[125495] in North American Network Operators' Group
Re: Senderbase is offbase, need some help
daemon@ATHENA.MIT.EDU (Jon Lewis)
Sun Apr 18 21:20:00 2010
Date: Sun, 18 Apr 2010 21:19:28 -0400 (EDT)
From: Jon Lewis <jlewis@lewis.org>
To: Larry Sheldon <LarrySheldon@cox.net>
In-Reply-To: <4BCBA709.2090205@cox.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sun, 18 Apr 2010, Larry Sheldon wrote:
>> Have you checked cyclops and other BGP announcement tracking systems
>> to see if it might have been a short-lived whack-a-mole short prefix hijack
>> (pop up, announce block, send burst of spam, remove announcement, disappear
>> again)?
>
>
> Maybe I'm just tired and cranky or too old to understand.....if the
> addresses in question never send traffic, who cares?
He's suggesting that maybe mail came from those IPs while someone else was
using them without your knowledge. Given the available info, I think its
far more likely senderbase has some glich causing bogus 0.48 scores for
IPs that really haven't sent anything in recent history.
----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
