Some links: http://www.nanog.org/meetings/nanog45/presentations/Tuesday/Hankins_4byteASN_N45.pdf https://tools.ietf.org/html/rfc6793
On Sun, Feb 3, 2013 at 11:15 AM, Brandon Ross <[email protected]> wrote: > I strongly recommend that you read about and fully understand how 4-byte > ASNs work, and their use of AS23456 before you continue this thread. > > > On Sun, 3 Feb 2013, Suresh Ramasubramanian wrote: > > I do believe, as has been pointed out to me elsewhere that this is what >> shows up when there's a 64 bit ASN and router software that doesn't grok >> 64 >> bit ASNs >> >> So, completely by chance that one such as belongs to what looks like a >> bulk >> mailer >> >> --srs (htc one x) >> On 03-Feb-2013 9:02 PM, "Dave Pooser" <[email protected]> wrote: >> >> On 2/3/13 9:04 AM, "Rich Kulawiec" <[email protected]> wrote: >>> >>> On Sun, Feb 03, 2013 at 06:12:32PM +0530, Suresh Ramasubramanian wrote: >>>> >>>>> AS23456 is currently announcing a good few netblocks (which don't have >>>>> a >>>>> very good smtp reputation, by the way). >>>>> >>>> >>>> To say the least. A quick rDNS scan reveals that those netblocks >>>> include: >>>> >>>> 8448 addresses >>>> 6932 return nxdomain >>>> 512 return servfail >>>> 1004 with rDNS entries >>>> >>>> Those 1004 hosts with rDNS account for 36 domains: >>>> >>> >>> <snip long list of spammy domains> >>> >>> Just as another data point, the domain names you listed hit on enough URL >>> blacklists that Spamassassin quarantined the message for me (and would >>> have rejected it during the SMTP transaction had the NANOG server not >>> been >>> listed on DNSWL-High). Spam hosts plus fake ASN = paging the Spamhaus >>> DROP >>> maintainers to the white courtesy phone.... >>> -- >>> Dave Pooser >>> Manager of Information Services >>> Alford Media http://www.alfordmedia.com >>> >>> >>> >>> >>> >> > -- > Brandon Ross Yahoo & AIM: > BrandonNRoss > +1-404-635-6667 ICQ: > 2269442 > Schedule a meeting: https://doodle.com/bross Skype: > brandonross > >
