Article on spammers and their infrastructure

Jon Lewis jlewis at lewis.org
Tue Dec 22 15:24:26 CST 2009


On Tue, 22 Dec 2009, Phil Regnauld wrote:

> http://threatpost.com/en_us/blogs/attackers-buying-own-data-centers-botnets-spam-122109
>
> It this something new ?  The article seems to mix various issues together.
> And this would seem highly inefficient to me compared to traditional
> botnets (renting your own rack for a botnet doesn't really make sense :)

I don't see how going to jump.ro, getting a bunch of IP assignments, and 
then setting those IPs up on a server or few servers in the US = 
"attackers buying own data centers".

I am curious how both jump.ro and the other RIPE region LIRs involved in 
assigning the space and the US based networks that have been involved 
routing it justify assigning/routing "Assigned PA" space to "customers" 
who only use that space in their US operations (which in the cases I've 
seen have primarily been high volume email deployment).

According to http://www.ripe.net/ripe/docs/ipv4-policies.html

  ASSIGNED PA: This address space has been assigned to an End User for use
  with services provided by the issuing LIR. It cannot be kept when
  terminating services provided by the LIR.

Should US based networks be willing to route RIPE "ASSIGNED PA" space 
customers provide?

----------------------------------------------------------------------
  Jon Lewis                   |  I route
  Senior Network Engineer     |  therefore you are
  Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________




More information about the NANOG mailing list