Re: dealing with bogon spam ?

[Leslie <leslie () craigslist org>]

Yes, unallocated (at least according to ARIN's whois db) but not 
unannounced - obviously our network can get to the space or else I 
wouldn't be having a spam problem with them!   I'm actually seeing this 
 /20 as advertised through Savvis from AS40430

It seems to me like the best solution might be a semi-hacky solution of 
asking arin (and other IRR's) if i can copy its DB and creating an 
internal peer which null routes unallocated blocks (updated nightly?)

Has anyone seen an IRR's DB's not being updated for more than 30 days 
after allocations?  I always assumed that they are quickly updated.

Thanks again,
Leslie

Jon Lewis wrote:
> Unallocated doesn't mean non-routed.  All a spammer needs is a 
> willing/non-filtering provider doing BGP with them, and they can 
> announce any space they like, send out some spam, and then pull the 
> announcement. Next morning, when you see the spam and try to figure out 
> who to send complaints to, you're either going to complain to the wrong 
> people or find that whois is of no help.
>
> On Tue, 27 Oct 2009, Church, Charles wrote:
>
> > This is puzzling me.  If it's from non-announced space, at some point 
> > some router should report no route to it.  How is the TCP handshake 
> > performed to allow a sync to turn into spam?
> >
> > Chuck
> >
> > Chuck Church
> > Network Planning Engineer, CCIE #8776
> > Harris Information Technology Services
> > DOD Programs
> > 1210 N. Parker Rd. | Greenville, SC 29609
> > Office: 864-335-9473 | Cell: 864-266-3978
> > --------------------------
> > Sent using BlackBerry