Dozens of Dormant North American Networks Suspiciously Resurrected at Once


More than fifty networks in the North American region suddenly burst to life after being dormant for a long period of time, Spamhaus reveals.

The Geneva-based international nonprofit organization is focused on tracking spam, phishing, malware, and botnets, and provides threat intelligence that can help filter spam and related threats.

The organization noticed last week that 52 dormant networks in the ARIN (North-America) area were resurrected concurrently, and that each of them has been announced by a different autonomous system number (ASN), also inactive for a significant period of time.

“In 48 cases, these are /20 networks amounting to 4096 IPv4 addresses, and in the remaining 4 cases, they are /19 networks with 8192 addresses,” Spamhaus explained.

The main issue, the organization says, is that chances are almost zero for 52 organizations to suddenly come back online, all at once, although (a rare occurrence as well) some organizations might resurface after taking their network offline for a while.

Furthermore, Spamhaus could not establish a connection between these networks and the ASNs announcing them, except for the fact that they had been inactive for a long period of time.

“Traceroutes and pings indicate that they are all physically hosted in the New York City area, in the US,” the organization notes.

While investigating the incident, Spamhaus also discovered that the Border Gateway Protocol (BGP) paths that connect these networks to their hosting facility involve Ukrainian ASNs, and that these Ukrainian companies are connecting these networks to major backbones.

“Given the unlikelihood that these routes are legitimate, we have placed almost all of them on our DROP (Do not Route or Peer) list, until their owners clarify the situation,” the organization notes.

The company has published full details on these networks, as well as information on associated resources and their Spamhaus Block List (SBL) IDs.

While some of the routes had been withdrawn shortly after resurrection, many were still up and running toward the end of the week.

Related: Russian Telco Hijacked Internet Traffic of Major Networks – Accident or Malicious Action?

Related: Embrace RPKI to Secure BGP Routing, Cloudflare Says

Related: Free MANRS Tool Helps Improve Routing Security

Ionut Arghire is an international correspondent for SecurityWeek.

Previous Columns by Ionut Arghire:
Tags:



Source link

Latest articles

Google Warning: North Korean Gov Hackers Targeting Security Researchers

Google late Monday raised the alarm about a “government-backed entity based in North Korea” targeting -- and hacking into -- computer systems belonging...

South Carolina County Suffers Weekend Cyberattack

A coastal South Carolina county says hackers broke into its computer network over the weekend. A statement from Georgetown County’s local government Monday said...

Open source magic solves a months-long problem in 20 minutes

Commentary: Capventis and other system integrators increasingly depend on open source to help them solve...

Preparing for the “unlockdown”: Your team’s needs have changed, so listen to them

Many signs point to 2021 being a year of significant change as the world reopens....

Related articles

Leave a reply

Please enter your comment!
Please enter your name here