On Mon, Nov 17, 2014 at 11:21:23AM +0300, Sander Steffann wrote:
Hi Ronald,
It now seems certain to me that the absence of anything even remotely approximating proper validation of RIPE route objects is not, in fact, a problem which is limited to just inter-RiR situations. Apparently, RIPE member LIRs can just as easily hijack the IP blocks of other RIPE members as they can in the case of IP blocks belonging to parties in other regions.
I don't think so...
To be able to create the route object
route: 188.229.1.0/24 descr: Netserv-Client origin: AS43890 mnt-by: NETSERV-MNT source: RIPE
Authorisation from both the address block
inetnum: 188.229.0.0 - 188.229.63.255 netname: LTE-4G descr: new service for data country: IR admin-c: RL7844-RIPE tech-c: RL7844-RIPE status: ASSIGNED PA mnt-by: MCCI-MNT source: RIPE
and the AS number
aut-num: AS43890 as-name: NETSERV-AS descr: Netserv Consult SRL [...] org: ORG-SNCS6-RIPE status: ASSIGNED mnt-by: NETSERV-MNT mnt-by: RIPE-NCC-END-MNT mnt-routes: NETSERV-MNT source: RIPE
is required. So the route cannot be created unless MCCI-MNT and NETSERV-MNT both authorise it.
The assignment of 188.229.0.0/17 to mci.ir is relatively recent, probably issued: changed: hostmaster@ripe.net 20141027 Previously it was inetnum: 188.229.0.0 - 188.229.127.255 netname: RO-NETSERV-20090729 descr: Netserv Consult SRL country: RO org: ORG-NCS8-RIPE admin-c: MINC-RIPE tech-c: NSC-RIPE status: ALLOCATED PA mnt-by: RIPE-NCC-HM-MNT mnt-lower: NETSERV-MNT mnt-routes: NETSERV-MNT mnt-domains: NETSERV-MNT remarks: ------------------------------------ remarks: | Abuse e-mail: abuse@netserv.ro | remarks: | Support e-mail: support@netserv.ro | remarks: | Support phone: 4-0745888222 | remarks: ------------------------------------ and it indeed appeared to be leased to snowshoe spammers in its entirety. Similarly, inetnum: 31.2.128.0 - 31.2.255.255 netname: RO-NETSERV-20110405 descr: NETSERV CONSULT SRL country: RO org: ORG-NCS8-RIPE admin-c: MINC-RIPE tech-c: NSC-RIPE status: ALLOCATED PA mnt-by: RIPE-NCC-HM-MNT mnt-lower: NETSERV-MNT mnt-routes: NETSERV-MNT mnt-domains: NETSERV-MNT remarks: ------------------------------------ remarks: | Abuse e-mail: abuse@netserv.ro | remarks: | Support e-mail: support@netserv.ro | remarks: | Support phone: 4-0745888222 | remarks: ------------------------------------ inetnum: 46.51.0.0 - 46.51.127.255 netname: RO-NETSERV-20100727 descr: Netserv Consult SRL country: RO org: ORG-NCS8-RIPE admin-c: MINC-RIPE tech-c: NSC-RIPE status: ALLOCATED PA mnt-by: RIPE-NCC-HM-MNT mnt-lower: NETSERV-MNT mnt-routes: NETSERV-MNT mnt-domains: NETSERV-MNT remarks: ------------------------------------ remarks: | Abuse e-mail: abuse@netserv.ro | remarks: | Support e-mail: support@netserv.ro | remarks: | Support phone: 4-0745888222 | remarks: ------------------------------------ inetnum: 95.64.0.0 - 95.64.127.255 netname: RO-NETSERV-20081023 descr: Netserv Consult SRL country: RO org: ORG-NCS8-RIPE admin-c: MINC-RIPE tech-c: NSC-RIPE status: ALLOCATED PA mnt-by: RIPE-NCC-HM-MNT mnt-lower: NETSERV-MNT mnt-routes: NETSERV-MNT mnt-domains: NETSERV-MNT remarks: ------------------------------------ remarks: | Abuse e-mail: abuse@netserv.ro | remarks: | Support e-mail: support@netserv.ro | remarks: | Support phone: 4-0745888222 | remarks: ------------------------------------ inetnum: 164.138.128.0 - 164.138.191.255 netname: RO-NETSERV-20120319 descr: NETSERV CONSULT SRL country: RO org: ORG-NCS8-RIPE admin-c: MINC-RIPE tech-c: NSC-RIPE status: ALLOCATED PA mnt-by: RIPE-NCC-HM-MNT mnt-lower: NETSERV-MNT mnt-routes: NETSERV-MNT mnt-domains: NETSERV-MNT remarks: ------------------------------------ remarks: | Abuse e-mail: abuse@netserv.ro | remarks: | Support e-mail: support@netserv.ro | remarks: | Support phone: 4-0745888222 | remarks: ------------------------------------ So a possible scenario is that MCI.ir was in real need for IPv4 space, went on the market, found Netserv that had plenty of it unused (sort of) and made a deal with them. furio