dealing with bogon spam ?

Wed Oct 28 15:14:11 UTC 2009

Just FYI the colo4jax guys got back to me and it is a stale ARIN db 
entry - I guess they don't update it as quickly as I thought.  So this 
is now just a normal case of spam.

Leslie

Leslie wrote:
> Yes, unallocated (at least according to ARIN's whois db) but not 
> unannounced - obviously our network can get to the space or else I 
> wouldn't be having a spam problem with them!   I'm actually seeing this 
>  /20 as advertised through Savvis from AS40430
> 
> It seems to me like the best solution might be a semi-hacky solution of 
> asking arin (and other IRR's) if i can copy its DB and creating an 
> internal peer which null routes unallocated blocks (updated nightly?)
> 
> Has anyone seen an IRR's DB's not being updated for more than 30 days 
> after allocations?  I always assumed that they are quickly updated.
> 
> Thanks again,
> Leslie
> 
> Jon Lewis wrote:
>> Unallocated doesn't mean non-routed.  All a spammer needs is a 
>> willing/non-filtering provider doing BGP with them, and they can 
>> announce any space they like, send out some spam, and then pull the 
>> announcement. Next morning, when you see the spam and try to figure 
>> out who to send complaints to, you're either going to complain to the 
>> wrong people or find that whois is of no help.
>>
>> On Tue, 27 Oct 2009, Church, Charles wrote:
>>
>>> This is puzzling me.  If it's from non-announced space, at some point 
>>> some router should report no route to it.  How is the TCP handshake 
>>> performed to allow a sync to turn into spam?
>>>
>>> Chuck
>>>
>>> Chuck Church
>>> Network Planning Engineer, CCIE #8776
>>> Harris Information Technology Services
>>> DOD Programs
>>> 1210 N. Parker Rd. | Greenville, SC 29609
>>> Office: 864-335-9473 | Cell: 864-266-3978
>>> --------------------------
>>> Sent using BlackBerry
>>>
>>>