Re: an IP hijacking attempt

I would encourage anyone who is not familiar with the full situation to read the recent history of AFRINIC events: https://afrinic.net/ast/pdf/afrinic-whois-audit-report-full-20210121.pdf https://afrinic.net/20200826-ceo-statement-on-ip-address-misappropriation https://krebsonsecurity.com/2019/1

Re: an IP hijacking attempt

Hi Brian On Thu, Mar 11, 2021 at 1:51 PM Brian Turnbow via NANOG wrote: > Hi Daniel, > > > > > > Tracing it back to the originator of the route is of course a good first > step. > > Yes, we have done that and the results were not good. The company that created the LOA is registered in the Seych

RE: an IP hijacking attempt

Hi Noah, > Would you care to share the said prefix?   This is the prefix we found associated with their name in the afrinic db. inetnum:169.239.204.0 - 169.239.207.255 Cheers, Brian

RE: an IP hijacking attempt

Hi Daniel, > > Tracing it back to the originator of the route is of course a good first step. Yes, we have done that and the results were not good. The company that created the LOA is registered in the Seychelles and they have IPs that were/are being revoked by Afrinic remarks:* * * *

Re: an IP hijacking attempt

Tracing it back to the originator of the route is of course a good first step. I would send an FYI to the RIR that allocated the prefix; preferably after the initial investigation established that it was not a genuine mistake. In that message I would make very clear if any action is requested

Re: an IP hijacking attempt

Beckman *Inviato:* martedì 9 marzo 2021 19:17 *A:* Brian Turnbow *Cc:* North American Network Operators' Group *Oggetto:* Re: an IP hijacking attempt It could just be a typo on the LOA. It seems unlikely any ISP would approve a forged LOA that could readily be debunked by contacting the IP space

Re: an IP hijacking attempt

9 marzo 2021 19:17 A: Brian Turnbow Cc: North American Network Operators' Group Oggetto: Re: an IP hijacking attempt It could just be a typo on the LOA. It seems unlikely any ISP would approve a forged LOA that could readily be debunked by contacting the IP space owner. The whole point of

Re: an IP hijacking attempt

Inviato: martedì 9 marzo 2021 19:17 A: Brian Turnbow Cc: North American Network Operators' Group Oggetto: Re: an IP hijacking attempt It could just be a typo on the LOA. It seems unlikely any ISP would approve a forged LOA that could readily be debunked by contacting the IP space owner. The

Re: an IP hijacking attempt

It could just be a typo on the LOA. It seems unlikely any ISP would approve a forged LOA that could readily be debunked by contacting the IP space owner. The whole point of LOA’s is to facilitate this verification. -mel via cell > On Mar 9, 2021, at 10:01 AM, Brian Turnbow via NANOG wrote: >