Re: New IPv4 Allocation to ARIN

[jlewis () lewis org]

On Fri, 16 Jan 2004, Petri Helenius wrote:

> > I wouldn't be surprised if more people are filtering 69/8 now than before,
> > roughly 40% of the spam hitting my servers is from there.

That's likely going to be true of each newly allocated block as spammers 
move around, move into them, or even scam the RIRs into allocating IPs 
directly to them.

> It also seems that 69box.atlantic.net (or someone nearby) is filtering 
> one specific size of ICMP packets.
>
> Is certain packet size also considered a "bogon" or is this something 
> that will eventually be removed
> from the filters?

It's those dang Nachi-sized ICMP echo/echo-replies.  We block those at all 
our transit points and dial-up ports.  Nachi was killing our cisco 
access-servers until we did this to stop the spread.

Unfortunately, this breaks Windows tracert as it uses 92-byte echo 
requests.  Use a "real" traceroute, and you won't see this problem.

----------------------------------------------------------------------
 Jon Lewis *jlewis () lewis org*|  I route
 Senior Network Engineer     |  therefore you are
 Atlantic Net                |  
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________