dealing with bogon spam ?
leslie at craigslist.org
Wed Oct 28 06:44:40 UTC 2009
Yes, unallocated (at least according to ARIN's whois db) but not
unannounced - obviously our network can get to the space or else I
wouldn't be having a spam problem with them! I'm actually seeing this
/20 as advertised through Savvis from AS40430
It seems to me like the best solution might be a semi-hacky solution of
asking arin (and other IRR's) if i can copy its DB and creating an
internal peer which null routes unallocated blocks (updated nightly?)
Has anyone seen an IRR's DB's not being updated for more than 30 days
after allocations? I always assumed that they are quickly updated.
Jon Lewis wrote:
> Unallocated doesn't mean non-routed. All a spammer needs is a
> willing/non-filtering provider doing BGP with them, and they can
> announce any space they like, send out some spam, and then pull the
> announcement. Next morning, when you see the spam and try to figure out
> who to send complaints to, you're either going to complain to the wrong
> people or find that whois is of no help.
> On Tue, 27 Oct 2009, Church, Charles wrote:
>> This is puzzling me. If it's from non-announced space, at some point
>> some router should report no route to it. How is the TCP handshake
>> performed to allow a sync to turn into spam?
>> Chuck Church
>> Network Planning Engineer, CCIE #8776
>> Harris Information Technology Services
>> DOD Programs
>> 1210 N. Parker Rd. | Greenville, SC 29609
>> Office: 864-335-9473 | Cell: 864-266-3978
>> Sent using BlackBerry
More information about the NANOG