXDOMAIN or SERVFAIL (5121). Note in re the last dozen on the list: I believe "correo" translates to "post", in the sense of "mail", so those may well be (customer?) mail servers. ---rsk 168.176.194.11 palmi19411.palmira.unal.edu.co 168.176.194.12 palmi19412.palmira.unal.edu.co 168.176.194.13 palmi19413.palmira.unal.edu.co 168.176.194.14 palmi19414.palmira.unal.edu.co 168.176.194.15 palmi19415.palmira.unal.edu.co 168.176.194.16 palmi19416.palmira.unal.edu.co 168.176.194.17 palmi19417.palmira.unal.edu.co 168.176.194.18 palmi19418.palmira.unal.edu.co 168.176.194.19 palmi19419.palmira.unal.edu.co 168.176.194.20 palmi19420.palmira.unal.edu.co 168.176.194.21 palmi19421.palmira.unal.edu.co 168.176.194.22 palmi19422.palmira.unal.edu.co 168.176.194.23 palmi19423.palmira.unal.edu.co 168.176.194.24 palmi19424.palmira.unal.edu.co 168.176.194.25 palmi19425.palmira.unal.edu.co 168.176.194.26 palmi19426.palmira.unal.edu.co 168.176.194.27 palmi19427.palmira.unal.edu.co 168.176.194.28 palmi19428.palmira.unal.edu.co 168.176.194.29 palmi19429.palmira.unal.edu.co 168.176.194.30 palmi19430.palmira.unal.edu.co 168.176.194.31 palmi19431.palmira.unal.edu.co 168.176.194.32 palmi19432.palmira.unal.edu.co 168.176.194.33 palmi19433.palmira.unal.edu.co 168.176.194.34 palmi19434.palmira.unal.edu.co 168.176.194.35 palmi19435.palmira.unal.edu.co 168.176.194.36 palmi19436.palmira.unal.edu.co 168.176.194.37 palmi19437.palmira.unal.edu.co 168.176.194.38 palmi19438.palmira.unal.edu.co 168.176.194.39 palmi19439.palmira.unal.edu.co 168.176.194.40 palmi19440.palmira.unal.edu.co 168.176.194.41 palmi19441.palmira.unal.edu.co 168.176.194.42 palmi19442.palmira.unal.edu.co 168.176.194.43 palmi19443.palmira.unal.edu.co 168.176.194.44 palmi19444.palmira.unal.edu.co 168.176.194.45 palmi19445.palmira.unal.edu.co 168.176.194.46 palmi19446.palmira.unal.edu.co 168.176.194.47 palmi19447.palmira.unal.edu.co 168.176.194.48 palmi19448.palmira.unal.edu.co 168.176.194.49 palmi19449.palmira.unal.edu.co 168.176.194.50 palmi19450.palmira.unal.edu.co 168.176.194.51 palmi19451.palmira.unal.edu.co 168.176.194.52 palmi19452.palmira.unal.edu.co 168.176.194.53 palmi19453.palmira.unal.edu.co 168.176.194.54 palmi19454.palmira.unal.edu.co 168.176.194.55 palmi19455.palmira.unal.edu.co 168.176.194.56 palmi19456.palmira.unal.edu.co 168.176.194.57 palmi19457.palmira.unal.edu.co 168.176.194.58 palmi19458.palmira.unal.edu.co 168.176.194.59 palmi19459.palmira.unal.edu.co 168.176.194.60 palmi19460.palmira.unal.edu.co 168.176.194.61 palmi19461.palmira.unal.edu.co 168.176.194.62 palmi19462.palmira.unal.edu.co 168.176.194.63 palmi19463.palmira.unal.edu.co 168.176.194.64 palmi19464.palmira.unal.edu.co 168.176.194.65 palmi19465.palmira.unal.edu.co 168.176.194.66 palmi19466.palmira.unal.edu.co 168.176.194.67 palmi19467.palmira.unal.edu.co 168.176.194.68 palmi19468.palmira.unal.edu.co 168.176.194.69 palmi19469.palmira.unal.edu.co 168.176.194.70 palmi19470.palmira.unal.edu.co 168.176.194.71 palmi19471.palmira.unal.edu.co 168.176.194.72 palmi19472.palmira.unal.edu.co 168.176.194.73 palmi19473.palmira.unal.edu.co 168.176.194.74 palmi19474.palmira.unal.edu.co 168.176.194.75 palmi19475.palmira.unal.edu.co 168.176.194.76 palmi19476.palmira.unal.edu.co 168.176.194.77 palmi19477.palmira.unal.edu.co 168.176.194.78 palmi19478.palmira.unal.edu.co 168.176.194.79 palmi19479.palmira.unal.edu.co 168.176.194.80 palmi19480.palmira.unal.edu.co 168.176.194.81 palmi19481.palmira.unal.edu.co 168.176.194.82 palmi19482.palmira.unal.edu.co 168.176.194.83 palmi19483.palmira.unal.edu.co 168.176.194.84 palmi19484.palmira.unal.edu.co 168.176.194.85 palmi19485.palmira.unal.edu.co 168.176.194.86 palmi19486.palmira.unal.edu.co 168.176.194.87 palmi19487.palmira.unal.edu.co 168.176.194.88 palmi19488.palmira.unal.edu.co 168.176.194.89 palmi19489.palmira.unal.edu.co 168.176.194.90 palmi19490.palmira.unal.edu.co 168.176.194.91 palmi19491.palmira.unal.edu.co 168.176.194.92 palmi19492.palmira.unal.edu.co 168.176.194.93 palmi19493.palmira.unal.edu.co 168.176.194.94 palmi19494.palmira.unal.edu.co 168.176.194.95 palmi19495.palmira.unal.edu.co 168.176.194.96 palmi19496.palmira.unal.edu.co 168.176.194.97 palmi19497.palmira.unal.edu.co 168.176.194.98 palmi19498.palmira.unal.edu.co 168.176.194.99 pa
Re: IP Hijacking For Dummies
In message Aftab Siddiqui wrote: >Same mobile number (+92-304-4000736 <+92%20304%204000736>) and address are >listed here for Blue Angel Hosting with only 1 peer AS206776. I noticed Blue Angel. I -didn't- notice that it had the same phone number as the other thing, host-offshore.com, which looks to me like a paper-mache mock up of a false front of a sham of a mockery of travesty of a sham. I am terrifically tempted, right at this moment, to engage in at least a couple of noteworthy feats of unbridled cultural disparagement, directed pointedly at the owners/operators of blueangelhost.com/host-offshore.com, but I am restrained by the knowledge that any such would serve only to sully my own already dubious reputation, such as it is. So I simply ask readers to imagine the kinds of verbal venom that I would point in that direction if the better angels of my nature did not, on this occaasion, prevail. Regards, rfg
Re: IP Hijacking For Dummies
Same mobile number (+92-304-4000736 <+92%20304%204000736>) and address are listed here for Blue Angel Hosting with only 1 peer AS206776. aut-num:AS206349 as-name:blueangelhost org:ORG-BPL5-RIPE sponsoring-org: ORG-HGC2-RIPE import: from AS206776 accept ANY export: to AS206776 announce AS206349 import: from AS57344 accept ANY export: to AS57344 announce AS206349 admin-c:SS30461-RIPE tech-c: SS30461-RIPE remarks:For information on "status:" attribute read https://www.ripe.net/data-tools/db/faq/faq-status-values-legacy-resources status: ASSIGNED mnt-by: RIPE-NCC-END-MNT mnt-by: blueangelhost mnt-routes: blueangelhost created:2017-02-08T10:44:15Z last-modified: 2017-02-08T10:44:15Z source: RIPE organisation: ORG-BPL5-RIPE org-name: BlueAngelHost Pvt. Ltd org-type: OTHER address:HOUSE NO 173 STREET NO 4 BLOCK E YOHANA ABAD, FEROZ PUR ROAD, LAHORE, PAKISTAN abuse-c:ACRO1320-RIPE mnt-ref:MNT-NETERRA mnt-ref:AZ39139-MNT mnt-ref:MNT-LIR-BG mnt-by: blueangelhost created:2016-10-21T17:23:02Z last-modified: 2016-11-01T21:03:31Z source: RIPE # Filtered person: Sunil Shahzad address:HOUSE NO 173 STREET NO 4 BLOCK E YOHANA ABAD, FEROZ PUR ROAD, LAHORE, PAKISTAN phone: +92-304-4000736 nic-hdl:SS30461-RIPE mnt-by: blueangelhost created:2016-10-21T17:19:19Z last-modified: 2016-10-21T17:19:19Z source: RIPE On Tue, 6 Jun 2017 at 09:48 Ronald F. Guilmette wrote: > > Late last night, I put together the following simple annotated listing of > the routes being announced by AS34991. > > Beyond the quite apparent fact that this "Bulgarian" network is announcing > a bunch of routes for blocks of IPv4 space allocated to various parties > within the nation of Columbia (including the National University thereof) > the other thing that struck me about this was the apparent relevance of > a company called "host-offshore.com". > > Looking at the web site for that, it provides only a single contact > phone number which is unambiguously a -Pakistani- phone number. But > of course, that makes perfect sense, because Pakistan is just down the > street from Bulgaria (NOT!) > > It did also strike me as passing strange that this company has apparently > elected to not actually put its own web server, name servers, or mail > server anywhere within its own duly allocated IPv4 blocks. > > Things got even a bit more interesting when I tried to actually order a > server from this company. Apparently, all of their virtual servers > are "sold out". However... and please, somebody check me on this... > I guess that all of the browsers on all of the platforms I have ready > access to are broken or something, because try as I might, I could never > quite succeed at reaching any page on this company's web site where I > could order up -any- kind of server, virtual, dedicated, or otherwise. > > So, you know, this hosting company appears somewhat unique and unusual, > at least from where I am sitting, in the sense that it is perhaps the > only such "hosting" company that I've ever run across in my travels that > doesn't actually have -anything- for sale. > > Personally, I don't really give a rat's ass if this site is just a cover > for some inept criminals, or for Panstani ISI, or for the FSB, or for > some of Putin's patriots, or even if it belongs to the NSA. But I cannot > help but bemoan the fact that here we are, and it is 2017 already, and > yet, whichever bunch of lame-ass jerks are in fact behind this thing, > apparently aren't even capable of slapping together a cover web site > that is more than just some entirely shallow and not very effective false > front. > > As a researcher and student of such things, I just think that by now, > in 2017, we should have a somewhat more skilled class of frauds, rogues, > criminals and spies on the Internet. I mean this is just baby stuff, > and it only takes a couple of minutes and few clicks to see past such > transparent gibberish. > > So c'mon all ye criminals, rogues and spys! You need to up your game > fer cryin' out loud! At least present us with something a bit more > challenging than -this- kind of very superflous crap. I mean, have you > no self-respect? > > Gssshhh! > > > Regards, > rfg > > > > === > 79.124.77.0/24 -- Bulgaria -- host-offshore.com > 82.118.233.0/24 -- Blugaria -- wirelessnetbg.info > 91.92.144.0/24 -- Bulgaria -- host-offshore.com > 130.185.254.0/24 -- Belize? -- host-offshore.com - formerly routed by > Verdina) > 152.204.132.0/24 -- Columbia > 152.204.133.0/24 -- Columbia > 152.231.25.0/24 -- Columbia > 152.231.28.0/24 -- Columbia > 168.176.187.0/24 -- Columbia, National University of > 168.176.192.0/24 -- Columbia, National University o