Revealed: The Internet's well known BGP behavior

Patrick W. Gilmore patrick at
Thu Aug 28 07:01:25 CDT 2008

On Aug 28, 2008, at 6:25 AM, Suresh Ramasubramanian wrote:

> Most of the spammer acquired /16s have been
> 1. pre arin
> 2. caused by buying up assets of long defunct companies .. assets that
> just happen to include a /16 nobody knew about
> Not exactly hijacks this lot .. just like those "barely legal" teen  
> mags.

There have been tons of spam runs I have seen from "hijacked" blocks  
were simply announcing an unused block or a de-agg of a used block,  
sending spam for a few minutes / hours / days, and stopping the  

This does not require special techniques, just an upstream willing to  
accept & propagate your announcement.  Alex & Anthony's preso is about  
intercepting legit traffic, not sending illegitimate traffic.


> On Thu, Aug 28, 2008 at 2:28 PM, Gadi Evron <ge at> wrote:
>> People (especially spammers) have been hijacking networks for a  
>> while now,
>> maybe now that we have a presentation to whore around, operators can
>> pressure vendors and bosses.

More information about the NANOG mailing list