213.0.0.0/8 and AS12445 (selenebs.it aka "A2A Smart City S.P.A"/Italy)
I guess that I have a lot to learn yet about routing. Maybe some of you folks will yet again take pity on me and explain this to me.
From where I am sitting it appears that AS12445 is announcing a route to all of 213.0.0.0/8. (I only happened to find out about this because, as it happens there are some spamming inside of 213.0.0.0/8.)
Anyway, this is my reference source: https://bgp.he.net/AS12445#_prefixes I did think that I should try to just email the official contacts AS12445 privately to inquire about this, and so I sent email to all three of the contact email addresses listed in the RIPE WHOIS record for AS12445, but as you can all see below, that didn't really work out very well. Anyway, this doesn't seem to be such a great idea, security-wise, i.e. to allow random network to announce routes to entire /8s (or larger) that don't actually belong to them. It is hard for me to tell how long this has been ongoing in the case of this specific prefix and this specific ASN. If anyone else can illuminate me regarding that, then I would appreciate it. ------- Forwarded Message Return-Path: <> X-Original-To: rfg@tristatelogic.com Delivered-To: rfg@tristatelogic.com Received: by segfault.tristatelogic.com (Postfix) id 323DF3AFF4; Sat, 6 Apr 2019 22:57:35 -0700 (PDT) Date: Sat, 6 Apr 2019 22:57:35 -0700 (PDT) From: MAILER-DAEMON@tristatelogic.com (Mail Delivery System) Subject: Undelivered Mail Returned to Sender To: rfg@tristatelogic.com Auto-Submitted: auto-replied MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="8E09A3AEF2.1554616655/segfault.tristatelogic.com" Message-Id: <20190407055735.323DF3AFF4@segfault.tristatelogic.com> This is a MIME-encapsulated message. - --8E09A3AEF2.1554616655/segfault.tristatelogic.com Content-Description: Notification Content-Type: text/plain; charset=us-ascii This is the mail system at host segfault.tristatelogic.com. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system <galasso@selenebs.it>: host selenebs-it.mail.protection.outlook.com[104.47.10.36] said: 550 5.4.1 [galasso@selenebs.it]: Recipient address rejected: Access denied [DB5EUR03FT051.eop-EUR03.prod.protection.outlook.com] (in reply to RCPT TO command) <gvinetti@selenebs.it>: host selenebs-it.mail.protection.outlook.com[104.47.10.36] said: 550 5.4.1 [gvinetti@selenebs.it]: Recipient address rejected: Access denied [DB5EUR03FT051.eop-EUR03.prod.protection.outlook.com] (in reply to RCPT TO command) - --8E09A3AEF2.1554616655/segfault.tristatelogic.com Content-Description: Delivery report Content-Type: message/delivery-status Reporting-MTA: dns; segfault.tristatelogic.com X-Postfix-Queue-ID: 8E09A3AEF2 X-Postfix-Sender: rfc822; rfg@tristatelogic.com Arrival-Date: Sat, 6 Apr 2019 22:57:32 -0700 (PDT) Final-Recipient: rfc822; galasso@selenebs.it Original-Recipient: rfc822;galasso@selenebs.it Action: failed Status: 5.4.1 Remote-MTA: dns; selenebs-it.mail.protection.outlook.com Diagnostic-Code: smtp; 550 5.4.1 [galasso@selenebs.it]: Recipient address rejected: Access denied [DB5EUR03FT051.eop-EUR03.prod.protection.outlook.com] Final-Recipient: rfc822; gvinetti@selenebs.it Original-Recipient: rfc822;gvinetti@selenebs.it Action: failed Status: 5.4.1 Remote-MTA: dns; selenebs-it.mail.protection.outlook.com Diagnostic-Code: smtp; 550 5.4.1 [gvinetti@selenebs.it]: Recipient address rejected: Access denied [DB5EUR03FT051.eop-EUR03.prod.protection.outlook.com] - --8E09A3AEF2.1554616655/segfault.tristatelogic.com Content-Description: Undelivered Message Content-Type: message/rfc822 Return-Path: <rfg@tristatelogic.com> Received: from segfault-nmh-helo.tristatelogic.com (localhost [127.0.0.1]) by segfault.tristatelogic.com (Postfix) with ESMTP id 8E09A3AEF2; Sat, 6 Apr 2019 22:57:32 -0700 (PDT) From: "Ronald F. Guilmette" <rfg@tristatelogic.com> To: gvinetti@selenebs.it, galasso@selenebs.it, abuse@selenebs.it Subject: 213.0.0.0/8 Date: Sat, 06 Apr 2019 22:57:32 -0700 Message-ID: <32415.1554616652@segfault.tristatelogic.com> Greetings, I waas wondering if you people could explain to me why your ASN (AS12445) announcing a route at all of 213.0.0.0/8. I don't think that your network has been assigned that entire huge block of IPv4 addresses or that all of that IPv4 space belongs to you. Do you disagree? https://bgp.he.net/AS12445#_prefixes - --8E09A3AEF2.1554616655/segfault.tristatelogic.com-- ------- End of Forwarded Message
Hi Ronald, It seems like a route leak to RIS or something similar like Isolario, rt-bgp.he.net. Neither of its upstream will accept 213.0.0.0/8 so it won't affect the Internet. Regards, Siyuan Miao On Sun, Apr 7, 2019 at 2:16 PM Ronald F. Guilmette <rfg@tristatelogic.com> wrote:
I guess that I have a lot to learn yet about routing. Maybe some of you folks will yet again take pity on me and explain this to me.
From where I am sitting it appears that AS12445 is announcing a route to all of 213.0.0.0/8. (I only happened to find out about this because, as it happens there are some spamming inside of 213.0.0.0/8.)
Anyway, this is my reference source:
https://bgp.he.net/AS12445#_prefixes
I did think that I should try to just email the official contacts AS12445 privately to inquire about this, and so I sent email to all three of the contact email addresses listed in the RIPE WHOIS record for AS12445, but as you can all see below, that didn't really work out very well.
Anyway, this doesn't seem to be such a great idea, security-wise, i.e. to allow random network to announce routes to entire /8s (or larger) that don't actually belong to them.
It is hard for me to tell how long this has been ongoing in the case of this specific prefix and this specific ASN. If anyone else can illuminate me regarding that, then I would appreciate it.
------- Forwarded Message
Return-Path: <> X-Original-To: rfg@tristatelogic.com Delivered-To: rfg@tristatelogic.com Received: by segfault.tristatelogic.com (Postfix) id 323DF3AFF4; Sat, 6 Apr 2019 22:57:35 -0700 (PDT) Date: Sat, 6 Apr 2019 22:57:35 -0700 (PDT) From: MAILER-DAEMON@tristatelogic.com (Mail Delivery System) Subject: Undelivered Mail Returned to Sender To: rfg@tristatelogic.com Auto-Submitted: auto-replied MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="8E09A3AEF2.1554616655/segfault.tristatelogic.com" Message-Id: <20190407055735.323DF3AFF4@segfault.tristatelogic.com>
This is a MIME-encapsulated message.
- --8E09A3AEF2.1554616655/segfault.tristatelogic.com Content-Description: Notification Content-Type: text/plain; charset=us-ascii
This is the mail system at host segfault.tristatelogic.com.
I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can delete your own text from the attached returned message.
The mail system
<galasso@selenebs.it>: host selenebs-it.mail.protection.outlook.com[104.47.10.36] said: 550 5.4.1 [galasso@selenebs.it]: Recipient address rejected: Access denied [DB5EUR03FT051.eop-EUR03.prod.protection.outlook.com] (in reply to RCPT TO command)
<gvinetti@selenebs.it>: host selenebs-it.mail.protection.outlook.com[104.47.10.36] said: 550 5.4.1 [gvinetti@selenebs.it]: Recipient address rejected: Access denied [DB5EUR03FT051.eop-EUR03.prod.protection.outlook.com] (in reply to RCPT TO command)
- --8E09A3AEF2.1554616655/segfault.tristatelogic.com Content-Description: Delivery report Content-Type: message/delivery-status
Reporting-MTA: dns; segfault.tristatelogic.com X-Postfix-Queue-ID: 8E09A3AEF2 X-Postfix-Sender: rfc822; rfg@tristatelogic.com Arrival-Date: Sat, 6 Apr 2019 22:57:32 -0700 (PDT)
Final-Recipient: rfc822; galasso@selenebs.it Original-Recipient: rfc822;galasso@selenebs.it Action: failed Status: 5.4.1 Remote-MTA: dns; selenebs-it.mail.protection.outlook.com Diagnostic-Code: smtp; 550 5.4.1 [galasso@selenebs.it]: Recipient address rejected: Access denied [DB5EUR03FT051.eop-EUR03.prod.protection.outlook.com]
Final-Recipient: rfc822; gvinetti@selenebs.it Original-Recipient: rfc822;gvinetti@selenebs.it Action: failed Status: 5.4.1 Remote-MTA: dns; selenebs-it.mail.protection.outlook.com Diagnostic-Code: smtp; 550 5.4.1 [gvinetti@selenebs.it]: Recipient address rejected: Access denied [DB5EUR03FT051.eop-EUR03.prod.protection.outlook.com]
- --8E09A3AEF2.1554616655/segfault.tristatelogic.com Content-Description: Undelivered Message Content-Type: message/rfc822
Return-Path: <rfg@tristatelogic.com> Received: from segfault-nmh-helo.tristatelogic.com (localhost [127.0.0.1]) by segfault.tristatelogic.com (Postfix) with ESMTP id 8E09A3AEF2; Sat, 6 Apr 2019 22:57:32 -0700 (PDT) From: "Ronald F. Guilmette" <rfg@tristatelogic.com> To: gvinetti@selenebs.it, galasso@selenebs.it, abuse@selenebs.it Subject: 213.0.0.0/8 Date: Sat, 06 Apr 2019 22:57:32 -0700 Message-ID: <32415.1554616652@segfault.tristatelogic.com>
Greetings,
I waas wondering if you people could explain to me why your ASN (AS12445) announcing a route at all of 213.0.0.0/8.
I don't think that your network has been assigned that entire huge block of IPv4 addresses or that all of that IPv4 space belongs to you.
Do you disagree?
https://bgp.he.net/AS12445#_prefixes
- --8E09A3AEF2.1554616655/segfault.tristatelogic.com--
------- End of Forwarded Message
In message <CAO3CAMoqWJGON6NaS60AeuU51cWhxhn7vMAnviJGcD+kLWHPgw@mail.gmail.com>, Siyuan Miao <siyuan@misaka.io> wrote:
It seems like a route leak to RIS or something similar like Isolario, rt-bgp.he.net.
Neither of its upstream will accept 213.0.0.0/8 so it won't affect the Internet.
That is good to know. Still it is a pity that their official contact email addresses are broken. Perhaps someone here who speaks Italian could call them and inform them that this does not mke they appear very professional. Regards, rfg
participants (2)
-
Ronald F. Guilmette
-
Siyuan Miao