[118736] in North American Network Operators' Group
Re: dealing with bogon spam ?
daemon@ATHENA.MIT.EDU (Jeroen Massar)
Wed Oct 28 05:38:09 2009
Date: Wed, 28 Oct 2009 10:36:46 +0100
From: Jeroen Massar <jeroen@unfix.org>
To: Leslie <leslie@craigslist.org>
In-Reply-To: <4AE7E858.4020109@craigslist.org>
Cc: "'nanog@nanog.org'" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigF837A7854FF3716B0CA8C744
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Leslie wrote:
[..]
> It seems to me like the best solution might be a semi-hacky solution of=
> asking arin (and other IRR's) if i can copy its DB and creating an
> internal peer which null routes unallocated blocks (updated nightly?)
What you want to take is:
$rirs =3D array(
"afrinic" =3D>
"ftp://ftp.ripe.net/pub/stats/afrinic/delegated-afrinic-latest",
"apnic" =3D>
"ftp://ftp.ripe.net/pub/stats/apnic/delegated-apnic-latest",
"arin" =3D>
"ftp://ftp.arin.net/pub/stats/arin/delegated-arin-latest",
"lacnic" =3D>
"ftp://ftp.ripe.net/pub/stats/lacnic/delegated-lacnic-latest",
"ripe" =3D>
"ftp://ftp.ripe.net/pub/stats/ripencc/delegated-ripencc-latest",
"brnic" =3D>
"ftp://ftp.registro.br/pub/stats/delegated-ipv6-nicbr-latest",
//// Avoid broken/slow servers:
//// "afrinic" =3D>
"ftp://ftp.afrinic.net/pub/stats/afrinic/delegated-afrinic-latest",
//// "apnic" =3D>
"ftp://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest",
//// "lacnic" =3D>
"ftp://ftp.lacnic.net/pub/stats/lacnic/delegated-lacnic-latest",
);
Yes, generally the latter three are broken, but as they are mirrored to
RIPE anyway, you can just pull them off there.
Then you have all IPv4 and IPv6 delegated blocks. If it is not in there,
it is a bogon. Yes, those are updated only once in a day or so, thus if
some one is going to start using the block before it is published in
those files you will get some false-positives, but then ask the question
why they get a block up so quickly and start spamming you in the first
place.....
Those /stats/ dirs contain other useful things btw.
Greets,
Jeroen
--------------enigF837A7854FF3716B0CA8C744
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (MingW32)
iEYEARECAAYFAkroELMACgkQKaooUjM+fCM/wQCeKJvm8+ks2eHMnw6AVOBpvsTM
xP4An370ciFllXaMox/sOb3tMHmzTyVx
=8iR9
-----END PGP SIGNATURE-----
--------------enigF837A7854FF3716B0CA8C744--
