Illegal usage of AS51888 (and PI 91.220.85.0/24) from AS42989 and AS57954 (in ukraine)

Fri, 03 May 2013 10:50:35 -0700 

Hello there,

Seems there is some people in Ukraine that love to use IP and AS that doesn't 
belong to them.

See :
#sh ip bgp 91.220.85.0/24      
BGP routing table entry for 91.220.85.0/24, version 6661169
Paths: (2 available, best #1, table Default-IP-Routing-Table)
 Advertised to update-groups:
       1
 174 8359 8359 13249 57954 42989 51888, (received & used)
   149.11.xx.xx from 149.11.xxx.xxx (38.28.xx.xx)
     Origin IGP, metric 14050, localpref 100, valid, external, best
     Community: 11424365 11425269
 24990 21371 8359 13249 57954 42989 51888, (received & used)
   185.3.25.1 (metric 10) from 185.17.xxx.xxx (185.17.xxx.xxx)
     Origin IGP, metric 0, localpref 100, valid, internal, not synchronized


According to RIPE database :
aut-num:        AS51888
as-name:        PILOTSYSTEMS-AS
descr:          Pilot Systems consulting SARL
org:            ORG-PS74-RIPE
import:         from AS16128 accept ANY
import:         from AS29075 accept ANY
import:         from AS35189 accept ANY
export:         to AS16128 announce AS51888
export:         to AS29075 announce AS51888
export:         to AS35189 announce AS51888
admin-c:        DS7922-RIPE
tech-c:         GLM89-RIPE
tech-c:         XB80-RIPE
mnt-by:         RIPE-NCC-END-MNT
mnt-by:         MNT-KAZAR
mnt-by:         MNT-PILOTSYSTEMS
mnt-routes:     MNT-KAZAR
mnt-routes:     MNT-PILOTSYSTEMS
source:         RIPE #Filtered

Seems that there is no AS42989 as upstream.... So we can consider that AS42989 
is handle illicit activities, and does not filter prefixes (same also for 
AS57954).

That's cool but those people in UA, use that prefix to send spam, as LIR member 
I got thousands of mails from people that get thoses IP as spam source.

Needs really that rpki and other stuff to be deployed massively.

If some people from those UA AS can do their job instead of getting the 
honeypot of spammers, this should be better for everyone.

I have already tried to contact abuse / email from ripe data base : no MX, 
mailbox doesn't exist, even the domain doesn't exist...

Maybe AS-MTU doesn't lookaround the quality of their customers ? So bad...

People there that have some PI and unused AS, have a look if your ressources 
are not used by someone that should not use them.

Xavier

Reply via email to