[138466] in North American Network Operators' Group
Re: [afnog] Suspicious request for IP address space
daemon@ATHENA.MIT.EDU (Tom Hill)
Tue Mar 8 10:53:17 2011
From: Tom Hill <tom@ninjabadger.net>
To: Jon Lewis <jlewis@lewis.org>
In-Reply-To: <Pine.LNX.4.61.1103081033070.5148@soloth.lewis.org>
Date: Tue, 08 Mar 2011 15:52:26 +0000
X-34sp-com-MailScanner-From: tom@ninjabadger.net
Cc: afnog@afnog.org, nanog@nanog.org, Shepherd Magumo <shepherd@snowball.co.za>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Tue, 2011-03-08 at 10:36 -0500, Jon Lewis wrote:
> Odds are, they're looking for a willing host for a snowshoe spamming
> operation. If I wanted space for something like that, Afrinic region
> providers would not be my first choice...particularly for the
> hosting.
> AFAIK, there are numerous LIRs in the RIPE region, particularly
> Romania
> who are more than happy to lease large blocks of IPv4 to anyone for
> any
> purpose.
Indeed. However, and I too get similar requests (not quite as big,
but /24's and /23's etc.)
The first thing I do is search for their "name" and domain they're
e-mailling from, with the term 'ROKSO' behind it.
50% of the time you find a reference to the domain or their name in
Spamhaus' ROKSO list.
The other 50% of the time you find someone that isn't in there, but
really should be...
Tom
