North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: RIPE Down or DOSed ?
On 2/28/03 at 16:51 EST, Kai Schlichting wrote: >On 2/27/2003 at 9:58 PM, email@example.com wrote: >> ... >> NetRange: 220.127.116.11 - 18.104.22.168 >> CIDR: 22.214.171.124/18 >> NetName: WHOLE-2 >> NetHandle: NET-69-6-0-0-1 >> Parent: NET-69-0-0-0-0 >> NetType: Direct Allocation >> NameServer: NS1.WHOLESALEBANDWIDTH.COM >> NameServer: NS2.WHOLESALEBANDWIDTH.COM >> ... >> Where are the swips? The rest of that record makes no mention of an >> rwhois server. Doing a bunch of whois requests for IPs in that block, I >> found only one swip (for a /21). I realize the ARIN regs don't seem to >> require that reassignment info be made available to the public (just to >> ARIN), but using your innocent customers (if there are any) as a shield to >> hide your spammer customers is just wrong. Should I block 126.96.36.199/24 >> from sending email into my systems? 188.8.131.52/18? > >Correct answer: the /18, and then some. > >Oh, how you wished you hadn't posted this to the list (and Cc:'d >wholesalebandwidth.com on it), but chosen reply-to-poster :) > >Random example from this block appearing in my rejects: >http://www.openrbl.org/lookup?i=184.108.40.206 or: "I see red!" > >Extended answer directly from my auto-complaint override map: > > 'as:26956' => 'as:17054,isp:cogent', # netfreeinc.com/wholesalebandwidth.com - rogue AS > 'as:11938' => 'firstname.lastname@example.org,isp:verio', # wholesalebandwidth.com - rogue AS > 'as:17054' => 'email@example.com,isp:genuity,firstname.lastname@example.org,isp:gblx', # e-xpedient.com - rogue AS? > >Anything announced out of 26956 and 11938 goes straight to the sendmail >access file here, and given the various pointers from OTHER rogues back >to 17054, e-xpedient.com routes will be there RSN, too. We're not announcing 220.127.116.11/18 out of AS17054 nor is Wholesale Bandwidth a customer. We're announcing AS26956 for NetFree, and at this point I've seen less than a dozen spam complaints out of it over the last two months, and before that not a single one. If you want to route our mail to the bit bucket because of an /18 we're not announcing, that's your preogative. My abuse team is concentrating on removing customers we're actually seeing complaints on. (If you have any complaints, send them to email@example.com. They get read, more often than not by me. :-) ) -- Douglas A. Dever firstname.lastname@example.org Director, Customer Operations E-xpedient