[anti-abuse-wg] Romanian Spam Network with curious effetcs
- Previous message (by thread): [anti-abuse-wg] Romanian Spam Network with curious effetcs
- Next message (by thread): [anti-abuse-wg] Romanian Spam Network with curious effetcs
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Janos Zsako
zsako at iszt.hu
Tue Mar 19 08:49:29 CET 2013
Dear Lutz, I may misunderstand you, but see below. > it's a mysterious for me, sorry. Maybe I did not made it clearly enough what > irritates me.. Viewing BGP tables one don't see a single accouncement for this > netblock. Traces all ends obvious at default null route in core routers. > Seems to be one of the cases where nets are only announced when spinning out > short time spam waves - one can see this comparing older logs. > > But: Reverse delegation from RIPE for this nets has been done to two > nameservers - 176.121.32.2 + 176.121.32.3. But even if there does not exit an > BGP entry, these nameservers can be asked and give an answer: > > # sh ip bgp 176.121.32.2 > % Network not in table This only says _your_ router does not have it in the BGP. I suspect though that you do have a default route. So sh ip route 176.121.32.2 would give you some answer. Please note that the network _is_ advertised (as 176.121.32.0/24 at present), see http://www.ris.ripe.net/cgi-bin/lg/index.cgi?rrc=RRC001&query=1&arg=176.121.32.2 for example. I hope this helps. Best regards, Janos > # host -t ptr 2.34.121.176.in-addr.arpa. ns2.alvinemove.info. > # Using domain server: > # Name: ns2.alvinemove.info. > # Address: 176.121.32.3#53 > # 2.34.121.176.in-addr.arpa domain name pointer rented-2.beggarlyout.info. > > What may be the trick with that ? > >
- Previous message (by thread): [anti-abuse-wg] Romanian Spam Network with curious effetcs
- Next message (by thread): [anti-abuse-wg] Romanian Spam Network with curious effetcs
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]