Full Disclosure mailing list archives
Re: MediaSentry false positives?
From: Valdis.Kletnieks () vt edu
Date: Wed, 05 Jan 2005 09:53:55 -0500
On Tue, 04 Jan 2005 23:22:27 CST, Kevin said:
the complaint, or somebody on the Internet is spoofing BGP route announcements for unused address space out of larger allocations.
This is actually quite likely a possibility. There are enough tier-1's who do a piss-poor job of filtering their BGP feeds that if you can inject an announcement you can hijack the address block. This is being actively abused by several different groups of spammers. You might want to wander over to the NANOG list archives and search for 'BGP hijack' and/or poke one/several of the BGP looking glasses out there to see if there's an announcement for your space.
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- MediaSentry false positives? Kevin (Jan 04)
- Re: MediaSentry false positives? Florian Weimer (Jan 05)
- Re: MediaSentry false positives? Valdis . Kletnieks (Jan 06)
- Re: MediaSentry false positives? Florian Weimer (Jan 05)
- Re: MediaSentry false positives? Kevin (Jan 11)
- Re: MediaSentry false positives? Valdis . Kletnieks (Jan 06)
- Re: MediaSentry false positives? Valdis . Kletnieks (Jan 05)
- Re: MediaSentry false positives? Kevin (Jan 13)
- Re: MediaSentry false positives? Jeff Kell (Jan 13)
- Re: MediaSentry false positives? Valdis . Kletnieks (Jan 13)
- Re: MediaSentry false positives? Kevin (Jan 13)
- Re: MediaSentry false positives? Florian Weimer (Jan 05)
- Re: MediaSentry false positives? Albert Deindl (Jan 12)