On Tue, May 31, 2016 at 10:21:31AM +0000, Dickinson, Ian wrote:
There appears to be abuse happening in the RIPE db - presumably to allow other online activity to be done with abuse indirection to an innocent bystander (e.g. my employer) - all over the last day or two...
The specific items I noticed are all inet6num maintained by BSKYB-BROADBAND44-MNT, along with BSKYB-BROADBAND44-MNT itself, and ORG-BBH4-RIPE and ACRO772-RIPE This was due to the fake objects referring to our real role/person objects.
It appears that there are many other faked entries under 2a07:7ec0::/29 - pretending to be Deutsche Telekom or Time Warner Cable for example. Either that LIR is a bad actor, or their maintainer credentials have been 0wned.
This needs to be killed off.
I concur that this looks like a purposefully engineered effort to hide something. Review the output of the following command: $ whois -h whois.ripe.net -- "-M 2a07:7ec0::/29 -T inet6num" <snip tons of inet6nums> $ whois -h whois.ripe.net -- "-M 2a07:7ec0::/29 -T inet6num" | grep org-name | sort -u org-name: ASAHI Net,Inc. org-name: BSkyB Broadband Hostmaster org-name: Deutsche Telekom AG org-name: KPN B.V. org-name: Orange France S.A. org-name: Telstra Pty Ltd org-name: Time Warner Cable LLC Kind regards, Job