[Scspamcop] Re: the RBN on Turkish Telekom?

Mike Easter MikeE at ster.invalid
Wed Feb 6 15:11:04 EST 2008 

RandallW wrote:
> "Mike Easter"

> Some upstream ISPs dropped RBN in 2007; speculation was that China
> would be the new home of the RBN.
>
http://blog.washingtonpost.com/securityfix/2007/11/russian_business_network_down.html
>
http://www.dmnews.com/Finjan-Chinese-cybercrime-networks-fill-void-left-by-Russian-Business-Network/article/100002/
>
> So what online tools could a person use to see who's providing
> upstream connectivity for them now?

Upstream connectivity generally refers to peering relationships for a
particular IP.

In this case, we are talking about the IP 88.255.90.212 which lives in
here:

inetnum:        88.255.90.0 - 88.255.90.255
netname:        AbdAllah_Internet

The ripe contact for that /24 is ipadmin at ahlen.biz

route:          88.255.0.0/16
descr:          TurkTelekom
origin:         AS9121

That ASN information is supported by cymru & radb whois.

The ripe contact for TurkTelekom /16 (parent) is abuse at ttnet.net.tr

The adjacencies for AS9121 can be seen by looking at the upstream
portion of an AS report

  Adjacency:   159  Upstream:     9  Downstream:   150
  Upstream Adjacent AS list
    AS23393         ISPRIME - ISPrime, Inc.
    AS3549          GBLX Global Crossing Ltd.
    AS3741          IS
    AS3257          TISCALI-BACKBONE Tiscali Intl Network BV
    AS1299          TELIANET TeliaNet Global Network
    AS174           COGENT Cogent/PSI
    AS3356          LEVEL3 Level 3 Communications
    AS6695          DECIX-AS DE-CIX, the German Internet Exchange
    AS6762          SEABONE-NET Telecom Italia Sparkle

Such information is provided with the caveat:

// AS Adjancency Report - In the context of this report "Upstream"
indicates that there is an adjacent AS that lines between the BGP table
collection point (in this case at AS2.0) and the specified AS.
Similarly, "Downstream" refers to an adjacent AS that lies beyond the
specified AS. This upstream / downstream categorisation is strictly a
description relative topology, and should not be confused with provider
/ customer / peer inter-AS relationships. //

Where the most important imperative is the last sentence;  that this
information is about topology, not about such concepts as some upstream
telling some downstream 'what to do'.

In reality, there isn't much you can do with that information.  The
concept is that entities such as spamhaus might have some kind of
influence on a provider such as the .tr one by creating the SBL listings
which some providers might use for antispam purposes -- but if the .tr
provider wants to host the ROKSO Russian-Business-Network, then there is
nothing you nor anyone else can do about it directly.  You can put them
on a 'list' if you want to, but that's about all.

-- 
Mike Easter
kibitzer, not SC admin

More information about the SCspamcop mailing list