[AusNOG] IINET ip range hijacked?

Nick Hannaford nick.hannaford at telstra.net
Mon Sep 17 14:31:42 EST 2007 

This appears to be a 2 stage stuff - up!

1) CNNIC obviously allow entries that are invalid! 203.130.32.0 -
203.208.39.255 is not a valid whois range

2) APNIC not to filter whois data from NIRs (CNNIC in this case) expecting
it has been correctly formatted and that the whois ranges the NIRs are
supplying are delegated to the NIR. (both criteria fail)

One would expect APNIC should be doing some form of rudimentary checking of
the data.

Let me know if this does not get resolved and I will push for some checking
to be added on the APNIC.


Cheers Nick 

-----Original Message-----
From: ausnog-bounces at ausnog.net [mailto:ausnog-bounces at ausnog.net] On Behalf
Of Nick Slager
Sent: Monday, 17 September 2007 9:01 AM
To: Ben Buxton
Cc: ausnog at ausnog.net
Subject: Re: [AusNOG] IINET ip range hijacked?

I spoke to APNIC about this last week; it is a problem with data mirrored
from CNNIC.

APNIC have advised China NIC to remove the range from their whois database.

Nick


On 16/09/2007, at 11:56 pm, Ben Buxton wrote:

>
> Looks like a really nasty typo by the registrar. The range in the 
> whois data is just way too massive to possibly be accurate.
>
> My BGP feed tells me that AS24424 is advertising 203.208.32.0/19, 
> which means .130 should be .208.
>
> Someone might want to gently prod CNNIC.
>
> BB
>
> Carl Krumins <carl at kas.net.au> uttered the following thing:
>> Hi Guys
>>
>>
>>
>> Just had a few clients web sites hacked and removed from this IP 
>> address about 10:20pm aest which appears to be IINET but when doing a 
>> whois (see
>> below) brings up “Beijing Primezone Technologies Inc.”  ½ way through 
>> the whois..
>>
>>
>>
>> Is this china hijacking IINET’s ip space?
>>
>>
>>
>> inetnum:      203.130.32.0 - 203.208.39.255
>>
>> netname:      PRIMETELECOM
>>
>> descr:        Beijing Primezone Technologies Inc.
>>
>>
>>
>> that doesn’t look right..?
>>
>>
>>
>>
>>
>> [root at blue carl]# whois 203.206.183.220
>>
>> [Querying whois.apnic.net]
>>
>> [whois.apnic.net]
>>
>> % [whois.apnic.net node-2]
>>
>> % Whois data copyright terms    http://www.apnic.net/db/ 
>> dbcopyright.html
>>
>>
>>
>> inetnum:      203.206.0.0 - 203.206.255.255
>>
>> netname:      IINET-AU
>>
>> descr:        iiNet Limited
>>
>> descr:        Locked Bag 16
>>
>> descr:        Cloisters Square, WA, 6850
>>
>> country:      AU
>>
>> admin-c:      NO20-AP
>>
>> tech-c:       NO20-AP
>>
>> remarks:      For abuse/UCE issues, please mail abuse at iinet.net.au.
>>
>> status:       ALLOCATED PORTABLE
>>
>> mnt-by:       APNIC-HM
>>
>> mnt-lower:    MAINT-AU-IINET
>>
>> changed:      hostmaster at apnic.net 20010816
>>
>> changed:      hm-changed at apnic.net 20031017
>>
>> changed:      hm-changed at apnic.net 20031208
>>
>> changed:      hm-changed at apnic.net 20040726
>>
>> source:       APNIC
>>
>>
>>
>> person:       Network Operations
>>
>> nic-hdl:      NO20-AP
>>
>> e-mail:       apnic-admin at staff.iinet.net.au
>>
>> address:      iiNet Limited
>>
>> address:      Level 6, Durack Centre
>>
>> address:      263 Adelaide Terrace
>>
>> address:      Perth WA 6000
>>
>> phone:        +61 8 9214 2222
>>
>> fax-no:       +61 8 9214 2211
>>
>> country:      AU
>>
>> changed:      ianh at staff.iinet.net.au 20061117
>>
>> mnt-by:       MAINT-AU-IINET
>>
>> source:       APNIC
>>
>>
>>
>> inetnum:      203.130.32.0 - 203.208.39.255
>>
>> netname:      PRIMETELECOM
>>
>> descr:        Beijing Primezone Technologies Inc.
>>
>> descr:        44 Fu Cheng Road,Beijing,P.R.China
>>
>> country:      CN
>>
>> admin-c:      KS1-CN
>>
>> tech-c:       CZ1-CN
>>
>> mnt-by:       MAINT-CNNIC-AP
>>
>> mnt-lower:    MAINT-CNNIC-AP
>>
>> changed:      ipas at cnnic.cn 20070911
>>
>> status:       ALLOCATED PORTABLE
>>
>> source:       CNNIC
>>
>>
>>
>> person:       Kemin Shi
>>
>> nic-hdl:      KS1-CN
>>
>> e-mail:       ajtel at vip.sina.com
>>
>> address:      44 Fu Cheng Road,Beijing,P.R.China
>>
>> phone:        +86-10-88128844-811
>>
>> fax-no:       +86-10-88138844
>>
>> country:      CN
>>
>> changed:      ipas at cnnic.cn 20051026
>>
>> mnt-by:       MAINT-NEW
>>
>> source:       CNNIC
>>
>>
>>
>> person:       Cong Zhang
>>
>> nic-hdl:      CZ1-CN
>>
>> e-mail:       shikm at euncn.com
>>
>> address:      44 Fu-Cheng Road,Beijing,P.R.China
>>
>> phone:        +86-10-88128844
>>
>> fax-no:       +86-10-88138844
>>
>> country:      CN
>>
>> changed:      ipas at cnnic.cn 20060508
>>
>> mnt-by:       MAINT-NEW
>>
>> source:       CNNIC
>>
>>
>>
>> Carl Krumins
>> The K.A.S NET Group
>> www.kas.net.au <http://www.kas.net.au/>  <mailto:carl at kas.net.au> 
>> carl at kas.net.au
>> Phone: 1300 883 400
>> Phone: 0409 317 436
>>
>> This e-mail remains the property of The K.A.S NET Group and is 
>> subject to the jurisdiction of Sect 70 of the Crimes Act 1914.
>> This email is intended only for the addressee and is confidential.  
>> If you receive this message and are not the addressee, then it may be 
>> unlawful for you to read, copy, distribute, disclose or otherwise use 
>> the information in this email. Material in this transmission is 
>> confidential and the subject of professional privilege. No 
>> confidentiality, nor any privilege is waived, lost or destroyed, by 
>> reason that this e-mail has been mistakenly transmitted.  If you are 
>> not the addressee please notify us immediately by telephone or e-mail 
>> at the number and address above and delete all record of this e-mail.
>>
>>
>>
>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at ausnog.net
>> http://www.ausnog.net/mailman/listinfo/ausnog
>
>
> --
> Ben Buxton - Random Network Person
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at ausnog.net
> http://www.ausnog.net/mailman/listinfo/ausnog

_______________________________________________
AusNOG mailing list
AusNOG at ausnog.net
http://www.ausnog.net/mailman/listinfo/ausnog

More information about the AusNOG mailing list