Revealed: The Internet's well known BGP behavior
Patrick W. Gilmore
patrick at ianai.net
Thu Aug 28 12:01:25 UTC 2008
On Aug 28, 2008, at 6:25 AM, Suresh Ramasubramanian wrote:
> Most of the spammer acquired /16s have been
>
> 1. pre arin
>
> 2. caused by buying up assets of long defunct companies .. assets that
> just happen to include a /16 nobody knew about
>
> Not exactly hijacks this lot .. just like those "barely legal" teen
> mags.
There have been tons of spam runs I have seen from "hijacked" blocks
were simply announcing an unused block or a de-agg of a used block,
sending spam for a few minutes / hours / days, and stopping the
announcement.
This does not require special techniques, just an upstream willing to
accept & propagate your announcement. Alex & Anthony's preso is about
intercepting legit traffic, not sending illegitimate traffic.
--
TTFN,
patrick
> On Thu, Aug 28, 2008 at 2:28 PM, Gadi Evron <ge at linuxbox.org> wrote:
>>
>> People (especially spammers) have been hijacking networks for a
>> while now,
>> maybe now that we have a presentation to whore around, operators can
>> pressure vendors and bosses.
>>
>
More information about the NANOG
mailing list