Domain: completewhois.com
Stories and comments across the archive that link to completewhois.com.
Comments · 9
-
Been there, done that.
I've rescued a hijacked
/16 a while back, cleaned it up and now have it as a souvenir (with the blessing of the original owner who is not using it globally). Fortunately the spammer who grabbed it wasn't very smart about it (contact info changed to obviously non-japanese info and the block was allocated through JPNIC).
Had to engage in a bit of a BGP war (deaggregated the block and announced it as 4 seperate /18s) but eventually got AT&T (AS7018), who the spammer had gotten to illegally announce the block, got the message and stopped.
One thing you always have to do is ALWAYS announce every block you have control over, even if you are not using it. There's a highly technical term for an unannounced block: TARGET.
For historical IP hijacking info, see completewhois.com (IP hijacking is by no means a new thing) -
ROKSO
Just add them to the ROKSO list and most ISPs won't route their traffic any more. Additionally this could be listed in the bogon zone at completewhois.
-
Get it from the horse's mouth
Go read the thread on NANOG. Or read the timeline here: http://www.renesys.com/blog/2008/02/pakistan_hijacks_youtube_1.shtml
The way this happened is the result of a fundamental weakness in BGP. A more specific prefix will trump a less specific one, so anyone who has a valid peer can advertise a more specific route and hijack IP space. This is frequently used by Cybercriminals to squat on unused IP space in larger netblocks.
There have been proposals to address this issue for some time. Maybe, now that a major site has fallen victim, something will actually be done about it.
Of course, we could solve the problem the way it was when the Internet was first designed: only allow trusted entities to connect at all. IMNSHO, if the Islamic world don't want to be in the 21st century, that's their choice, but they can't have their cake and eat it too. Unless and until they agree to the basic principles of the Internet: freedom of association and speech, they shouldn't be allowed to connect at all.
This was discussed yesterday, but somehow the mods didn't control the discussion degenerating into a debate about circumcision. -
Re:Who wants to eat crow?
Tell me, how is an IP address any different than a hostname in terms of control? Where a particular address ends up is determined by your next router alone.
Every heard how IP address spaces are hijacked or address spaces that shouldn't even be in use are actually used in the wild and are globally reachable?
Some links: http://www.completewhois.com/bogons/, http://www.cymru.com/Bogons/ -
Re:ExageratedWhy? It's certainly cut my spam down. When blackholes.us went down this week my spam shot up as my mail server starting taking mail from China, South Korea, Thailand, Hong Kong and Brazil. Replaced them yesterday with completewhois today and lo, the spam drops.
Yes, it may be the internet equivilant of a grated community, but when your surrounding environs are attacking you in some way you should protect yourself.
-
I used to block
.. all of
.il with an iptables script a mile long.
Got the info from http://www.completewhois.com/statistics/data/ips-b ycountry/rirstats/ and with a little bash magic, I had a bunch of
iptables -A INPUT -s x.x.x.x/x -j DROP
in one big script.
Why? I used to serve large files in an IRC channel with a fat EDU connection, but a handful of tools from .il ruined it for everyone else over there by hammering too much. -
You know...
It's not like I agree with this, if indeed things happened as the article state... but a quick google on FooNet (AKA / DBA CIT ) turns up some VERY interesting results.
I google'd quickly on a hunch, and sure enough I got some rather interesting hits.
I claim to know nothing about SPEWS and how they go about adding to the blacklists, but they apparently are no stranger to it.
Furthermore, it seems that this IS NOT the first run-in with the FBI that FooNet/CIT has had: from here, if you scroll down a bit, you'll see the following text: The FBI executed a search warrant issued by the United States District Court for the Southern District of Ohio regarding the IRC network that we host # We regret to inform you that on Saturday February 14, 2004 at approximately 8:35 am EST, FOONET/CIT's data center in Columbus, Ohio temporarily ceased operations. And this was from Feb. 14
...Another incident was reported out here on 07/12/03 (search the page for "foonet")
... seems that 84898 spams swamped a box, and follow-up by FooNet sucked - e.g. they turned a blind eye.There are far too many hits to return
... if you're interested in more, you can always head here. For now, I'll close with this: I do not agree with the methods used, if they were as described ... however, FooNet/CIT is no stranger to the FBI, and perhaps this is all rolled in to the Feb. 14th notice ... maybe the FBI actually gave them 10 days to comply... I'd really like to see how this ends. -
IPV4 addresses un/misused...
Here is a web site and project that tracks how IPv4 addresses are allocated and misused, i.e. hijacked: http://www.completewhois.com/statistics/index.htm .The way I read it, a huge percentage of IPv4 addresses are not even being used...
-
But first...
Here is a web site and project that tracks how IPv4 addresses are allocated and misused, i.e. hijacked: http://www.completewhois.com/statistics/index.htm. The way I read it, a huge percentage of IPv4 addresses are not even being used...