dealing with bogon spam ?

• Previous message (by thread): dealing with bogon spam ?
• Next message (by thread): dealing with bogon spam ?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ah, colo4jax I see. Jacksonville, Florida.

68.234.16.0/20 shows up as unallocated but as these guys own the
previous /20 its probably a stale arin db and a brand new allocation

  Prefix               AS Path
Aggregation Suggestion
  68.234.0.0/20        4777 2497 25973 40430
  68.234.16.0/20       4608 1221 4637 3561 40430
  69.174.96.0/21       4777 2497 25973 40430
  173.205.80.0/20      4777 2497 25973 40430
  204.237.184.0/21     4777 2497 25973 40430
  204.237.192.0/22     4777 2497 25973 40430
  208.153.96.0/22      4777 2497 25973 40430
  208.169.228.0/22     4777 2497 25973 40430


On Wed, Oct 28, 2009 at 12:14 PM, Leslie <leslie at craigslist.org> wrote:
> Yes, unallocated (at least according to ARIN's whois db) but not unannounced
> - obviously our network can get to the space or else I wouldn't be having a
> spam problem with them!   I'm actually seeing this  /20 as advertised
> through Savvis from AS40430
>
> It seems to me like the best solution might be a semi-hacky solution of
> asking arin (and other IRR's) if i can copy its DB and creating an internal
> peer which null routes unallocated blocks (updated nightly?)
>
> Has anyone seen an IRR's DB's not being updated for more than 30 days after
> allocations?  I always assumed that they are quickly updated.
>
> Thanks again,
> Leslie
>
> Jon Lewis wrote:
>>
>> Unallocated doesn't mean non-routed.  All a spammer needs is a
>> willing/non-filtering provider doing BGP with them, and they can announce
>> any space they like, send out some spam, and then pull the announcement.
>> Next morning, when you see the spam and try to figure out who to send
>> complaints to, you're either going to complain to the wrong people or find
>> that whois is of no help.
>>
>> On Tue, 27 Oct 2009, Church, Charles wrote:
>>
>>> This is puzzling me.  If it's from non-announced space, at some point
>>> some router should report no route to it.  How is the TCP handshake
>>> performed to allow a sync to turn into spam?
>>>
>>> Chuck
>>>
>>> Chuck Church
>>> Network Planning Engineer, CCIE #8776
>>> Harris Information Technology Services
>>> DOD Programs
>>> 1210 N. Parker Rd. | Greenville, SC 29609
>>> Office: 864-335-9473 | Cell: 864-266-3978
>>> --------------------------
>>> Sent using BlackBerry
>>>
>>>
>
>



-- 
Suresh Ramasubramanian (ops.lists at gmail.com)

• Previous message (by thread): dealing with bogon spam ?
• Next message (by thread): dealing with bogon spam ?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]