[anti-abuse-wg] Romanian Spam Network with curious effetcs
Lutz Petersen lp at shlink.de
Tue Mar 19 06:21:34 CET 2013
Ronald, it's a mysterious for me, sorry. Maybe I did not made it clearly enough what irritates me.. Viewing BGP tables one don't see a single accouncement for this netblock. Traces all ends obvious at default null route in core routers. Seems to be one of the cases where nets are only announced when spinning out short time spam waves - one can see this comparing older logs. But: Reverse delegation from RIPE for this nets has been done to two nameservers - 126.96.36.199 + 188.8.131.52. But even if there does not exit an BGP entry, these nameservers can be asked and give an answer: # sh ip bgp 184.108.40.206 % Network not in table # host -t ptr 220.127.116.11.in-addr.arpa. ns2.alvinemove.info. # Using domain server: # Name: ns2.alvinemove.info. # Address: 18.104.22.168#53 # 22.214.171.124.in-addr.arpa domain name pointer rented-2.beggarlyout.info. What may be the trick with that ?