nanog mailing list archives

Re: Senderbase is offbase, need some help

From: Jon Lewis <jlewis () lewis org>
Date: Sun, 18 Apr 2010 21:19:28 -0400 (EDT)

On Sun, 18 Apr 2010, Larry Sheldon wrote:

Have you checked cyclops and other BGP announcement tracking systems
to see if it might have been a short-lived whack-a-mole short prefix hijack
(pop up, announce block, send burst of spam, remove announcement, disappear
again)?



Maybe I'm just tired and cranky or too old to understand.....if the
addresses in question never send traffic, who cares?

He's suggesting that maybe mail came from those IPs while someone else wasusing them without your knowledge. Given the available info, I think itsfar more likely senderbase has some glich causing bogus 0.48 scores forIPs that really haven't sent anything in recent history.


----------------------------------------------------------------------
 Jon Lewis                   |  I route
 Senior Network Engineer     |  therefore you are
 Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

Current thread:

Senderbase is offbase, need some help Mike (Apr 16)
- Re: Senderbase is offbase, need some help Florian Weimer (Apr 17)
- Re: Senderbase is offbase, need some help John Levine (Apr 17)
- Re: Senderbase is offbase, need some help William Herrin (Apr 17)
  - Re: Senderbase is offbase, need some help Jon Lewis (Apr 17)
  - Re: Senderbase is offbase, need some help gordon b slater (Apr 18)
    - Re: Senderbase is offbase, need some help Matthew Petach (Apr 18)
    - Re: Senderbase is offbase, need some help Larry Sheldon (Apr 18)
    - Re: Senderbase is offbase, need some help Jon Lewis (Apr 18)