Tens of Dormant North American Networks Suspiciously Resurrected at Once

More than fifty networks in the North American region suddenly burst to life after being dormant for a long period of time, Spamhaus reveals.


The Geneva-based international nonprofit organization is focused on tracking spam, phishing, malware, and botnets, and provides threat intelligence that can help filter spam and related threats.


Last week, the organization noticed that, within days, 52 dormant networks in the ARIN (North-America) area were resurrected concurrently, and that each of them has been announced by a different autonomous system number (ASN), also inactive for a significant period of time.


“In 48 cases, these are /20 networks amounting to 4096 IPv4 addresses, and in the remaining 4 cases, they are /19 networks with 8192 addresses,” Spamhaus explains.


The main issue, the organization explains, is that chances are almost zero for 52 organizations to suddenly come back online, all at once, although (a rare occurrence as well) some organizations might resurface after taking their network offline for a while.


Furthermore, Spamhaus could not establish a connection between these networks and the ASNs announcing them, except for the fact that they had been inactive for a long period of time.


“Traceroutes and pings indicate that they are all physically hosted in the New York City area, in the US,” the organization notes.


While investigating the incident, Spamhaus also discovered that the Border Gateway Protocol (BGP) paths that connect these networks to their hosting facility involve Ukrainian ASNs, and that these Ukrainian companies are connecting these networks to major backbones.


“Given the unlikelihood that these routes are legitimate, we have placed almost all of them on our DROP (Do not Route or Peer) list, until their owners clarify the situation,” the organiza ..

Support the originator by clicking the read the rest link below.