AS202746 Hijacks: Is Telia (a) stupid, or (b) lazy, or (c) complicit?

The annotations in the RIPE WHOIS record for AS202746 seem pretty clear to me.
This thing is B-O-G-U-S!

Even RIPE, which is always reticent to say any bad things about any of its
crooked customers... even after they have kicked them out of RIPE altogether,
e.g. for being just toooooo obviously and blatantly crooked... was able to
determine that this particular AS is rubbish, and said so, right in the
WHOIS record:

   remarks: this object has been locked by the RIPE NCC pending deregistration

So, you know, what's up with Telia (AS1299) which is the one and only peer of
this stupid thing (AS202746)?

I only ask because AS202746 is currently blatantly and obviously hijacking the
following four separate Brazillian /22 blocks:

Unlike a lot of other cases I've seen of late, Telia can't even fall back on
the lame excuse that "Oh! Gosh! We are only passing those routes through
for our customer because they have corresponding route objects properly
registered in the RIPE IRR telling us that it's A-OK for them to route this

Whoever the actual hijacker is in this case, he/she/it didn't even bother to
create bogus route objects in the RIPE data base, even though it is trivially
easy for any criminal who can fog a mirror to do that.

So, as the Subject line above says, I'd like to hear opinions on the following
pertinent question:

   Is Telia (a) stupid, or (b) lazy, or (c) complicit?

Vote early! Vote often!

(I wouldn't even mind about these blatant hijackings if it were not for the
fact that all of those hijacked /22 blocks have, quite predictably, been
filed to the brim with outbound mail servers belonging to some snowshoe
spammer... which is par for the course these days when it comes to IPv4
space hijackings.)


P.S. Over on some of the RIPE mailing lists, they've recently been discussing
whether or not to continue allowing Joe Random Criminal to create totally
unauthorized and totally unchecked/unverified (and typically bogus) route
objects in the RIPE data base for so-called "out of region" IP address block
resources. Of course, if anybody had any brains or any backbone over on that
side of the pond, they would have done this already ten years ago. But such
is the pace of change in the Old World, where even the most obvious things
can't be implemented until everybody and his brother agrees, including even
the stupid kid.

My point, of course, is that even when and if those crazy europeans get around
to doing the obviously rational thing... like locking the door to the bank
before you leave at night... even that won't and wouldn't have made one wit
of difference to this case of Telia's passing of the bogus/hijacked routes
being announced by AS202746, which is ongoing, as we speak. There's no
authority anywhere that I am aware of that is telling the Telia folks that
it is OK for either them or their customer to pass out those routes. They
are just doing it, because, quite obviously, they are being -paid- to do it,
and screw everybody else. We can all just shut up and eat our spam, I guess.

There are/were providers which required RIPE-IRR registration to accept
routes, I don't know that this is still the case, but it might account for
unwillingness to remove 'out of region' content. As well, there are folk
with space from more than just one RIR, who may have chosen (for a myriad
of resaons) to centralize their IRR content on a single IRR.

Sometimes your message is lost in the emotive editorializing :frowning:

* Ronald F. Guilmette <> [2017-08-02 09:37]:

The annotations in the RIPE WHOIS record for AS202746 seem pretty clear to me.
This thing is B-O-G-U-S!

You know, people might be more willing to listen to you when you
express your points in a less emotional and aggressive tone.



You know, lots of us tried that for the first ten or twenty years.

But snark aside, I care a lot more about the actionable intelligence
being provided than the manner of its presentation. Ron has been doing
valuable, useful research for years and has been kind enough to share
the results with us. For free. I'm grateful for that.


It seems that his emails are accomplishing something!

It seems that his emails are accomplishing something!

AS202746 Europeer Ltd. -

Name and shame does work sometimes

The tier 1s like Telia need to be the “grownups” and not let hijacks invade
the DFZ


IMO, this works better than most name-and-shame efforts because the behavior being called out is fairly universally indefensible. I think we can all agree to hate prefix hijackers (when we all pay for our IP assets) and spammers (because they cause most of us varying levels of grief), whereas "I personally don't like $x" (e.g., slow IPv6/BCP adoption) is often met with "I don't care about this, so fooey on your initiative."

There may be a pointed statement in there -- thanks. :wink: