Interesting Announcements

Mailman List Mirror (Read Only)
1

Perhaps someone at AS2828 (XO/Concentric) would like to explain this...

Anyone know why AS 8143:
$ whois -h whois.arin.net 8143

OrgName: Publicom Corp.
OrgID: PUBLIC-35
Address: 1450 Coral Way #10
City: Miami
StateProv: FL
PostalCode: 33145
Country: US
RegDate: 1997-04-25

Is announcing the following blocks?
$ whois -h whois.arin.net 155.73.0.0

OrgName: Borealis AS
OrgID: BOREAL
Address: Hovedgade 96
Address: 2800 Lyngby
City:
StateProv:
PostalCode:
Country: DK
RegDate: (unknown)

$ whois -h whois.arin.net 134.33.0.0

OrgName: Codex Corporation
OrgID: CODEXC
Address: 20 Cabot Boulevard
City: Mansfield
StateProv: MA
PostalCode: 02048
Country: US
RegDate: 1989-04-24

$ whois -h whois.arin.net 196.4.167.0

OrgName: Juta Information Network
OrgID: JIN
Address: PO Box 14373
Address: Kerwyn
Address: 7790
City:
StateProv:
PostalCode:
Country: ZA
RegDate: 1994-02-02

$ whois -h whois.arin.net 144.2.0.0

OrgName: Publico B.V.
OrgID: PUBLIC-1
Address: Burg. Krolln 14C
Address: 5126 PT Gilze
City:
StateProv:
PostalCode:
Country: NL
RegDate: 1990-10-30

$ whois -h whois.arin.net 143.49.160.0

OrgName: Inform, Ltd.
OrgID: INFORM-12
Address: 1123 2nd Ave
City: San Francisco
StateProv: CA
PostalCode: 94103-2705
Country: US
RegDate: 1990-03-26

$ whois -h whois.arin.net 160.116.160.0

OrgName: Affiliated Computing Services (Pty) Ltd
OrgID: ACSPL
Address: Affiliated Computing Services (Pty) Ltd
Address: P. O. Box 261333
Address: Excom 2023
City:
StateProv:
PostalCode:
Country: ZA
RegDate: 1992-07-23

$ whois -h whois.arin.net 162.73.128.0

OrgName: Information Technology
OrgID: INFORM-21
Address: 100 Broadway
City: New York
StateProv: NY
PostalCode: 10004
Country: US
RegDate: 1992-08-24

$ whois -h whois.arin.net 198.204.0.0

OrgName: GHR Services Inc.
OrgID: GHRSER
Address: 995 Old Eagle School Road, Suite 310
City: Wayne
StateProv: PA
PostalCode: 19087
Country: US
RegDate: 1993-06-22

Call me crazy, but seems odd for all these wierd companies with old registrations
in all sorts of countries to all be hosted out of one location in NYC,
by an AS registered to florida (in 1997).

Also,
Perhaps someone from AS16631 (Cogent) can explain this one:

Why is AS27255:
$ whois -h whois.arin.net 27255

OrgName: VMX Inc
OrgID: VMXINC
Address: 25 Broadway
Address: 6th Floor Suite 4A
City: New York
StateProv: NY
PostalCode: 10004
Country: US
RegDate: 2003-01-31

Announcing this?

$ whois -h whois.arin.net 157.156.0.0

OrgName: VMX Inc
OrgID: VMXINC
Address: 25 Broadway
Address: 6th Floor Suite 4A
City: New York
StateProv: NY
PostalCode: 10004
Country: US
RegDate: 1992-01-13

Had a /16 for 11 years, just recently decided to get an ASN? Seems like
someone just registered a new company to have the same name as a company
that had a /16, and then got a new ASN....

I dunno, call me crazy...

2

VMX used to be in silicon valley - 2115 O'Nel Dr. San Jose, CA 95131,
the company was aquired by Octel which was then acquired by Lucent.
I think their domain was vmx.net (now registered to address in Hong Kong).

VMX was run by Mr Berry who later started IP Communications (which ended its
operations in rather big dispute, but this is not related):
http://www.genesiscampus.com/aboutus_advisor_wdalberry.htm

For ARIN:
Please verify that you had right documentation on updates to 157.156.0.0/16
I'm almost certain this block is stolen.

3

miltonningis@hushmail.com wrote:

Anyone know why AS 8143:
$ whois -h whois.arin.net 8143

OrgName: Publicom Corp.
OrgID: PUBLIC-35
Address: 1450 Coral Way #10
City: Miami
StateProv: FL
PostalCode: 33145
Country: US
RegDate: 1997-04-25

Is announcing the following blocks?

$ whois -h whois.arin.net 155.73.0.0
OrgName: Borealis AS

$ whois -h whois.arin.net 134.33.0.0

OrgName: Codex Corporation

In that case, the hijacker setup a fake webhost
that It's impossible to signup for at
http://www.codexcorp.net [134.33.0.7] to make
them look legitimate.

$ whois -h whois.arin.net 196.4.167.0

OrgName: Juta Information Network

$ whois -h whois.arin.net 144.2.0.0

OrgName: Publico B.V.

$ whois -h whois.arin.net 143.49.160.0
OrgName: Inform, Ltd.

$ whois -h whois.arin.net 160.116.160.0
OrgName: Affiliated Computing Services (Pty) Ltd

$ whois -h whois.arin.net 162.73.128.0
OrgName: Information Technology

$ whois -h whois.arin.net 198.204.0.0
OrgName: GHR Services Inc.

Thier all hijacked netblocks.

Also,
Perhaps someone from AS16631 (Cogent) can explain this one:

Why is AS27255:
$ whois -h whois.arin.net 27255

OrgName: VMX Inc

Announcing this?

$ whois -h whois.arin.net 157.156.0.0

OrgName: VMX Inc
RegDate: 1992-01-13

Another hijacked one.

Had a /16 for 11 years, just recently decided to get an ASN? Seems like
someone just registered a new company to have the same name as a company
that had a /16, and then got a new ASN....

No. Thier just hijacked netblocks.

Tower Group who had thier unused netblocks been
announced by AS8143 confirmed that it was hijacked.

4

Not only that, but this design is STOLEN from my company!
www.isprime.com

Stolen so poorly, they even say "ISPrime" in a few places.

<sigh>

Someone at XO alive?

--Phil

5

I think your barking up the wrong tree on this paranoid rant.

I did some consulting for this company, and I find it hard to believe with
14 racks of equipment that they would have a 'stolen' /16

http://www.vmxnetworks.com/

6

Matthew McGehrin wrote:

I think your barking up the wrong tree on this paranoid rant.

I did some consulting for this company, and I find it hard to believe with
14 racks of equipment that they would have a 'stolen' /16

http://www.vmxnetworks.com/

Do you beleive everything that you see on the internet?

Oh, and how are you going to explain that they claim to have an OC-192
internet connection?

7

That's just advertising. What's the capacity at 25 Broadway?

-- Matthew

8

miltonningis@hushmail.com wrote:

Perhaps someone at AS2828 (XO/Concentric) would like to explain this...

Anyone know why AS 8143:

Because 8143 is considered rogue. 155.73/16 was already silenced once from that AS about a week or two ago. If I remember correctly, 8143 is connected via NY and Florida, but the zombies are always sent via NY.

-Jack

9

Truthfully? Huge.

25 B'way has huge amounts of capacity from 10's of carriers, 10's of ISPs.

WCOM, last time I looked, alone has several oc48's and oc192's into there
(read: NOT uunet, but MFS/Wcom).

Nextlink, LGN, Cambrian, OnFiber, TCG/ATTLS, WCG, etc., all have similar
things.