[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

dealing with bogon spam ?

Subject: dealing with bogon spam ?
From: ops.lists at gmail.com (Suresh Ramasubramanian)
Date: Wed, 28 Oct 2009 12:56:41 +0530
In-reply-to: <[email protected]>
References: <290EF89F13F04F4E924BB235A46D18F1043B40145F@MLBMXUS2.cs.myharris.net> <[email protected]> <[email protected]>

Ah, colo4jax I see. Jacksonville, Florida.

68.234.16.0/20 shows up as unallocated but as these guys own the
previous /20 its probably a stale arin db and a brand new allocation

  Prefix               AS Path
Aggregation Suggestion
  68.234.0.0/20        4777 2497 25973 40430
  68.234.16.0/20       4608 1221 4637 3561 40430
  69.174.96.0/21       4777 2497 25973 40430
  173.205.80.0/20      4777 2497 25973 40430
  204.237.184.0/21     4777 2497 25973 40430
  204.237.192.0/22     4777 2497 25973 40430
  208.153.96.0/22      4777 2497 25973 40430
  208.169.228.0/22     4777 2497 25973 40430


On Wed, Oct 28, 2009 at 12:14 PM, Leslie <leslie at craigslist.org> wrote:
> Yes, unallocated (at least according to ARIN's whois db) but not unannounced
> - obviously our network can get to the space or else I wouldn't be having a
> spam problem with them! ? I'm actually seeing this ?/20 as advertised
> through Savvis from AS40430
>
> It seems to me like the best solution might be a semi-hacky solution of
> asking arin (and other IRR's) if i can copy its DB and creating an internal
> peer which null routes unallocated blocks (updated nightly?)
>
> Has anyone seen an IRR's DB's not being updated for more than 30 days after
> allocations? ?I always assumed that they are quickly updated.
>
> Thanks again,
> Leslie
>
> Jon Lewis wrote:
>>
>> Unallocated doesn't mean non-routed. ?All a spammer needs is a
>> willing/non-filtering provider doing BGP with them, and they can announce
>> any space they like, send out some spam, and then pull the announcement.
>> Next morning, when you see the spam and try to figure out who to send
>> complaints to, you're either going to complain to the wrong people or find
>> that whois is of no help.
>>
>> On Tue, 27 Oct 2009, Church, Charles wrote:
>>
>>> This is puzzling me. ?If it's from non-announced space, at some point
>>> some router should report no route to it. ?How is the TCP handshake
>>> performed to allow a sync to turn into spam?
>>>
>>> Chuck
>>>
>>> Chuck Church
>>> Network Planning Engineer, CCIE #8776
>>> Harris Information Technology Services
>>> DOD Programs
>>> 1210 N. Parker Rd. | Greenville, SC 29609
>>> Office: 864-335-9473 | Cell: 864-266-3978
>>> --------------------------
>>> Sent using BlackBerry
>>>
>>>
>
>



-- 
Suresh Ramasubramanian (ops.lists at gmail.com)

References:
- dealing with bogon spam ?
  - From: cchurc05 at harris.com (Church, Charles)
- dealing with bogon spam ?
  - From: jlewis at lewis.org (Jon Lewis)
- dealing with bogon spam ?
  - From: leslie at craigslist.org (Leslie)

Prev by Date: dealing with bogon spam ?
Next by Date: dealing with bogon spam ?
Previous by thread: dealing with bogon spam ?
Next by thread: dealing with bogon spam ?
Index(es):
- Date
- Thread