Forgot your password?
typodupeerror
Spam The Internet

Spammers Hijacking IP Space 233

Posted by kdawson
from the open-and-shut-case dept.
Ron Guilmette writes "As reported in the Washington Post's Security Fix blog, a substantial hunk of IP address space has apparently been taken over by notorious mass e-mailing company Media Breakaway, LLC, formerly known as OptInRealBig, via means that are at best questionable. The block in question is 134.17.0.0/16, which I documented in depth in an independent investigation. (Apparently, the President of Media Breakaway has now admitted to the Washington Post that his company has been occupying and using the 134.17.0.0/16 block and that front company JKS Media, which provides routing to the block, is actually owned by Media Breakaway.) Remarkably, the president of Media Breakaway, who happens to be an attorney, is trying to defend his company's apparent snatching of this block based upon his own rather novel legal theory that ARIN doesn't have jurisdiction over any IP address space that was handed out before ARIN was formed, in 1997."
This discussion has been archived. No new comments can be posted.

Spammers Hijacking IP Space

Comments Filter:
  • by kchrist (938224) on Tuesday April 29, 2008 @09:15PM (#23246896) Homepage
    OptinRealBig belongs to none other than Snotty Scotty Richter [flickr.com]. I haven't heard of that guy in a while. I was hoping he had been hit by a bus or something.
  • Re:"Hijack?" (Score:5, Informative)

    by jon787 (512497) on Tuesday April 29, 2008 @09:42PM (#23247140) Homepage Journal
    That it doesn't belong to the parent company either:

    $ whois 134.17.0.0

    OrgName: SF Bay Packet Radio
    OrgID: SBPR-1
    Address: 1490 W 121st Ave
    Address: Suite 201
    City: Westminster
    StateProv: CO
    PostalCode: 80234
    Country: US

    NetRange: 134.17.0.0 - 134.17.255.255
    CIDR: 134.17.0.0/16
    NetName: BAY-PR-NET
    NetHandle: NET-134-17-0-0-1
    Parent: NET-134-0-0-0-0
    NetType: Direct Assignment
    NameServer: NS1.SFBPRSERVICES.COM
    NameServer: NS2.SFBPRSERVICES.COM
    Comment:
    RegDate: 1989-04-12
    Updated: 2007-10-05
  • by wytcld (179112) on Tuesday April 29, 2008 @09:52PM (#23247212) Homepage
    Um no. Everyone else knows this. But might as well clue you in. They've claimed 134.17.*.* - all of it.
  • by Have Blue (616) on Tuesday April 29, 2008 @10:26PM (#23247450) Homepage
    The "/16" means they claimed the remaining 16 bits of the 32-bit IP address whose first 2 bytes are 134.17 in decimal- everything from 134.17.0.0 to 134.17.255.255. That's one of only 65,000 blocks of its class available and is the sort of range that would be owned by a large corporation or university.
  • So I'm bored... (Score:2, Informative)

    by Mutiny32 (932593) on Wednesday April 30, 2008 @01:18AM (#23248618)
    The very first evidence I can find of the 134.17.0.0 being reserved is referenced in RFC 1166 to BAY-PR-NET with a contact of a Mr. Milo Medin of NASA Science Internet Program Office (MEDIN@NSIPO.NASA.GOV), who This RFC is obviously outdated (July 1990), but government agencies usually don't give up their IP space. Initial impression is that NASA was/is involved in providing connectivity to the Pacific Rim; in some ways with AX.25. If this is still the case, then the US Government should have a little talk with whoever gave/sold one of their /16 nets to some lady in Colorado who is the CIO for one of the most notorious spammers in the world.
  • Re:So I'm bored... (Score:2, Informative)

    by Mutiny32 (932593) on Wednesday April 30, 2008 @02:00AM (#23248804)
    A little more digging around reveals that NASA reserved this space for use of testing and implementing TCP/IP links over AX.25 (packet radio). This was later part of the NASA Science Internet; which eventually just became part of the Internet. The company name SF Bay Packet Radio, LLC looks to be a bogus company name to make it look to ARIN that it is the original owner of the address space, reserved and documented in RFC 1166 in 1990. Most accurately known as identity theft. It is most likely that NASA Ames and subsequently the US Government still owns the 134.17.0.0/16 address space. I wonder if someone could get in touch Mr. Medin, who is now the founder and CTO of M2Z Networks, Inc of Menlo Park, CA and ask him if he knows much more about this. It is possible that this space has actually been hijacked from NASA Ames Research Center.
  • by billstewart (78916) on Wednesday April 30, 2008 @12:52PM (#23252474) Journal
    As much as I dislike Scotty Richter and his tactics, you can't say he isn't a clever bastard.


    The rules for managing pre-ARIN space aren't totally clear, but nobody's worried about them too much because they were mostly owned by large reputable organizations, such as universities and government contractors. (Some of them may need to set the Evil Bit on their packets, but none of them needed to set the Stupid Bit.) In many cases, they've given most of their space back to IANA or ARIN - several universities have returned their Class A /8 space in return for smaller allocations. Also, IANA predates ARIN - while I've got real problems with ICANN's appropriation of Jon Postel's Ghost, and they've delegated most of the policy-making to ARIN, RIPE, APNIC, etc., they're still somewhat in charge.


    But there have been a few early-adopters that are no longer in business - and in some cases their IP address space was worth more than their remaining furniture and intellectual property. Does the space revert to IANA if the organization is gone? Probably, but if you can pretend the organization is Not Dead Yet, you might get away with keeping their space. In some cases, you can do that more legitimately than in other cases. (A friend of a friend was the former sysadmin from a defunct early-adopter company that had had a Class B /16 address block, which by the mid-Internet-boom was probably worth $100K. Unfortunately, his ownership of it was dubious enough that he never felt that he could legitimately sell it, and unlike Scotty's newly acquired block of space, it didn't have a corporate shell wrapped around it that he could sell either.)


    OptInRealBig and their corporate-shell sock puppets have owned large IP spaces before. It's been a while, so I may have details wrong; if I remember correctly, one of the sock puppets was a "web hosting" company, with lots of "customers", and if one of those "customers" got caught spamming, then they'd get spanked for violating the AUP ("Bad! Bad customer!") - and there was enough IP space that they could keep playing this game for a long time.

"The value of marriage is not that adults produce children, but that children produce adults." -- Peter De Vries

Working...