Ranges announced by Level3 without permitions.

Mailman List Mirror (Read Only)
1

Hello All!

Maybe somebody could help me with some issue:

Ranges below are announced by Level3

79.110.224.0/20 *[BGP/170] 08:23:34, MED 0, localpref 150, from 213.248.64.245
                       AS path: 3356
79.110.64.0/20 *[BGP/170] 08:25:07, MED 0, localpref 150, from 213.248.64.245
                       AS path: 3356

Both ranges are from RIPE region and couldn't be announced from ARIN ASN at all. We're sponsored LIR for both companies, I sent several emails to Level3 noc, made several calls but they still announce these ranges.

2

Hi!

1) RIPE NCC policy requires all routes must be present at the RIPE DB
and RIPE IPs could be officially announced outside RIPE Region.

2) Resources owners don't know anything about these routes.. so it
means that ranges were announces without permission by third party
company.

3

Both ranges are from RIPE region and couldn't be announced from ARIN ASN at all.

Your premise is incorrect. Any block from any RIR can be announced by any ASN.

We're sponsored LIR for both companies, I sent several emails to Level3 noc, made several calls but they still announce these ranges.

Why should they stop announcing them? Do you believe they have been hijacked? If these companies have decided to contract with another transit provider, you cannot stop them from doing so in this way.

4

Both ranges are from RIPE region and couldn't be announced from ARIN ASN at all.

Your premise is incorrect. Any block from any RIR can be announced by any ASN.

1) All routing data must be present at the RIPE DB. If you work with RIPE DB you could see that webtools don't allow you to create route to ASN not from RIPE region.
2) RIPE IP Usage policy don't allow to route RIPE IPs from non-RIPE region.

We're sponsored LIR for both companies, I sent several emails to Level3 noc, made several calls but they still announce these ranges.

Why should they stop announcing them? Do you believe they have been hijacked? If these companies have decided to contract with another transit provider, you cannot stop them from doing so in this way.

IPs are announced by Level3... I respect this company but looks like Level3 is scammed and currently announce without necessary permissions.

5

Both ranges are from RIPE region and couldn't be announced from ARIN ASN at all.

Your premise is incorrect. Any block from any RIR can be announced by any ASN.

1) All routing data must be present at the RIPE DB. If you work with RIPE DB you could see that webtools don't allow you to create route to ASN not from RIPE region.
2) RIPE IP Usage policy don't allow to route RIPE IPs from non-RIPE region.

You are confused.

We're sponsored LIR for both companies, I sent several emails to Level3 noc, made several calls but they still announce these ranges.

Why should they stop announcing them? Do you believe they have been hijacked? If these companies have decided to contract with another transit provider, you cannot stop them from doing so in this way.

IPs are announced by Level3... I respect this company but looks like Level3 is scammed and currently announce without necessary permissions.

You will need more than a baseless accusation to make others change. Especially after you have shown ignorance of some basic facts on how networks announce & accept prefixes.

6

Both ranges are from RIPE region and couldn't be announced from ARIN ASN at all.

Your premise is incorrect. Any block from any RIR can be announced by any ASN.

1) All routing data must be present at the RIPE DB. If you work with RIPE DB you could see that webtools don't allow you to create route to ASN not from RIPE region.
2) RIPE IP Usage policy don't allow to route RIPE IPs from non-RIPE region.

Your premise is still wrong. Only networks that use the RIPE DB care about what's in the RIPE DB. There is no requirement for Level 3 to use it. There is no law that says they have to.

We're sponsored LIR for both companies, I sent several emails to Level3 noc, made several calls but they still announce these ranges.

Why should they stop announcing them? Do you believe they have been hijacked? If these companies have decided to contract with another transit provider, you cannot stop them from doing so in this way.

IPs are announced by Level3... I respect this company but looks like Level3 is scammed and currently announce without necessary permissions.

Again, do you believe these networks are hijacked? If they are in legitimate use by the companies that they are allocated to in whois, then there is no scam.

7

netblocks in question:
79.110.224.0/20
79.110.64.0/20

I'd note both of these blocks seem to route to a L3 customer in SJC:
16 ae-3-80.edge8.SanJose1.Level3.net (4.69.152.148) 63.993 ms
63.770 ms ae-1-60.edge8.SanJose1.Level3.net (4.69.152.20) 63.421 ms
17 BANDCON.edge8.SanJose1.Level3.net (4.53.30.42) 93.556 ms 60.929
ms 60.376 ms
18 79.110.64.10 (79.110.64.10) 65.057 ms 64.949 ms 64.960 ms

maybe it's better to ask them:
OrgName: Bandcon
OrgId: BANDC
Address: 151 Kalmus Drive
Address: Suite M-2
City: Costa Mesa
StateProv: CA
PostalCode: 92926
Country: US
RegDate: 2002-11-08
Updated: 2009-02-11
Ref: http://whois.arin.net/rest/org/BANDC

TechHandle: NOC2402-ARIN
TechName: Network Operation Center
TechPhone: +1-888-253-8353
TechEmail: arinpoc@bandcon.com
TechRef: http://whois.arin.net/rest/poc/NOC2402-ARIN

AdminHandle: NOC2402-ARIN
AdminName: Network Operation Center
AdminPhone: +1-888-253-8353
AdminEmail: arinpoc@bandcon.com
AdminRef: http://whois.arin.net/rest/poc/NOC2402-ARIN

What's going on?

(shouting on public mailing-lists ain't gonna fix this I bet)

-Chris

8

Hmm - so who should announce it? And who owns the netblock?

The whois etc lookups below could put this either in the US or in
Eastern Europe / Russia or in Italy.

$ whois -h whois.radb.net 79.110.224.0/20
route: 79.110.224.0/20
descr: Avangard
origin: AS50245
mnt-by: SERVEREL-MNT
changed: noc@serverel.com 20110210
source: RIPE
remarks: ****************************
remarks: * THIS OBJECT IS NOT VALID
remarks: * Please note that all data that is generally regarded
as personal
remarks: * data has been removed from this object.
remarks: * http://www.ripe.net/whois
remarks: ****************************

Has a US address in the whois - which a little googling shows is a maildrop.
http://www.beavertonvalleytimes.com/news/story.php?story_id=118668700663617700

person: Serverel NOC
address: 14525 SW Millikan Way # 33735 Beaverton, OR 97005-2343
phone: +1(877)246 78 63
abuse-mailbox: abuse@serverel.com

serverel.com
   Name-- Iurii Salmanov
EMail-: (domains@serverel.com)

serverel.net
   name: Andrew Neal
mail: domains@serverel.com tel: +1.8772467863
   org: Serverel Corporation

Then ripe whois says the netblock is either owned by someone in the
ukraine or in italy

inetnum: 79.110.224.0 - 79.110.239.255
netname: Avangard
descr: PE "Avangard"
country: UA

person: Karol Wojtula <- named for the late pope john paul
II, I see ..?
address: Bari , Italy , Piazzale Cristoforo Colombo, 1, 70122
<- google that address and its the ferry port in Bari, Italy.
phone: +39 080 327 8841

And AS50425 - which'd announce it if that RADB object was actually
valid - is in russia, not the czech republic

organisation: ORG-JS33-RIPE
org-name: Closed JSC "TV Services"
org-type: OTHER
address: 43, Bolshoy Tishinskiy per., Moscow, Russia, 123557
mnt-ref: TV-SERVICE-MNT
mnt-by: TV-SERVICE-MNT
source: RIPE # Filtered

person: Dolgopolov Alexey
address: Russia
address: Moscow
address: 43, Bolshoy Tishinskiy per
phone: +7 495 9334592
nic-hdl: DA489-RIPE
source: RIPE # Filtered

So - the whois for these is quite confusing - not very easy for any
one entity to establish ownership?

9

1) All routing data must be present at the RIPE DB.

pure bull

2) RIPE IP Usage policy don't allow to route RIPE IPs from non-RIPE
region.

pure bull

randy

10

This is not true, I have seen several instances of IPs from RIPE being
used in the US, by people in Europe.

William