Senderbase is offbase, need some help

Matthew Petach mpetach at netflight.com
Sun Apr 18 21:02:27 UTC 2010


On Sun, Apr 18, 2010 at 10:15 AM, gordon b slater <gordslater at ieee.org> wrote:
> On Sat, 2010-04-17 at 16:45 -0400, William Herrin wrote:
>
>> Interesting; I see similar results for my address space. Two
>> addresses, one of which hasn't been attached to a machine for a decade
>> and the other a virtual IP on a web server where the particular IP
>> never emits connections. Magnitude's only "0.48" for both but still,
>> they shouldn't even appear.
>
> Yep, same here, at two seperate sites. It's in the "reserved for extreme
> emergencies" zone at the top of each assigned block. As per house
> practice it is tcpdumped 24/7, and has been for the last 4 years. Zero
> traffic from it at the perimiter.
>
> Go figure.
>
> Gord

Have you checked cyclops and other BGP announcement tracking systems
to see if it might have been a short-lived whack-a-mole short prefix hijack
(pop up, announce block, send burst of spam, remove announcement, disappear
again)?

Matt




More information about the NANOG mailing list