[AusNOG] IINET ip range hijacked?
Philip Smith
pfs at cisco.com
Mon Sep 17 21:00:46 EST 2007
Nick Hannaford said the following on 17/9/07 14:31:
> This appears to be a 2 stage stuff - up!
>
> 1) CNNIC obviously allow entries that are invalid! 203.130.32.0 -
> 203.208.39.255 is not a valid whois range
Surely inet-nums in CNNIC database can only be created by CNNIC? I can't
for the life of me figure out how this can be a simple typo... So either
they have no security on their database, or their hostmasters have no
idea what they are doing. Alarming.
> 2) APNIC not to filter whois data from NIRs (CNNIC in this case) expecting
> it has been correctly formatted and that the whois ranges the NIRs are
> supplying are delegated to the NIR. (both criteria fail)
>
> One would expect APNIC should be doing some form of rudimentary checking of
> the data.
I imagine this will happen going forwards...
philip
--
>
>
> Cheers Nick
>
> -----Original Message-----
> From: ausnog-bounces at ausnog.net [mailto:ausnog-bounces at ausnog.net] On Behalf
> Of Nick Slager
> Sent: Monday, 17 September 2007 9:01 AM
> To: Ben Buxton
> Cc: ausnog at ausnog.net
> Subject: Re: [AusNOG] IINET ip range hijacked?
>
> I spoke to APNIC about this last week; it is a problem with data mirrored
> from CNNIC.
>
> APNIC have advised China NIC to remove the range from their whois database.
>
> Nick
>
>
> On 16/09/2007, at 11:56 pm, Ben Buxton wrote:
>
>> Looks like a really nasty typo by the registrar. The range in the
>> whois data is just way too massive to possibly be accurate.
>>
>> My BGP feed tells me that AS24424 is advertising 203.208.32.0/19,
>> which means .130 should be .208.
>>
>> Someone might want to gently prod CNNIC.
>>
>> BB
>>
>> Carl Krumins <carl at kas.net.au> uttered the following thing:
>>> Hi Guys
>>>
>>>
>>>
>>> Just had a few clients web sites hacked and removed from this IP
>>> address about 10:20pm aest which appears to be IINET but when doing a
>>> whois (see
>>> below) brings up “Beijing Primezone Technologies Inc.” ½ way through
>>> the whois..
>>>
>>>
>>>
>>> Is this china hijacking IINET’s ip space?
>>>
>>>
>>>
>>> inetnum: 203.130.32.0 - 203.208.39.255
>>>
>>> netname: PRIMETELECOM
>>>
>>> descr: Beijing Primezone Technologies Inc.
>>>
>>>
>>>
>>> that doesn’t look right..?
>>>
>>>
>>>
>>>
>>>
>>> [root at blue carl]# whois 203.206.183.220
>>>
>>> [Querying whois.apnic.net]
>>>
>>> [whois.apnic.net]
>>>
>>> % [whois.apnic.net node-2]
>>>
>>> % Whois data copyright terms http://www.apnic.net/db/
>>> dbcopyright.html
>>>
>>>
>>>
>>> inetnum: 203.206.0.0 - 203.206.255.255
>>>
>>> netname: IINET-AU
>>>
>>> descr: iiNet Limited
>>>
>>> descr: Locked Bag 16
>>>
>>> descr: Cloisters Square, WA, 6850
>>>
>>> country: AU
>>>
>>> admin-c: NO20-AP
>>>
>>> tech-c: NO20-AP
>>>
>>> remarks: For abuse/UCE issues, please mail abuse at iinet.net.au.
>>>
>>> status: ALLOCATED PORTABLE
>>>
>>> mnt-by: APNIC-HM
>>>
>>> mnt-lower: MAINT-AU-IINET
>>>
>>> changed: hostmaster at apnic.net 20010816
>>>
>>> changed: hm-changed at apnic.net 20031017
>>>
>>> changed: hm-changed at apnic.net 20031208
>>>
>>> changed: hm-changed at apnic.net 20040726
>>>
>>> source: APNIC
>>>
>>>
>>>
>>> person: Network Operations
>>>
>>> nic-hdl: NO20-AP
>>>
>>> e-mail: apnic-admin at staff.iinet.net.au
>>>
>>> address: iiNet Limited
>>>
>>> address: Level 6, Durack Centre
>>>
>>> address: 263 Adelaide Terrace
>>>
>>> address: Perth WA 6000
>>>
>>> phone: +61 8 9214 2222
>>>
>>> fax-no: +61 8 9214 2211
>>>
>>> country: AU
>>>
>>> changed: ianh at staff.iinet.net.au 20061117
>>>
>>> mnt-by: MAINT-AU-IINET
>>>
>>> source: APNIC
>>>
>>>
>>>
>>> inetnum: 203.130.32.0 - 203.208.39.255
>>>
>>> netname: PRIMETELECOM
>>>
>>> descr: Beijing Primezone Technologies Inc.
>>>
>>> descr: 44 Fu Cheng Road,Beijing,P.R.China
>>>
>>> country: CN
>>>
>>> admin-c: KS1-CN
>>>
>>> tech-c: CZ1-CN
>>>
>>> mnt-by: MAINT-CNNIC-AP
>>>
>>> mnt-lower: MAINT-CNNIC-AP
>>>
>>> changed: ipas at cnnic.cn 20070911
>>>
>>> status: ALLOCATED PORTABLE
>>>
>>> source: CNNIC
>>>
>>>
>>>
>>> person: Kemin Shi
>>>
>>> nic-hdl: KS1-CN
>>>
>>> e-mail: ajtel at vip.sina.com
>>>
>>> address: 44 Fu Cheng Road,Beijing,P.R.China
>>>
>>> phone: +86-10-88128844-811
>>>
>>> fax-no: +86-10-88138844
>>>
>>> country: CN
>>>
>>> changed: ipas at cnnic.cn 20051026
>>>
>>> mnt-by: MAINT-NEW
>>>
>>> source: CNNIC
>>>
>>>
>>>
>>> person: Cong Zhang
>>>
>>> nic-hdl: CZ1-CN
>>>
>>> e-mail: shikm at euncn.com
>>>
>>> address: 44 Fu-Cheng Road,Beijing,P.R.China
>>>
>>> phone: +86-10-88128844
>>>
>>> fax-no: +86-10-88138844
>>>
>>> country: CN
>>>
>>> changed: ipas at cnnic.cn 20060508
>>>
>>> mnt-by: MAINT-NEW
>>>
>>> source: CNNIC
>>>
>>>
>>>
>>> Carl Krumins
>>> The K.A.S NET Group
>>> www.kas.net.au <http://www.kas.net.au/> <mailto:carl at kas.net.au>
>>> carl at kas.net.au
>>> Phone: 1300 883 400
>>> Phone: 0409 317 436
>>>
>>> This e-mail remains the property of The K.A.S NET Group and is
>>> subject to the jurisdiction of Sect 70 of the Crimes Act 1914.
>>> This email is intended only for the addressee and is confidential.
>>> If you receive this message and are not the addressee, then it may be
>>> unlawful for you to read, copy, distribute, disclose or otherwise use
>>> the information in this email. Material in this transmission is
>>> confidential and the subject of professional privilege. No
>>> confidentiality, nor any privilege is waived, lost or destroyed, by
>>> reason that this e-mail has been mistakenly transmitted. If you are
>>> not the addressee please notify us immediately by telephone or e-mail
>>> at the number and address above and delete all record of this e-mail.
>>>
>>>
>>>
>>> _______________________________________________
>>> AusNOG mailing list
>>> AusNOG at ausnog.net
>>> http://www.ausnog.net/mailman/listinfo/ausnog
>>
>> --
>> Ben Buxton - Random Network Person
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at ausnog.net
>> http://www.ausnog.net/mailman/listinfo/ausnog
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at ausnog.net
> http://www.ausnog.net/mailman/listinfo/ausnog
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at ausnog.net
> http://www.ausnog.net/mailman/listinfo/ausnog
>
More information about the AusNOG
mailing list