North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Revealed: The Internet's well known BGP behavior

  • From: Patrick W. Gilmore
  • Date: Thu Aug 28 08:01:42 2008
On Aug 28, 2008, at 6:25 AM, Suresh Ramasubramanian wrote:

Most of the spammer acquired /16s have been

1. pre arin

2. caused by buying up assets of long defunct companies .. assets that
just happen to include a /16 nobody knew about

Not exactly hijacks this lot .. just like those "barely legal" teen mags.

There have been tons of spam runs I have seen from "hijacked" blocks were simply announcing an unused block or a de-agg of a used block, sending spam for a few minutes / hours / days, and stopping the announcement.

This does not require special techniques, just an upstream willing to accept & propagate your announcement. Alex & Anthony's preso is about intercepting legit traffic, not sending illegitimate traffic.

--
TTFN,
patrick


On Thu, Aug 28, 2008 at 2:28 PM, Gadi Evron <[email protected]> wrote:

People (especially spammers) have been hijacking networks for a while now,
maybe now that we have a presentation to whore around, operators can
pressure vendors and bosses.