nanog mailing list archives

Re: IPv4 squatters on the move again?

From: Christopher Morrow <morrowc.lists () gmail com>
Date: Tue, 7 Sep 2010 12:14:12 -0400

On Tue, Sep 7, 2010 at 10:35 AM, Jon Lewis <jlewis () lewis org> wrote:

On Tue, 7 Sep 2010, Christopher Morrow wrote:

I used to have some quick/dirty instructions for how to verify that
the traffic was in fact proxy traffic, something like:
1) log traffic from the soon-to-be-ex-customer (acl logs are fine)
2) pick an external 'top talker'
3) route that /32 to a host you control
4) run NC on the port that /32 is being contacted on
5) rejoice (and shut now ex-customer interface) when you see: "CONNECT
smtp.xxxxx:25"


Seems like a lot of work when you could just setup a monitor session on
their port and capture a few minutes of actual spam traffic as evidence just
before shutting their port.


sorry, can't do monitor on a ptp oc-12 link :(

Current thread:

IPv4 squatters on the move again? Tero Toikkanen (Sep 07)
- Re: IPv4 squatters on the move again? Jeffrey Lyon (Sep 07)
  - Re: IPv4 squatters on the move again? Jon Lewis (Sep 07)
    - Re: IPv4 squatters on the move again? Christopher Morrow (Sep 07)
    - Re: IPv4 squatters on the move again? Jon Lewis (Sep 07)
    - Re: IPv4 squatters on the move again? Suresh Ramasubramanian (Sep 07)
    - Re: IPv4 squatters on the move again? Christopher Morrow (Sep 07)
- Re: IPv4 squatters on the move again? khatfield (Sep 07)
  - RE: IPv4 squatters on the move again? Tero Toikkanen (Sep 07)
- Re: IPv4 squatters on the move again? Jon Lewis (Sep 07)
- Re: IPv4 squatters on the move again? todd glassey (Sep 07)