Re: Senderbase is offbase, need some help

[Larry Sheldon <LarrySheldon () cox net>]

On 4/18/2010 16:02, Matthew Petach wrote:
> On Sun, Apr 18, 2010 at 10:15 AM, gordon b slater <gordslater () ieee org> wrote:
> > On Sat, 2010-04-17 at 16:45 -0400, William Herrin wrote:
> >
> > > Interesting; I see similar results for my address space. Two
> > > addresses, one of which hasn't been attached to a machine for a decade
> > > and the other a virtual IP on a web server where the particular IP
> > > never emits connections. Magnitude's only "0.48" for both but still,
> > > they shouldn't even appear.
> >
> > Yep, same here, at two seperate sites. It's in the "reserved for extreme
> > emergencies" zone at the top of each assigned block. As per house
> > practice it is tcpdumped 24/7, and has been for the last 4 years. Zero
> > traffic from it at the perimiter.
> >
> > Go figure.
> >
> > Gord
>
> Have you checked cyclops and other BGP announcement tracking systems
> to see if it might have been a short-lived whack-a-mole short prefix hijack
> (pop up, announce block, send burst of spam, remove announcement, disappear
> again)?


Maybe I'm just tired and cranky or too old to understand.....if the
addresses in question never send traffic, who cares?

And if senderbase is so bad, why use it?

-- 
Somebody should have said:
A democracy is two wolves and a lamb voting on what to have for dinner.

Freedom under a constitutional republic is a well armed lamb contesting
the vote.

Requiescas in pace o email
Ex turpi causa non oritur actio
Eppure si rinfresca

ICBM Targeting Information:  http://tinyurl.com/4sqczs
http://tinyurl.com/7tp8ml