RIPE Down or DOSed ?
jlewis at lewis.org
jlewis at lewis.org
Fri Feb 28 02:58:05 UTC 2003
On Thu, 27 Feb 2003, Kai Schlichting wrote:
> Secrecy over a public resource = no oversight = facilitator of abuse.
>
> Why do I get the distinct feeling that this "move" by Level3 is
> aimed not at creating greater customer privacy (it never served
> POC email addresses), or protecting themselves from getting their
> customer base poached by other providers, but at preventing
> people from identifying spamming Level3 customers (of which they
> seem to have 100's) by organization name and being able to
> correlate activity from different netblocks of theirs.
Though I agree, Level3 seems to host a good number of spammers, they're by
no means the only guilty party. Pulled at random from recent spams I've
submitted to NJABL are 69.6.4.104, 69.6.4.114, and 69.6.4.156. whois
@arin.net yields the following:
...
NetRange: 69.6.0.0 - 69.6.63.255
CIDR: 69.6.0.0/18
NetName: WHOLE-2
NetHandle: NET-69-6-0-0-1
Parent: NET-69-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.WHOLESALEBANDWIDTH.COM
NameServer: NS2.WHOLESALEBANDWIDTH.COM
...
Where are the swips? The rest of that record makes no mention of an
rwhois server. Doing a bunch of whois requests for IPs in that block, I
found only one swip (for a /21). I realize the ARIN regs don't seem to
require that reassignment info be made available to the public (just to
ARIN), but using your innocent customers (if there are any) as a shield to
hide your spammer customers is just wrong. Should I block 69.6.4.0/24
from sending email into my systems? 69.6.0.0/18?
http://www.njabl.org/cgi-bin/lookup.cgi?query=69.6.4.104
http://www.njabl.org/cgi-bin/lookup.cgi?query=69.6.4.114
http://www.njabl.org/cgi-bin/lookup.cgi?query=69.6.4.156
----------------------------------------------------------------------
Jon Lewis *jlewis at lewis.org*| I route
System Administrator | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the NANOG
mailing list