AS47510 & AS35555 -- Bogon ASNs routing Bogon IPv4 space
I have just received a spam which has a so-called "payload" URL which the spammer wants me to visit, apparently so that I can be sold some male performance drugs of dubious origin. The domain part of the URL resolves to the IPv4 address 217.8.117.98. That address lies within a pair of bogon (unallocated) IPv4 address blocks, 217.8.116.0/24 and 217.8.117.0/24, that are both being routed by a common ASN, i.e. AS47510. https://bgp.he.net/AS47510#_prefixes It appears that AS47510 is itself an unallocated bogon at the present time: https://bgp.he.net/AS47510#_asinfo As can be readily seen at the above link, AS47510 is peering with only two other ASNs, i.e. AS29226 - JSC Mastertel (Russia) and AS35555 - Crex Fex Pex Internet System Solutions" LLC. The latter ASN, AS35555 also appears to be an unallocated bogon ASN at the present time. Nontheless, that does not appear to be preventing it from peering with yet another Russian network, AS213254 - OOO Rait Telecom: https://bgp.he.net/AS35555 It would be Nice, in my opinion, if someone who speaks Russian could make contact with the operators of AS29226 and AS213254 and respectfully suggest to them that they should cease peering with bogon ASNs, such as AS47510 and AS35555, including but not limited to bogon ASNs that are at present routing bogon IPv4 address space. Regards, rfg P.S. It appears that the company "Crex Fex Pex Internet System Solutions, LLC" which was the former owner of AS47510 and AS35555 and also AS60031 was a Russian entity, and one that most likely no longer qualifies as what one would call a "going concern": https://crex-fex-pex.ru/
On Fri, Dec 04, 2020 at 02:57:34PM -0800, Ronald F. Guilmette wrote:
I have just received a spam which has a so-called "payload" URL which the spammer wants me to visit, apparently so that I can be sold some male performance drugs of dubious origin.
The domain part of the URL resolves to the IPv4 address 217.8.117.98.
That address lies within a pair of bogon (unallocated) IPv4 address blocks, 217.8.116.0/24 and 217.8.117.0/24, that are both being routed by a common ASN, i.e. AS47510.
https://bgp.he.net/AS47510#_prefixes
It appears that AS47510 is itself an unallocated bogon at the present time:
https://bgp.he.net/AS47510#_asinfo
As can be readily seen at the above link, AS47510 is peering with only two other ASNs, i.e. AS29226 - JSC Mastertel (Russia) and AS35555 - Crex Fex Pex Internet System Solutions" LLC.
The latter ASN, AS35555 also appears to be an unallocated bogon ASN at the present time. Nontheless, that does not appear to be preventing it from peering with yet another Russian network, AS213254 - OOO Rait Telecom:
If you look at the previous whois - https://ipinfo.io/AS35555 still has a copy - you may notice that they had published a bunch of "user@spamhaus.org" addresses in "remarks:" field, which I suppose does not go very well with privacy laws and GDPR and is not an acceptable usage of the RIPE database. You may also find it interesting that, after running out of ASNs, they are currently announcing 217.8.117.0/24 from AS1214, an ASN in ARIN space ("Coloexchange") that had been entirely dormant (no announces) since January 2011 according to stat.ripe.net. It is somewhat suspect that an ASN of a US company without a web site comes back to life after almost 10 years of silence exclusively to announce a /24 in russian space, through a russian ISP.
It would be Nice, in my opinion, if someone who speaks Russian could make contact with the operators of AS29226 and AS213254 and respectfully suggest to them that they should cease peering with bogon ASNs, such as AS47510 and AS35555, including but not limited to bogon ASNs that are at present routing bogon IPv4 address space.
AS29226 is again involved, as they are the "AS1214" upstream. regards, furio
P.S. It appears that the company "Crex Fex Pex Internet System Solutions, LLC" which was the former owner of AS47510 and AS35555 and also AS60031 was a Russian entity, and one that most likely no longer qualifies as what one would call a "going concern":
Peace, On Sat, Dec 5, 2020, 1:57 AM Ronald F. Guilmette <rfg@tristatelogic.com> wrote:
It appears that AS47510 is itself an unallocated bogon at the present time:
https://bgp.he.net/AS47510#_asinfo
As can be readily seen at the above link, AS47510 is peering with only two other ASNs, i.e. AS29226 - JSC Mastertel (Russia) and AS35555 - Crex Fex Pex Internet System Solutions" LLC.
Both peering links are now down. The matters with AS35555 may be harder to resolve, though. -- Töma
In message <CALZ3u+YADAVB1HouHfsWKG4txTNO6xLqoD=-tjU831W-1CQJxg@mail.gmail.com> =?UTF-8?Q?T=C3=B6ma_Gavrichenkov?= <ximaera@gmail.com> wrote:
On Sat, Dec 5, 2020, 1:57 AM Ronald F. Guilmette <rfg@tristatelogic.com> wrote:
It appears that AS47510 is itself an unallocated bogon at the present time:
https://bgp.he.net/AS47510#_asinfo
As can be readily seen at the above link, AS47510 is peering with only two other ASNs, i.e. AS29226 - JSC Mastertel (Russia) and AS35555 - Crex Fex Pex Internet System Solutions" LLC.
Both peering links are now down.
The matters with AS35555 may be harder to resolve, though.
If possible please elaborate. It appears that AS35555, which is a bogon ASN, is bdeing kept alive at this point only by AS213254 -- Rait Telecom, which is just a seven-month old Russian company/ASN with -zero- IP allocations and apparently NO WEB SITE. And yet despite being only 7 months old and having absolutely no IP space of its own (and also no web site), Rait Telecom has somehow managed to work itself into the fabric of no fewer than seven European IXes: https://bgp.he.net/AS213254#_ix And it also has managed to acquire all these IPv4 peers: AS25091 IP-Max SA AS50340 OOO "Network of data-centers "Selectel" AS35297 Dataline LLC AS199524 G-Core Labs S.A. AS35555 "Crex Fex Pex Internet System Solutions" LLC AS49673 Truenetwork LLC AS8492 "OBIT" Ltd. AS42861 Foton Telecom CJSC AS35598 INETCOM LLC AS47441 TRUNK MOBILE, INC How exactly does that even happen? And who the hell are these people anyway? Regards, rfg
participants (3)
-
furio ercolessi -
Ronald F. Guilmette -
Töma Gavrichenkov