[AusNOG] IINET ip range hijacked?

Philip Smith pfs at cisco.com
Mon Sep 17 21:00:46 EST 2007 

Nick Hannaford said the following on 17/9/07 14:31:
> This appears to be a 2 stage stuff - up!
> 
> 1) CNNIC obviously allow entries that are invalid! 203.130.32.0 -
> 203.208.39.255 is not a valid whois range

Surely inet-nums in CNNIC database can only be created by CNNIC? I can't
for the life of me figure out how this can be a simple typo... So either
they have no security on their database, or their hostmasters have no
idea what they are doing. Alarming.

> 2) APNIC not to filter whois data from NIRs (CNNIC in this case) expecting
> it has been correctly formatted and that the whois ranges the NIRs are
> supplying are delegated to the NIR. (both criteria fail)
> 
> One would expect APNIC should be doing some form of rudimentary checking of
> the data.

I imagine this will happen going forwards...

philip
--

> 
> 
> Cheers Nick 
> 
> -----Original Message-----
> From: ausnog-bounces at ausnog.net [mailto:ausnog-bounces at ausnog.net] On Behalf
> Of Nick Slager
> Sent: Monday, 17 September 2007 9:01 AM
> To: Ben Buxton
> Cc: ausnog at ausnog.net
> Subject: Re: [AusNOG] IINET ip range hijacked?
> 
> I spoke to APNIC about this last week; it is a problem with data mirrored
> from CNNIC.
> 
> APNIC have advised China NIC to remove the range from their whois database.
> 
> Nick
> 
> 
> On 16/09/2007, at 11:56 pm, Ben Buxton wrote:
> 
>> Looks like a really nasty typo by the registrar. The range in the 
>> whois data is just way too massive to possibly be accurate.
>>
>> My BGP feed tells me that AS24424 is advertising 203.208.32.0/19, 
>> which means .130 should be .208.
>>
>> Someone might want to gently prod CNNIC.
>>
>> BB
>>
>> Carl Krumins <carl at kas.net.au> uttered the following thing:
>>> Hi Guys
>>>
>>>
>>>
>>> Just had a few clients web sites hacked and removed from this IP 
>>> address about 10:20pm aest which appears to be IINET but when doing a 
>>> whois (see
>>> below) brings up “Beijing Primezone Technologies Inc.”  ½ way through 
>>> the whois..
>>>
>>>
>>>
>>> Is this china hijacking IINET’s ip space?
>>>
>>>
>>>
>>> inetnum:      203.130.32.0 - 203.208.39.255
>>>
>>> netname:      PRIMETELECOM
>>>
>>> descr:        Beijing Primezone Technologies Inc.
>>>
>>>
>>>
>>> that doesn’t look right..?
>>>
>>>
>>>
>>>
>>>
>>> [root at blue carl]# whois 203.206.183.220
>>>
>>> [Querying whois.apnic.net]
>>>
>>> [whois.apnic.net]
>>>
>>> % [whois.apnic.net node-2]
>>>
>>> % Whois data copyright terms    http://www.apnic.net/db/ 
>>> dbcopyright.html
>>>
>>>
>>>
>>> inetnum:      203.206.0.0 - 203.206.255.255
>>>
>>> netname:      IINET-AU
>>>
>>> descr:        iiNet Limited
>>>
>>> descr:        Locked Bag 16
>>>
>>> descr:        Cloisters Square, WA, 6850
>>>
>>> country:      AU
>>>
>>> admin-c:      NO20-AP
>>>
>>> tech-c:       NO20-AP
>>>
>>> remarks:      For abuse/UCE issues, please mail abuse at iinet.net.au.
>>>
>>> status:       ALLOCATED PORTABLE
>>>
>>> mnt-by:       APNIC-HM
>>>
>>> mnt-lower:    MAINT-AU-IINET
>>>
>>> changed:      hostmaster at apnic.net 20010816
>>>
>>> changed:      hm-changed at apnic.net 20031017
>>>
>>> changed:      hm-changed at apnic.net 20031208
>>>
>>> changed:      hm-changed at apnic.net 20040726
>>>
>>> source:       APNIC
>>>
>>>
>>>
>>> person:       Network Operations
>>>
>>> nic-hdl:      NO20-AP
>>>
>>> e-mail:       apnic-admin at staff.iinet.net.au
>>>
>>> address:      iiNet Limited
>>>
>>> address:      Level 6, Durack Centre
>>>
>>> address:      263 Adelaide Terrace
>>>
>>> address:      Perth WA 6000
>>>
>>> phone:        +61 8 9214 2222
>>>
>>> fax-no:       +61 8 9214 2211
>>>
>>> country:      AU
>>>
>>> changed:      ianh at staff.iinet.net.au 20061117
>>>
>>> mnt-by:       MAINT-AU-IINET
>>>
>>> source:       APNIC
>>>
>>>
>>>
>>> inetnum:      203.130.32.0 - 203.208.39.255
>>>
>>> netname:      PRIMETELECOM
>>>
>>> descr:        Beijing Primezone Technologies Inc.
>>>
>>> descr:        44 Fu Cheng Road,Beijing,P.R.China
>>>
>>> country:      CN
>>>
>>> admin-c:      KS1-CN
>>>
>>> tech-c:       CZ1-CN
>>>
>>> mnt-by:       MAINT-CNNIC-AP
>>>
>>> mnt-lower:    MAINT-CNNIC-AP
>>>
>>> changed:      ipas at cnnic.cn 20070911
>>>
>>> status:       ALLOCATED PORTABLE
>>>
>>> source:       CNNIC
>>>
>>>
>>>
>>> person:       Kemin Shi
>>>
>>> nic-hdl:      KS1-CN
>>>
>>> e-mail:       ajtel at vip.sina.com
>>>
>>> address:      44 Fu Cheng Road,Beijing,P.R.China
>>>
>>> phone:        +86-10-88128844-811
>>>
>>> fax-no:       +86-10-88138844
>>>
>>> country:      CN
>>>
>>> changed:      ipas at cnnic.cn 20051026
>>>
>>> mnt-by:       MAINT-NEW
>>>
>>> source:       CNNIC
>>>
>>>
>>>
>>> person:       Cong Zhang
>>>
>>> nic-hdl:      CZ1-CN
>>>
>>> e-mail:       shikm at euncn.com
>>>
>>> address:      44 Fu-Cheng Road,Beijing,P.R.China
>>>
>>> phone:        +86-10-88128844
>>>
>>> fax-no:       +86-10-88138844
>>>
>>> country:      CN
>>>
>>> changed:      ipas at cnnic.cn 20060508
>>>
>>> mnt-by:       MAINT-NEW
>>>
>>> source:       CNNIC
>>>
>>>
>>>
>>> Carl Krumins
>>> The K.A.S NET Group
>>> www.kas.net.au <http://www.kas.net.au/>  <mailto:carl at kas.net.au> 
>>> carl at kas.net.au
>>> Phone: 1300 883 400
>>> Phone: 0409 317 436
>>>
>>> This e-mail remains the property of The K.A.S NET Group and is 
>>> subject to the jurisdiction of Sect 70 of the Crimes Act 1914.
>>> This email is intended only for the addressee and is confidential.  
>>> If you receive this message and are not the addressee, then it may be 
>>> unlawful for you to read, copy, distribute, disclose or otherwise use 
>>> the information in this email. Material in this transmission is 
>>> confidential and the subject of professional privilege. No 
>>> confidentiality, nor any privilege is waived, lost or destroyed, by 
>>> reason that this e-mail has been mistakenly transmitted.  If you are 
>>> not the addressee please notify us immediately by telephone or e-mail 
>>> at the number and address above and delete all record of this e-mail.
>>>
>>>
>>>
>>> _______________________________________________
>>> AusNOG mailing list
>>> AusNOG at ausnog.net
>>> http://www.ausnog.net/mailman/listinfo/ausnog
>>
>> --
>> Ben Buxton - Random Network Person
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at ausnog.net
>> http://www.ausnog.net/mailman/listinfo/ausnog
> 
> _______________________________________________
> AusNOG mailing list
> AusNOG at ausnog.net
> http://www.ausnog.net/mailman/listinfo/ausnog
> 
> _______________________________________________
> AusNOG mailing list
> AusNOG at ausnog.net
> http://www.ausnog.net/mailman/listinfo/ausnog
>

More information about the AusNOG mailing list