back to article Are second-hand MoD IPv4 addresses being used in invoice scams?

Crooks appear to be taking advantage of the recent sale of the UK Ministry of Defence’s IPv4 address space to run more convincing scams. They have purportedly bought blocks of IP addresses with previously pristine records to distribute scams. This malfeasance was enabled, in part, because the relevant Whois database entries …

  1. Roq D. Kasba

    Roll on IPv6

    With a big enough space to throw used addresses in the bin forever.

    1. rh587
      Joke

      Re: Roll on IPv6

      Forever?

      "It's an older IP sir, but it checks out."

      (Because it's that week!)

    2. Anonymous Coward
      Anonymous Coward

      Re: Roll on IPv6

      Yes, as if that would make any difference, IPv6 isn't an answer to this and it's not an answer to many other Internet ills either.

      Who is accepting their bogus BGP announcements?

      1. Pascal

        Re: Roll on IPv6

        They're not bogus announcements, they acquired these blocks when the MoD released them. It's the MoD's error (not cleaning up the entries associating them with these blocks) that is at fault here (well, and the spammers for not correcting them either before using the blocks).

        The BGP bit in there is just "in the past we've seen hiijacked blocks and this here smells just as fishy but is not the same thing".

  2. Mage Silver badge

    Not about IP range

    Relying on the IP address to validate anything is nuts.

    Paying bogus invoices is incompetence.

  3. MatthewSt
    Mushroom

    Hamachi

    For it's VPN process, Logmein's Hamachi uses the 25.x.x.x range. I'm always surprised this hasn't caused a problem for it so far...!

    1. pompurin

      Re: Hamachi

      Which as it happens is the MOD IP range. TIL.

    2. Crazy Operations Guy

      Re: Hamachi

      I always hate it when folk use real IP ranges for stuff like that. I can't count the number of times I've seen networks melt down because someone decided to use the 1.x.x.x network space or some other IP range that wasn't assigned to them. The RFC 1918 space is more than big enough people (a /8, a /12, and a /16 or 17 million addresses), pick something in there and use it...

      1. Alan Brown Silver badge

        Re: Hamachi

        "I can't count the number of times I've seen networks melt down because someone decided to use the 1.x.x.x network space or some other IP range that wasn't assigned to them."

        The people in question usually never heard of RFCs and private IP ranges until a long time after they decided to connect their private network to the new-fangled Internet.

        128.* was popular in a lot of these kinds of networks in the 1980s.

      2. Joe Montana

        Re: Hamachi

        And this is fine if your just using those ranges internally at a single organisation...

        But what about when you try to merge organisations together, and/or use VPN links?

        Our company VPN will often conflict with the address space being used on other networks.

  4. Fred Flintstone Gold badge

    Like the "Botnote"..

    .. rather than Bootnote. Rather appropriate :)

  5. Version 1.0 Silver badge

    fake invoices

    I'm seeing a lot of these recently - however most of them appear to be infection attempts rather than actual fraud. This sort of thing always increases around Christmas.

    1. Anonymous Coward
      Anonymous Coward

      Re: fake invoices

      "This sort of thing always increases around Christmas."

      low security awareness + increased alcohol intake = lack of competence

  6. MyffyW Silver badge

    Full Marks

    For the Kipling reference, El Reg.

    O it's Tommy this, and Tommy that, and " Tommy, go away " ;

    But it's " Thank you, Mister Atkins," when the band begins to play

    The love song of an army of IT analysts.

    1. david 12 Silver badge

      Re: Full Marks

      Fully marks to Myffy W for the referece to a favorite poet, but "Tommy Atkins" was the default name for illiterate or generic British soldiers well before Rudyard started Kipling.

  7. Kay Burley ate my hamster

    And it happened again, this time DWP.

    Makes you wonder where that 'invoice' money is headed.

    http://www.mirror.co.uk/news/technology-science/technology/hackers-trace-isis-twitter-accounts-7010417

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like