21 Oct
2019
21 Oct
'19
12:18 p.m.
Hi all,
Just wanted to get some background info on this one. We got a subnet request from, who
appeared to be KI7HOC located in Utah.
He requested a /24 and wanted to route that through BGP by AS208173
(--
organisation: ORG-TYRA2-RIPE
org-name: Jori Vanneste
descr: Tyrasuki
--)
The ASN owner is located in Belgium and seems a bit shady to me looking through the
subnets he's announcing (one IPv4 /24 from Africa and a few IPv6 subnets from APNIC,
RIPE) and maintainers on the ASN (Singapore, Sweden, Switserland, ..)
The email domain used, uses a whois hiding service and does not match Alekzandr's
email address on QRZ. Emailing Alekzandr on his QRZ email address does not yield a
respons, however returning the allocation request to the requestor almost immediatly
prompts a return through the AMPR portal form.
The details in the request:
--
Name: Alekzandr Evans
Email: ampr@alekeagle.com<mailto:ampr@alekeagle.com>
Callsign: KI7HOC
--
Note in the original request: "AE: The operator of the AS number posted above lives
in Belgium. Though I'm not sure if this would justify a Belgian allocation, he
recommended me to request a Belgian one."
--
My question would be if anybody on the list knows Alekzandr and can speak to him if this
request is legit or not.
From his QRZ page, Alekzandr is 12, nothing wrong with
that, but the way that the email domain is using a whois hiding service makes me ponder if
this might be a scam from someone posing as Alekzandr trying to get a BGP routed /24 for
free.
Has anyone else received a request from this callsign?
Any input would be appreciated. We ended up denying the request as neither Alekzandr, nor
that Jori are a holder of a valid ON ham license and Alekzandr did not respond to the
question which ham services he would be hosting on this subnet (I asked that question
because of my suspicions) and I haven't received any answer to my direct email to
Alekzandr's qrz email address neither.
73,
Ruben - ON3RVH
21 Oct
21 Oct
1:01 p.m.
On Mon, 21 Oct 2019, Ruben ON3RVH via 44Net wrote:
subnet request from, ... KI7HOC located in Utah. ...
a /24 ... BGP by AS208173 ... located in Belgium
https://as208173.net/
https://as139347.net/ "Educational ASN for learning BGP."
https://apps.db.ripe.net/db-web-ui/#/lookup?source=RIPE&type=as-set&…
The descriptions appear to be an experimental/educational network for
*learning BGP*. Very much in-tune with the AMPRNet stated goals.
The request appears to be coming from a licensed HAM, with details all
technically correct and present.
domain used, uses a whois hiding service
Most domain registrations now use some (automatic) hiding/obfuscation
of contact email addresses. Including (for example) for 'on3rvh.be'.
does not match Alekzandr's email address on QRZ.
...
Email: ampr(a)alekeagle.com
The 'ampr@' prefix shows a customisation for AMPRnet purposes. (cf.
'44net@' prefix in this email address, but 'qrz(a)p.s.o' on QRZ).
Such prefixes allow easy tracking of when email addresses have leaked.
in the original request: "AE: The operator of the
AS number posted
above lives in Belgium. Though I'm not sure if this would justify
a Belgian allocation, he recommended me to request a Belgian one."
...
We ended up denying the request as neither Alekzandr,
Alekzandr has clearly stated the rationale for applying for a Belgium
assignment.
Ideally the maintainers responsible for ONxxx and Kxxxx would,
firstly, work together to discuss the jurisdiction where the
assignment/application might most appropriately made.
Would this be a good next-stop to take, in conjuction with Alekzandr?
(Perhaps along with a humble apology to Alekzandr).
73,
-Paul
--
Encourage those with an active interest!
1:33 p.m.
I am dealing with this off-list. I don't think the 44net technical
discussion list is the appropriate forum for this matter.
Let's not discuss it further here.
- Brian
On Mon, Oct 21, 2019 at 01:01:11PM +0100, Paul Sladen via 44Net wrote:
On Mon, 21 Oct 2019, Ruben ON3RVH via 44Net wrote:
1:35 p.m.
On 10/21/19 8:01 AM, Paul Sladen via 44Net wrote:
https://as208173.net/
https://as139347.net/ "Educational ASN for learning BGP."
https://apps.db.ripe.net/db-web-ui/#/lookup?source=RIPE&type=as-set&…
The descriptions appear to be an experimental/educational network for
*learning BGP*. Very much in-tune with the AMPRNet stated goals.
The request appears to be coming from a licensed HAM, with details all
technically correct and present.
I've borrowed an ASN from others before, we're doing that for much of IP space
we have live here in Florida. It's valid so long as you have an LOA for it.
I've found many people who request IPs may not be ready to announce them, and
have no idea of the typical requirements. Much like "paper repeaters", they
want to reserve "their" space, but are not ready to use it.
I'd have asked who the upstream would be, and get an LOA from the AS holder.
The whole regional administrator thing breaks a bit with sharing ASN's like
this, IMO it should be an application to Utah. That way he's got a local
person in his time zone to talk to. It could be 100% legit, best thing to do
is get the docs and grant it. Get on the phone and verifying helps too.
If it's not legit, we'll know in a week when the spam reports roll in :)
A 12 year old running BGP is cool. I thought I was hot shit when I migrated
to qmail at his age.
--
Bryan Fields
727-409-1194 - Voice
http://bryanfields.net
1650
days inactive
1650
days old
3 comments
4 participants
participants (4)
-
Brian Kantor -
Bryan Fields -
Paul Sladen -
Ruben ON3RVH