|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: CalPOP contact? HTTP CONNECT scanning
On 9/3/2003 at 8:17 PM, "Jeroen Massar" <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > As people are complaining all around about ISP's, > here is my small question. Who has a _working_ contact at > "CalPOP" (216.240.128.0/19 and others). It is not in puck :( > If anybody has a working one please mail it me offlist so > that the following long version of the problem can be solved. > Is there anything alive at CalPOP that doesn't try > to abuse open proxies for massively spamming hotmail ? > These are the hits from Sep 3rd: [Spam-L] BLOCK,MISC: WHO'S SPAMMING YOU? (2003-08-27) Top 40 Proxy-Hijacker-Friendly Nets http://www.monkeys.com/phl/top-20030827.post 10. 216.240.140(4) level3.net - calpop.com (Los Angeles, CA) days.cblock=2 29. 216.240.149(3) level3.net - calpop.com (Los Angeles, CA) days.cblock=5 We consider them a 'possibly rogue operator' at this point. We have numerous logged instances of unlawful trespass from their IP space - mail or attempted mail to spamtraps - and real uglyness like 66.250.115.0/24 (no longer announced by them) housing the proxy-scanning criminals at nextdatacorp.com/ newengineroom.com. Never a darn word from them, except auto-replies. Their appearance in RFG's "top-40" list is definitely paving the way for death-by-ASN-filter (joining 90+ others). ARIN has marked the contact info for AS 7796 as invalid - BACK IN MAY(!) - and "Network Operations Account" <nocc-at-webvision.com> has confirmed to us that they (AS 13374) are not the registrant of that ASN, but CalPOP is. CalPOP has certainly had every opportunity to correct the false record(s) in question with ARIN by now. Unless ARIN steps into this discussion and gives us a good reason why they haven't updated anything (e.g.: no or false documentation provided by CalPOP), I'll assume that this lack of even remotely accurate records for the ASN is deliberate, rather than mere negligence, and evokes strong suspicions of this ASN being hijacked, bar evidence to the contrary. The fact that their upstreams are or have been: - Level3 (known spammer-tolerant, complaint-ignorant, deliberately hiding customers in their IP space without SWIP/rwhois) - rogue operator AS 22298 (ewan1.com) (RIS says they are gone since 2003-08-25) - Cogent (known spammer-tolerant, complaint-ignorant) (RIS says they are gone since 2003-08-06) lets you expect nothing good coming from calpop.com . AS 7796 announcing 216.240.128.0/19 as 32 /24's should make some people here wonder: who the hell am I wasting my router's RAM for, and why am I still accepting /24's from space other than the traditional swamp? bye,Kai ps: RFG's monkeys.com is undergoing a joe-job right now - with the suspects most certainly present within (or acting on behalf and in concert with) the group of hard-core computer criminals listed in his "Top 40" list. Which criminals does your employer support?
|