dealing with bogon spam ?

Leslie leslie at
Wed Oct 28 10:14:11 CDT 2009

Just FYI the colo4jax guys got back to me and it is a stale ARIN db 
entry - I guess they don't update it as quickly as I thought.  So this 
is now just a normal case of spam.


Leslie wrote:
> Yes, unallocated (at least according to ARIN's whois db) but not 
> unannounced - obviously our network can get to the space or else I 
> wouldn't be having a spam problem with them!   I'm actually seeing this 
>  /20 as advertised through Savvis from AS40430
> It seems to me like the best solution might be a semi-hacky solution of 
> asking arin (and other IRR's) if i can copy its DB and creating an 
> internal peer which null routes unallocated blocks (updated nightly?)
> Has anyone seen an IRR's DB's not being updated for more than 30 days 
> after allocations?  I always assumed that they are quickly updated.
> Thanks again,
> Leslie
> Jon Lewis wrote:
>> Unallocated doesn't mean non-routed.  All a spammer needs is a 
>> willing/non-filtering provider doing BGP with them, and they can 
>> announce any space they like, send out some spam, and then pull the 
>> announcement. Next morning, when you see the spam and try to figure 
>> out who to send complaints to, you're either going to complain to the 
>> wrong people or find that whois is of no help.
>> On Tue, 27 Oct 2009, Church, Charles wrote:
>>> This is puzzling me.  If it's from non-announced space, at some point 
>>> some router should report no route to it.  How is the TCP handshake 
>>> performed to allow a sync to turn into spam?
>>> Chuck
>>> Chuck Church
>>> Network Planning Engineer, CCIE #8776
>>> Harris Information Technology Services
>>> DOD Programs
>>> 1210 N. Parker Rd. | Greenville, SC 29609
>>> Office: 864-335-9473 | Cell: 864-266-3978
>>> --------------------------
>>> Sent using BlackBerry

More information about the NANOG mailing list