On Fri, Sep 6, 2019 at 8:13 AM Neo Soon Keat <n...@soonkeat.sg> wrote:
> Sorry, re-sending to include the list. > > Looking at the history of the prefix, it does look like it did belong to > the now-defunct Port of Melbourne Authority, with the matching e-mail > address. That particular organization, however, no longer exists, having > been absorbed into the Port of Melbourne Corporation, which is a proper > statutory organization in Australia. > > A quick MX lookup does show that pma.vic.gov.au does not have any > functioning mail servers on it however, and likely hasn’t been for some > time (given it was absorbed in 2003). > > it's hard for a domein that doesn't exist to have any records, really... just sayin. > On Sep 6, 2019, at 21:26, Mel Beckman <m...@beckman.org> wrote: > > > A quick check of one of your facts produces unexpected results, so you > might want to perform more research. According the APNIC, 139.44.0.0/16 > does not “belong unambiguously to the Port Authority of Melbourne”. It > belongs to an individual, with an *office address *at a building *called > “*Port Authority of Melbourne”: > > person: Rob Shute > > address: Port of Melbourne Authority > Level 47 South > 525 Collins St > > country: AU > phone: +61 3 9628 7613 > e-mail: d...@pma.vic.gov.au > nic-hdl: RS54-AP > remarks: ---------- > remarks: imported from ARIN object: > remarks: > remarks: poc-handle: RS546-ARIN > remarks: is-role: N > remarks: last-name: Shute > remarks: first-name: Rob > remarks: street: Port of Melbourne Authority > Level 47 South > 525 Collins St > remarks: country: AU > remarks: mailbox: d...@pma.vic.gov.au > remarks: bus-phone: +61 3 9628 7613 > remarks: reg-date: 1970-01-01 > remarks: changed: hostmas...@arin.poc 20001127 > remarks: source: ARIN > remarks: > remarks: ---------- > notify: d...@pma.vic.gov.au > mnt-by: MNT-ERX-PRTMELAUTH-NON-AU > <https://wq.apnic.net/static/search.html?query=MNT-ERX-PRTMELAUTH-NON-AU> > last-modified: 2008-09-04T07:31:33Z > source: APNIC > > The *building *called the Port Authority of Melbourne is not, by all > accounts, a government agency. It’s just the name of a 54-story office > building, like the World Trade Center in NYC. In fact, *World Trade > Centre (Melbourne) *is another name for the building, and although it > houses the Port of Melbourne Authority agency (on Level 4, not Level 47), > it appears to be largely just a toney address for business offices. Some, > perhaps, not unlike American “Mail Boxes Etc” (although I haven’t confirmed > this). But the following Wikipedia excerpt says this unambiguously: > > *The building currently houses some offices of the headquarters of > Victoria Police, and the Victoria Police Museum , a collection of exhibits > and memorabilia from over 150 years of policing in Victoria.[3] It also > houses offices for companies, including Thales Australia.* > > https://en.m.wikipedia.org/wiki/Port_of_Melbourne_Authority > > Now, I’m not an Ossie, and in fact have never been down under, but it > seems likely that the *address* in the registration is akin to a US > business having a World Trade Center address in NYC. It means nothing as > far as APNIC asset ownership is concerned. It’s just an address. > > I could be wrong. However, it seems a simple fact to verify by calling > management at that building. I tried sending email to the registered “. > gov.au” address: > > d...@pma.vic.gov.au > > But the domain does not exist. > > -mel beckman > > On Sep 6, 2019, at 1:30 AM, Ronald F. Guilmette <r...@tristatelogic.com> > wrote: > > Few of you here probably know about this, but nearly a week ago now > an article appeared in South Africa's largest and most popular online > tech publication, MyBroadband.co.za. It detailed many, but certainly not > all of the results of my multi-month investigation of a massive and > ongoing fraud involving the theft of large numbers of large (generally > /16 or larger) abandoned legacy blocks, taken from the AFRINIC region > and beyond: > > > https://mybroadband.co.za/news/internet/318205-the-big-south-african-ip-address-heist-how-millions-are-made-on-the-grey-market.html > > For various editorial reasons, the article that was published actually > downplayed the magnitude of the of the thefts quite dramatically. The > totality of the IPv4 space that has been stolen or squatted, primarily > but not exclusively, from South African companies and South African > national > goverment agencies and departments is actually at least 5x bigger than what > was reported in the MyBroadband.co.za article. > > The overwhelming majority of this stolen and squatted IPv4 space has > been helpfully routed by Cogent (AS174), to their customer, FDCServers > of Chicago, and then on to the prefered destinations of a certain Mr. > Elad Cohen of Israel, and his company Netstyle Atarim, Ltd. (I have > saved traceroutes up the wazoo that prove the involvement of FDCServers, > in particular, in all of this.) > > Mr. Cohen has been exceptionally prolific in his IPv4 theft and squatting > activities, basically grabbing everything that wasn't nailed down, both > within the AFRINIC region and also within the APNIC region. > > In order to try to legitimize all of these thefts and squats, Mr. Cohen > created quite a sizable number of fradulent route: objects within the > Merit/RADB data base which, as most here should already know, has > essentially zero authentication of any kind before it allows J. Random > Luser to add pretty much any any route: object he wants to the RADB. > > Here's a full listing of all of Mr. Cohen's RADB route: objects as they > existed as recently as August 17th: > > https://pastebin.com/raw/ZNgNuvtt > > And here is the short summary version showing just all of the > prefixes/CIDRs > that Mr. Cohen was effectively claiming rights and/or title to as of that > same date: > > https://pastebin.com/raw/4LTaCg5R > > Plese do note the numerous blocks of size /16 or greater. > > The bottom line is that this one tiny little Israeli company was > effectively > claiming rights to a total of no fewer than 1,015,808 IPv4 addresses as of > August 17th, 2019. (Not too shabby for one lone guy who teaches > programming > classes as a side job!) Vitrually all of the space is "legacy" IPv4 space, > and generally consists of blocks having sizes of /16 or larger. > > Some of Mr. Cohen claims in his RADB entries are as humorous as they > are pathetically fradulent. For example, Mr. Cohen has effectively > claimed rights to 139.44.0.0/16 which unambiguously belongs to the Port > Authority of the City of Melbourne, Australia. But hell! That's merely > city property! Mr. Cohen's limitless appetite for other people's IPv4 > space is more vividly on display in his claims to ownerhip over the > 168.198.0.0/16 block, which actually belongs to the Department of Finance > of the Australian national government. And I haven't even mentioned yet > another of Mr. Cohen volumous IPv4 acqusitions, the 165.25.0.0/16 block, > which he did not see fit to create an RADB entry for, but which he's > been squatting on for for quite some time now, quite clearly with the > aid and assistance of both Cogent and FDCServers. That one belongs to > th City of Cape Town, South Africa. That city's engineers have been > struggling to regain control of their block back from Cogent, from > FDCServers, and from Mr. Cohen for some time now. I know because I've > personally spoken to them about it. Cogent, in its infinite wisdom, is > continuing to fight the city for control over property that clearly and > righfully belongs to the City of Cape Town, even as we speak: > > https://drive.google.com/file/d/1ytRj1CtuVhDa0eGu4BT-oEz593y5EwJa/view > > When asked for LOAs attesting to his legitimate authority to route at > least a few of these blocks, Mr. Cohen has produced blatantly forged > documents, many of which appeared in the MyBroadband.co.za story. And > when I say "blatant" that's a gross understatement. Any half-way decent > forger would consider these documents an embarrasment. The documents all > bear identical signatures, and identical and vaguely official looking > stamps, and purport to actually be sales reciepts attesting to the > alleged purchases, by Mr. Cohen's offshore Seychelles Islands shell > company, Afri Holdings, Ltd., of various /16 blocks from a mysterious > company called Afrivestment, Ltd., which may actually exist in some > faraway galaxy, or in Mr. Cohen's active imagination, but which both > Google and OpenCorporates.com seem to agree exists exactly noplace on > this planet. Here are the manufactured LOAs supplied by Mr. Cohen: > > https://drive.google.com/file/d/1hVjmR6u0ANltuXtZ-Kng8io-EGFyevTR/view > https://drive.google.com/file/d/1x_44_H5hkcFLhEwpkwfFoR5PJUyXHzxJ/view > https://drive.google.com/file/d/1yQyqn4q_f3bt-wDVoN1FzbXf1k58DXtK/view > > Recently, Cohen started to move some, but not all, of his stolen and > squatted > IPv4 blocks off of Cogent/FDCServers and onto a friendly little > bullet-proof > hosting company in the Netherlands named IP Volume, Inc. (AS202425) and/or > to its several sister networks, e.g. AS204655 - Novogara Ltd., all of > which, > coincidently, just happen to be owned by the exact same pair of Dutch > gentlemen who previously owned the notorious Ecatel, follwed by the > notorious > Quasi Networks. (IP Volume, Inc. appears to have intherited all or nearly > all of its legitimately assigned IP space from its predecessor entities, > Ecatel and Quasi Networks.) > > Despite these relocations, many of Mr. Cohen's stolen and squatted blocks > are still helpfully being routed to Mr. Cohen's preferred desitnations by > his good friends at Cogent and FDCServers, even as we speak. The current > set of such routes that Cogent is maintaining, at the moment, apparently on > behalf of their customer, Mr. Cohen, consists of the prefixes listed here: > > https://pastebin.com/raw/EA3xJVLF > > When I noticed two days ago that all of these routes were still up I was > deeply confused. Did both Cogent and FDCServrs not get the memo?? Do > they not know yet that Cohen is stealing stuff, left, right, and sideways? > Did nobody even tell them about the MyBroadband.co.za article which was > published this past Sunday? I decided that it was incumbant upon me to > find out. > > Thus, more that 48 hours ago now I sent the following polite but firm > inquiry to Cogent, and a separate nearly identical one directly to the > CEO of FDCServers, Mr. Petr Kral (petr(at)fdcservers.net). > > https://pastebin.com/raw/ztipqE96 > > A full forty eight hours later, I have received no reply whatsoever from > either Cogent or FDCServers, not even a "Go pound sand" type of response. > > More importantly, most of the stolen IPv4 space that I called out, very > specifically, to both Cogent and FDCservers two+ days ago now is still > being routed by Cogent/FDCservers to their fun-loving and, I'm sure, > promptly paying customer, Mr. Cohen. If neither Cogent nor FDCServers > still do not know now that Mr. Cohen is a crook, and that he has glommed > onto quite a lot of stolen and squatted IPv4 space... which they have > been helpfully routing for him, no doubt in exchange for some handsome > payments... then I am foreced to say that it appears to be a reasonable > conclusion that it must be because neither Cogent nor FDCServers really > wants to know what sort of a character Cohen is, or what he has been up > to, specifically with their ongoing and material assistance. > > But you all be the judges. What does it look like to you? > > > Regards, > rfg > >
