From: "Ronald F. Guilmette" To: noc@cogentco.com Subject: Routing for Elad Cohen Fcc: outbox -------- Greetings, My name is Ron Guilmette and I am security researcher located in California. As you may already know, I have been performing detailed research and analysis regading the various route announcements that have been made, and that are being made, primarily by your company, Cogent, and on behalf of both FDCServers and a certain Mr. Elad Cohen who is affiliated with the Israeli company called Netstyle Atarim Ltd. In recent days, it appears that Cogent, perhaps in response to media reports about these fraudlent route announcemnent, has ceased making some, but by no means all of the relevant route announcements to some of the IPv4 address blocks that the end customer, Mr. Cohen, has quite cleverly managed to trick people into believing that he actually has some rights to, including even a block (165.25.0.0/16) that belong to the City of Cape Town, South Africa, and two other /16 blocks (139.44.0.0/16 and 168.198.0.0/16) that clearly belong to the Port Authority of the City of Melbourne, Australia, and to the Department of Finance of the Australian national government, respectively. As part of my ongoing research on this issue, I am requesting you to provide to me, at your earliest opportunity, copies of the purported, and very likely fradulent LOAs that Mr. Cohen has provided to your company, and that you are, even as we speak, continuing to use and to rely upon as a plausible rationale for continuing to route the following blocks to Mr. Cohen and to his enterprise, which appears to be based largely on fraud, and upon the theft of IPv4 address blocks that actually belong to other parties. 163.198.196.0/22 163.198.200.0/22 163.198.204.0/22 163.198.208.0/22 163.198.220.0/22 163.198.224.0/22 163.198.228.0/22 163.198.232.0/22 163.198.236.0/22 163.198.240.0/22 163.198.244.0/22 163.198.248.0/22 163.198.252.0/22 163.198.0.0/16 168.80.76.0/22 168.80.88.0/22 168.80.156.0/22 168.80.188.0/22 168.80.236.0/22 168.81.0.0/22 168.81.13.0/24 168.81.14.0/24 168.81.28.0/22 168.81.172.0/22 168.81.192.0/22 168.81.208.0/24 168.81.210.0/24 168.81.232.0/22 168.81.240.0/22 168.81.252.0/24 168.81.254.0/24 196.16.16.0/20 196.16.32.0/19 196.16.116.0/22 196.16.124.0/22 196.16.168.0/22 196.16.176.0/22 196.16.196.0/22 196.17.16.0/20 196.17.32.0/19 196.17.64.0/22 196.17.92.0/24 196.17.96.0/21 196.17.108.0/22 196.17.116.0/22 196.17.120.0/22 196.17.124.0/22 196.17.192.0/22 196.17.196.0/22 196.17.222.0/24 196.17.225.0/24 196.18.4.0/22 196.18.16.0/20 196.18.32.0/19 196.18.64.0/20 196.18.96.0/21 196.18.108.0/22 196.18.116.0/22 196.18.124.0/22 196.18.148.0/22 196.18.192.0/22 196.18.197.0/24 196.18.238.0/23 196.19.0.0/22 196.19.5.0/24 196.19.6.0/23 196.19.16.0/20 196.19.32.0/19 196.19.108.0/22 196.19.116.0/22 196.19.124.0/22 196.19.136.0/22 196.19.140.0/22 196.19.148.0/22 196.19.169.0/24 196.19.170.0/23 196.19.172.0/22 196.19.188.0/22 196.19.192.0/22 165.25.0.0/16 196.15.104.0/22 196.15.108.0/22 196.15.112.0/22 196.15.116.0/22 196.15.120.0/22 196.15.124.0/22 160.116.16.0/22 160.116.24.0/22 160.116.36.0/22 160.116.48.0/22 160.116.60.0/22 160.116.72.0/22 160.116.84.0/22 160.116.96.0/22 160.116.108.0/22 160.116.120.0/22 160.116.132.0/22 160.116.144.0/22 160.116.156.0/22 160.116.168.0/22 160.116.180.0/22 160.116.192.0/22 160.116.200.0/22 160.116.212.0/22 160.116.236.0/22 160.116.240.0/22 160.116.244.0/22 160.116.248.0/22 160.116.252.0/22 165.54.0.0/16 165.55.0.0/16 I look foward to receiving from you corresponding LOAs for all of the above stolen IP blocks. I would additionaly appreciate it if you would be so kind as to explain to me why you are routing all of the above blocks to your customer, FDCServers, and then on to Mr. Cohen. This is a bit of a mystery here on my end, and among the other poeple I have been discussing this matter with, due to the obvious fact that Mr. Cohen has several of his own AS numbers, by which he could, quite certainly, be announcing the routes listed above directly and himself, specifically: AS43945 AS58018 AS199267 Can you explain why Cogent, apparently at the request of FDCServers, is routing Mr. Cohen's stolen goods when he could just as well be doing that himself directly? Is Mr. Cohen using or attempting to use Cogent as a kind of a shield to protect his IP block thefts? I look forward to your timely response. Regards, Ron Guilmette Roseville, California Tel: +1-916-786-7945