[104382] in North American Network Operators' Group
Re: [NANOG] fair warning: less than 1000 days left to
daemon@ATHENA.MIT.EDU (Justin Shore)
Fri May 9 12:06:53 2008
Date: Fri, 09 May 2008 11:05:20 -0500
From: Justin Shore <justin@justinshore.com>
To: Suresh Ramasubramanian <ops.lists@gmail.com>
In-Reply-To: <bb0e440a0805032153y65f2c1bav7cfa26df89625fb0@mail.gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
Suresh Ramasubramanian wrote:
> Let's think smaller. /16 shall we say?
>
> Like the /16 here. Originally the SRI / ARPANET SF Bay Packet Radio
> network that started back in 1977. Now controlled by a shell company
> belonging to a shell company belonging to a "high volume email
> deployer" :)
>
> http://blog.washingtonpost.com/securityfix/2008/04/a_case_of_network_identity_the_1.html
Which leads me to ask an OT but slightly related question. How do other
SPs handle the blacklisting of ASNs (not prefixes but entire ASNs). The
/16 that Suresh mentioned here is being originated by a well-known spam
factory. All prefixes originating from that AS could safely be assumed
to be undesirable IMHO and can be dropped. A little Googling for that
/16 brings up a lot of good info including:
http://groups.google.com/group/news.admin.net-abuse.email/msg/5d3e3f89bb148a4c
Does anyone have any good tricks for filtering on AS path that they'd
like to share? I already have my RTBH set up so setting the next-hop
for all routes originating from a given ASN to one of my blackhole
routes (to null0, a sinkhole or srubber) would be ideal. Not accepting
the route period and letting uRPF drop traffic would be ok too.
Justin
_______________________________________________
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog
