Since were on the topic of hijacked ipspace, i find myself wondering
about deru.net
"Deru, the name you can trust, from people you can trust." - Quoted from
www.deru.net
Ok, so this is the name you can trust, from the people you can trust,
right? Well then, why would it appear that Deru.net, the local ISP
you can trust is using hijacked ip space?
It would appear as if Deru.net is using:
www.deru.net has address 140.99.0.15
My handy dandy whois tool tells me this range belongs to:
OrgName: Datability Software Systems, Inc.
OrgID: DERU
Address: 14982 N 83rd PL Ste 201
City: Scottsdale
StateProv: AZ
PostalCode: 85260
Country: US
NetRange: 140.99.0.0 - 140.99.255.255
CIDR: 140.99.0.0/16
NetName: DSS1
NetHandle: NET-140-99-0-0-1
Parent: NET-140-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.DERU.NET
NameServer: NS2.DERU.NET
Comment:
RegDate: 1990-04-12
Updated: 2001-08-01
TechHandle: DW19-ARIN
TechName: Wayrynen, Darin
TechPhone: +1-480-998-7237
TechEmail: darin@deru.net
Before this network was modified it contained:
140.99.0.0 Datability Software Systems, Inc. NET-DSS1 322 Eighth Avenue
New York, NY 10001 US
140.99.0.0 C DSS1
Rupp, Richard L. (RLP39) rich@PLUTO.DSS.COM
(201) 438-2400
Handy dandy route-server tells us:
route-server.cw.net>sh ip bgp 140.99.0.0 255.255.0.0 l
BGP table version is 2788023425, local router ID is 209.1.220.234
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i140.99.0.0 208.172.146.30 100 0 1239 11588
2 7136 i
* i 208.172.146.29 100 0 1239 11588
2 7136 i
*>i140.99.96.0/19 208.172.146.30 100 0 1239 11588
2 i
* i 208.172.146.29 100 0 1239 11588
2 i
* i140.99.120.0/22 208.172.146.29 100 0 1239 11588
2 26978 i
*>i 208.172.146.30 100 0 1239 11588
2 26978 i
route-server.cw.net>
And once again, handy dandy whois tool tells us:
OrgName: Only Networking Inc. (ONLY2-DOM)
OrgID: ONIO
Address: 3443 North Central, 17th Floor
City: Phoenix
StateProv: AZ
PostalCode: 85013
Country: US
ASNumber: 7136
ASName: ONLY
ASHandle: AS7136
Comment:
RegDate: 1996-09-16
Updated: 1996-09-16
TechHandle: DW19-ARIN
TechName: Wayrynen, Darin
TechPhone: +1-480-998-7237
TechEmail: darin@deru.net
Im finding it odd that not a single thing, other than the POC email for
a questionable /16 and the ASN announcing questionable /16 has anything
to do with deru.net.
Also, my friend google tells me this:
http://216.239.57.100/search?q=cache:aHJS20Er5m0C:members.aol.com/karima4483/resume_c.html+"Datability+Software+Systems,
+Inc.%22&hl=en&ie=UTF-8
smlnk: http://smlnk.com/?21ZQK6FP
So it would appear that Datability Software Systems, Inc. was located
in Natick, Mass, and became Penril Datability Networks
smlnk:http://smlnk.com/?08DJKDW3
It now appears that Penril Datability Networks was split up, with thier
assets being aquired by Bay Networks, and Access Beyond.
smlnk: http://smlnk.com/?UHXEPYDC
That leaves us with Access Beyond, a manufacturer of remote access telecom
products. And whose website is now owned by a cybersquatter.
Now the question at hand is, at which point did this hardware company
become Deru.net, the Internet Service Provider you can trust? was this
before, or after Penril Datability Networks Inc/Bay Networks/Access Beyond.?
Did everyone decide to move to arizona and start an ISP? or is this just
another example of IP hijacking that we all find ourselves taking a look
at.
Can deru.net provide documents that say they bought or were aquired by
Datability Software Systems, Inc/Penril Datability Networks/Bay Networks/Access
Beyond.?
There are other companies using this address space (eldosales.com) but
they dont have the appearance of owning a possibly hijacked /16
Regards,
IP Police
Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2
Big $$$ to be made with the HushMail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427