On 13/09/2008, at 5:48 PM, Matthew Moyle-Croft wrote:
Arnaud de Prelle wrote:
I think that most of us (me included) are already using it but the
problem is that they don't have BGP collectors everywhere in the
world.
This is in fact a generic issue for BGP monitoring.
In this case it's
Nathan Ward wrote:
On 13/09/2008, at 5:48 PM, Matthew Moyle-Croft wrote:
Arnaud de Prelle wrote:
I think that most of us (me included) are already using it but the
problem is that they don't have BGP collectors everywhere in the world.
This is in fact a generic issue for BGP monitoring.
In
i am occasionally asked if there have been real bgp attacks (not slips).
the answer is, of course yes, but there are none which can be publicly
described. when bucks and embarrassment are involved, security through
obscurity seems to rule.
but tony and alex did us an enormous favor by publicly
On 13/09/2008, at 7:21 PM, Randy Bush wrote:
i am occasionally asked if there have been real bgp attacks (not
slips).
the answer is, of course yes, but there are none which can be publicly
described. when bucks and embarrassment are involved, security
through
obscurity seems to rule.
but
Marco d'Itri wrote:
Look at what else this AS is announcing:
Cernel, UkrTeleGroup and Inhoster are all aliases of Esthost. These
are their blocks that are physically operated by Intercage, so it's
not surprising they're to be found together.
PIE is another colo operation housed at the same
On Saturday 13 September 2008 06:11:25 Marco d'Itri wrote:
Interested parties can consult http://www.bofh.it/~md/drop-stats.txt
(randomly updated, I am still looking for a permanent home for it)
for a detailed list of who is announcing the networks listed in SBL
DROP, what else they announce
On Sat, 13 Sep 2008, Andrew Clover wrote:
Marco d'Itri wrote:
Look at what else this AS is announcing:
Cernel, UkrTeleGroup and Inhoster are all aliases of Esthost. These
are their blocks that are physically operated by Intercage, so it's
not surprising they're to be found together.
PIE is
On Sat, 13 Sep 2008, Frank Bulk wrote:
Perhaps there's no answer to this, or it's obvious and I ought to know.
How can I find out when ARIN or the applicable registry has assigned a
block
to a certain organization, and I don't know the block, just the
organization.
On Sat, 13 Sep 2008, Bill Woodcock wrote:
Those are both very simple reports to run from PCH's existing databases
and data-feeds.
By that, I mean that they could be run daily, and specific results emailed
to people who were interested in following the allocation patterns for
When I do that it lists the organization's AS, but not any netblocks
associated with that AS.
Frank
-Original Message-
From: Jake Mertel [mailto:[EMAIL PROTECTED]
Sent: Saturday, September 13, 2008 10:50 AM
To: Frank Bulk
Cc: nanog@nanog.org
Subject: Re: Identifying when netblocks have
On Sat, 13 Sep 2008, Bill Woodcock wrote:
By that, I mean that they could be run daily, and specific results
emailed
to people who were interested in following the allocation patterns for
specific organizations, any time there was a match.
Following up on my own post for
Ok, so not so simple. =)
I'm not familiar with the layout of PCH's data (I did find some .gz files,
so I presume that's the data that's gathered on a daily basis), but if I
was, I would have to take the divide-and-conquer approach for a certain AS
to find out when a block was first announced.
No problem, I had my coffee 2 hours ago.
1) I would prefer e-mail, and ideally on-demand querying from a web form.
And even more pie in the sky, something like Google Trends (i.e.
http://www.google.com/trends?q=hurricane+katrinactab=0geo=alldate=all)
that shows the quantity of IP addresses that
How do you alert mail server operators who are smarthosting their e-mail
through you that their outbound messages contain spam?
Frank
-Original Message-
From: Matthew Moyle-Croft [mailto:[EMAIL PROTECTED]
Sent: Saturday, September 13, 2008 12:41 AM
To: Bill Stewart
Cc: nanog@nanog.org
On Thu, Sep 11, 2008 at 08:11:28PM +0300, Saku Ytti wrote:
Sound like these shops are using 3550 as router, which is common for
smaller shops, especially in EU. And indeed, 3550 would not do uRPF.
(3560E does).
Are you sure? According to the IOS guide for 3560E/3750E, ip verify is
still
Frank Bulk wrote:
When I do that it lists the organization's AS, but not any netblocks
associated with that AS.
Frank
-Original Message-
From: Jake Mertel [mailto:[EMAIL PROTECTED]
Frank,
Add the operator in front of the organizations ARIN ID when you do
your WHOIS query and it
On (2008-09-13 13:26 -0500), Brandon Ewing wrote:
Hey Brandon,
Are you sure? According to the IOS guide for 3560E/3750E, ip verify is
still an unsupported interface command. I don't have a 3560E handy to test
on, but I know that a non-E 3560 refuses it with a notice regarding how
On Sat, Sep 13, 2008 at 11:38 PM, Frank Bulk [EMAIL PROTECTED] wrote:
How do you alert mail server operators who are smarthosting their e-mail
through you that their outbound messages contain spam?
Frank
If those are actual mailservers smarthosting and getting MX from you
then you doubtless
How do you alert mail server operators who are smarthosting their
e-mail through you that their outbound messages contain spam?
You don't let them falsify their envelope or headers to contain
fields utterly unrelated to your own infrastructure, for starters.
They try it, their mail
*Hobbit* wrote:
How do you alert mail server operators who are smarthosting their
e-mail through you that their outbound messages contain spam?
You don't let them falsify their envelope or headers to contain
fields utterly unrelated to your own infrastructure, for starters.
They try it,
Apologies for not being more clear, because I see the responses going in
tangents I hadn't expected.
Most anti-spam products drop the connection or issue some kind of rejection
message during the SMTP exchange. If the connection is dropped, the
subscriber's MTA/MUA will likely try and try again
21 matches
Mail list logo