Re: odd hijack

• From: Josh Karlin
• Date: Fri Nov 10 01:04:12 2006

• Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=FCBlS+jlNf5ccyh3A9cabwkmcfyREecoGBiy/npEmCiQlM4a3CoAwSNxB689eATjG2rYI+QM2XqNuoq0Irm/lD6BZcu+foUD1SH0B9vEo799xg+t5e/PIRJyd9IaWbkZnEjQ26Ou3Xrd2yZX8/62xrFehHpPY+ixWetgfKXi6R8=

Wouldn't they want to hijack more specifics to spam?  I doubt much of
that space is going to correctly route for spamming purposes.

On 11/9/06, Hank Nussbacher <[email protected]> wrote:

On Thu, 9 Nov 2006, Josh Karlin wrote:

> Here is one that is somewhat the opposite, the AS announced a
> significant portion of IANA allocated space.  Note, they are large
> blocks and as such probably did not cause much damage because most
> networks announce more specifics.  My question to the community is,
> what kind of misconfiguration could cause this set of prefixes to be
> announced?   I asked the AS responsible, but have not had a response.

Misconfiguration? :-)  That's a nice word for spammer.  See Joe's PPT at:
http://www.uoregon.edu/~joe/maawg8/maawg8.ppt

AS29449 is not the problem.  It is the upstreams of AS5602 (KPNQwest
Italia) and AS286 (KPN) that let this crap leak.

-Hank Nussbacher
http://www.interall.co.il

• Follow-Ups:
  • Re: odd hijack Randy Bush
  • Re: odd hijack steve
  • Re: odd hijack Hank Nussbacher

• References:
  • odd hijack Josh Karlin
  • Re: odd hijack Hank Nussbacher

• Prev by Date: Re: odd hijack
• Next by Date: Re: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link]
• Date Index
• Thread Index
• Author Index
• Historical