North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: the value of reverse address lookups?
>>>>> "Adrian" == Adrian Chadd <email@example.com> writes: Adrian> if you reverse resolve, then some registry somewhere (ARIN, Adrian> RIPE, APNIC, etc) recognises that network as having 'valid' Adrian> contact details and has assigned someone reverse authority. Adrian> It stops some IP block hijackers - if you find the right Adrian> peer, you can just pop up for a bit, say "hi! I'm foo/12!", Adrian> start spamming from a few /16's worth of IPs, then drop away Adrian> after an hour. This tactic is often bandied about - but given the number of people and sites that track BGP changes, why does no one produce any evidence of it actually happening? Adrian> In practice, at least with IP block hijackers, they'll either Adrian> (a) hijack a smaller chunk of a registered/announced ip Adrian> network, complete with nameservers, or Adrian> (b) they'll find a registered but un-announced ip network, Adrian> with the in-addr authoritative nameservers inside said Adrian> network, and just pop up for spamming there. Most commonly, IP space hijackers start by falsely updating the registration info at the RIR, and/or forging letters of authority purporting to allow them to announce the block, and work from there. -- Andrew, Supernews http://www.supernews.com