nanog mailing list archives
Re: RIPE Down or DOSed ?
From: Kai Schlichting <kai () pac-rim net>
Date: Fri, 28 Feb 2003 16:47:21 -0500
On 2/27/2003 at 9:58 PM, jlewis () lewis org wrote:
... NetRange: 69.6.0.0 - 69.6.63.255 CIDR: 69.6.0.0/18 NetName: WHOLE-2 NetHandle: NET-69-6-0-0-1 Parent: NET-69-0-0-0-0 NetType: Direct Allocation NameServer: NS1.WHOLESALEBANDWIDTH.COM NameServer: NS2.WHOLESALEBANDWIDTH.COM ...
Where are the swips? The rest of that record makes no mention of an rwhois server. Doing a bunch of whois requests for IPs in that block, I found only one swip (for a /21). I realize the ARIN regs don't seem to require that reassignment info be made available to the public (just to ARIN), but using your innocent customers (if there are any) as a shield to hide your spammer customers is just wrong. Should I block 69.6.4.0/24 from sending email into my systems? 69.6.0.0/18?
Correct answer: the /18, and then some. Oh, how you wished you hadn't posted this to the list (and Cc:'d wholesalebandwidth.com on it), but chosen reply-to-poster :) Random example from this block appearing in my rejects: http://www.openrbl.org/lookup?i=69.6.4.153 or: "I see red!" Extended answer directly from my auto-complaint override map: 'as:26956' => 'as:17054,isp:cogent', # netfreeinc.com/wholesalebandwidth.com - rogue AS 'as:11938' => 'abuse () yipes com,isp:verio', # wholesalebandwidth.com - rogue AS 'as:17054' => 'abuse () e-xpedient com,isp:genuity,abuse () yipes com,isp:gblx', # e-xpedient.com - rogue AS? Anything announced out of 26956 and 11938 goes straight to the sendmail access file here, and given the various pointers from OTHER rogues back to 17054, e-xpedient.com routes will be there RSN, too. And if you thought /18 is a big block in spammer-hand, go check out various DNSBLs for listings and the history of AS's announcing portions of: 142.105.0.0/16 162.73.0.0/16 160.122.0.0/16 157.156.0.0/16 138.121.0.0/16 160.116.0.0/16 144.176.0.0/16 146.100.0.0/16
Current thread:
- RIPE Down or DOSed ? Marshall Eubanks (Feb 27)
- Re: RIPE Down or DOSed ? Jack Bates (Feb 27)
- Re: RIPE Down or DOSed ? K. Scott Bethke (Feb 27)
- Re: RIPE Down or DOSed ? hostmaster (Feb 27)
- Re: RIPE Down or DOSed ? hostmaster (Feb 27)
- Re: RIPE Down or DOSed ? kai (Feb 27)
- Re: RIPE Down or DOSed ? Will Yardley (Feb 27)
- Re: RIPE Down or DOSed ? Dave Israel (Feb 27)
- Re: RIPE Down or DOSed ? Kai Schlichting (Feb 27)
- Re: RIPE Down or DOSed ? jlewis (Feb 27)
- Re: RIPE Down or DOSed ? Kai Schlichting (Feb 28)
- anti-spam vs network abuse jlewis (Feb 27)
- Re: anti-spam vs network abuse Jack Bates (Feb 27)
- Re: anti-spam vs network abuse David Schwartz (Feb 27)
- Re: anti-spam vs network abuse Roy (Feb 28)
- Re: anti-spam vs network abuse Paul Vixie (Feb 28)
- Re: anti-spam vs network abuse Daniel Senie (Feb 28)
- Re: anti-spam vs network abuse Gary E. Miller (Feb 28)
- Re: anti-spam vs network abuse Andy Dills (Feb 28)
- Re: anti-spam vs network abuse Dan Hollis (Feb 28)
- Re: anti-spam vs network abuse Jack Bates (Feb 28)
- Re: RIPE Down or DOSed ? hostmaster (Feb 27)