Revealed: The Internet's well known BGP behavior

Patrick W. Gilmore patrick at ianai.net
Thu Aug 28 07:01:25 CDT 2008


On Aug 28, 2008, at 6:25 AM, Suresh Ramasubramanian wrote:

> Most of the spammer acquired /16s have been
>
> 1. pre arin
>
> 2. caused by buying up assets of long defunct companies .. assets that
> just happen to include a /16 nobody knew about
>
> Not exactly hijacks this lot .. just like those "barely legal" teen  
> mags.

There have been tons of spam runs I have seen from "hijacked" blocks  
were simply announcing an unused block or a de-agg of a used block,  
sending spam for a few minutes / hours / days, and stopping the  
announcement.

This does not require special techniques, just an upstream willing to  
accept & propagate your announcement.  Alex & Anthony's preso is about  
intercepting legit traffic, not sending illegitimate traffic.

-- 
TTFN,
patrick


> On Thu, Aug 28, 2008 at 2:28 PM, Gadi Evron <ge at linuxbox.org> wrote:
>>
>> People (especially spammers) have been hijacking networks for a  
>> while now,
>> maybe now that we have a presentation to whore around, operators can
>> pressure vendors and bosses.
>>
>





More information about the NANOG mailing list