nanog mailing list archives

Re: Senderbase is offbase, need some help

From: Matthew Petach <mpetach () netflight com>
Date: Sun, 18 Apr 2010 14:02:27 -0700

On Sun, Apr 18, 2010 at 10:15 AM, gordon b slater <gordslater () ieee org> wrote:

On Sat, 2010-04-17 at 16:45 -0400, William Herrin wrote:

Interesting; I see similar results for my address space. Two
addresses, one of which hasn't been attached to a machine for a decade
and the other a virtual IP on a web server where the particular IP
never emits connections. Magnitude's only "0.48" for both but still,
they shouldn't even appear.


Yep, same here, at two seperate sites. It's in the "reserved for extreme
emergencies" zone at the top of each assigned block. As per house
practice it is tcpdumped 24/7, and has been for the last 4 years. Zero
traffic from it at the perimiter.

Go figure.

Gord


Have you checked cyclops and other BGP announcement tracking systems
to see if it might have been a short-lived whack-a-mole short prefix hijack
(pop up, announce block, send burst of spam, remove announcement, disappear
again)?

Matt

Current thread:

Senderbase is offbase, need some help Mike (Apr 16)
- Re: Senderbase is offbase, need some help Florian Weimer (Apr 17)
- Re: Senderbase is offbase, need some help John Levine (Apr 17)
- Re: Senderbase is offbase, need some help William Herrin (Apr 17)
  - Re: Senderbase is offbase, need some help Jon Lewis (Apr 17)
  - Re: Senderbase is offbase, need some help gordon b slater (Apr 18)
    - Re: Senderbase is offbase, need some help Matthew Petach (Apr 18)
    - Re: Senderbase is offbase, need some help Larry Sheldon (Apr 18)
    - Re: Senderbase is offbase, need some help Jon Lewis (Apr 18)