dealing with bogon spam ?

Suresh Ramasubramanian ops.lists at gmail.com
Wed Oct 28 01:00:38 UTC 2009


Having been postmastering at various places for about a decade, I have
seen that too - yes.  But cymru style filtering means its kind of out
of fashion now.

Though - a lot of the cases I've seen have been

1. Out of date whois client and the IP's been allocated after the
whois client came out (with a hardcoded list of unallocated IPs)
2. Whois db is out of date - comparatively rarer but known to occur

Especially if you see a mainstream carrier routing it instead of some
small outfit in Eastern Europe  .. chances are its stale db somewhere
rather than totally unallocated block and phantom routing

On Wed, Oct 28, 2009 at 6:25 AM, Jon Kibler <Jon.Kibler at aset.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Suresh Ramasubramanian wrote:
>
>> If the /20 is being routed, and announced - chances are it IS allocated.
>
> Don't bet on it. This is one of the oldest spammer tricks in the book. I worked
> with ISPs as far back as the late 90s trying to track down poachers who
> temporarily squat on an unallocated block and announce it to the world.
>




More information about the NANOG mailing list