Re: dealing with bogon spam ?

[Jon Lewis <jlewis () lewis org>]

Unallocated doesn't mean non-routed.  All a spammer needs is a 
willing/non-filtering provider doing BGP with them, and they can announce 
any space they like, send out some spam, and then pull the announcement. 
Next morning, when you see the spam and try to figure out who to send 
complaints to, you're either going to complain to the wrong people or find 
that whois is of no help.

On Tue, 27 Oct 2009, Church, Charles wrote:

> This is puzzling me.  If it's from non-announced space, at some point some router should report no route to it.  How is 
> the TCP handshake performed to allow a sync to turn into spam?
>
> Chuck
>
> Chuck Church
> Network Planning Engineer, CCIE #8776
> Harris Information Technology Services
> DOD Programs
> 1210 N. Parker Rd. | Greenville, SC 29609
> Office: 864-335-9473 | Cell: 864-266-3978
> --------------------------
> Sent using BlackBerry
>
>
> ----- Original Message -----
> From: Jon Lewis <jlewis () lewis org>
> To: Leslie <leslie () craigslist org>
> Cc: NANOG <nanog () nanog org>
> Sent: Tue Oct 27 21:08:12 2009
> Subject: Re: dealing with bogon spam ?
>
>
> On Tue, 27 Oct 2009, Leslie wrote:
>
> > I failed to mention we're seeing this from an unallocated /20 whose parent /8
> > is allocated to ARIN (and is partially in use)
>
> What /20 would that be?  If you're sure it's unallocated, and see nothing
> but spam from it, block it at your border.
>
> ----------------------------------------------------------------------
>  Jon Lewis                   |  I route
>  Senior Network Engineer     |  therefore you are
>  Atlantic Net                |
> _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

----------------------------------------------------------------------
 Jon Lewis                   |  I route
 Senior Network Engineer     |  therefore you are
 Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________