[160277] in North American Network Operators' Group
Re: Announcing a reserved ASN?
daemon@ATHENA.MIT.EDU (Suresh Ramasubramanian)
Sun Feb 3 11:02:42 2013
In-Reply-To: <CD33DDAB.C3BE6%dave.lists@alfordmedia.com>
Date: Sun, 3 Feb 2013 21:32:31 +0530
From: Suresh Ramasubramanian <ops.lists@gmail.com>
To: Dave Pooser <dave.nanog@alfordmedia.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
I do believe, as has been pointed out to me elsewhere that this is what
shows up when there's a 64 bit ASN and router software that doesn't grok 64
bit ASNs
So, completely by chance that one such as belongs to what looks like a bulk
mailer
--srs (htc one x)
On 03-Feb-2013 9:02 PM, "Dave Pooser" <dave.nanog@alfordmedia.com> wrote:
> On 2/3/13 9:04 AM, "Rich Kulawiec" <rsk@gsp.org> wrote:
>
> >On Sun, Feb 03, 2013 at 06:12:32PM +0530, Suresh Ramasubramanian wrote:
> >> AS23456 is currently announcing a good few netblocks (which don't have a
> >> very good smtp reputation, by the way).
> >
> >To say the least. A quick rDNS scan reveals that those netblocks include:
> >
> > 8448 addresses
> > 6932 return nxdomain
> > 512 return servfail
> > 1004 with rDNS entries
> >
> >Those 1004 hosts with rDNS account for 36 domains:
>
> <snip long list of spammy domains>
>
> Just as another data point, the domain names you listed hit on enough URL
> blacklists that Spamassassin quarantined the message for me (and would
> have rejected it during the SMTP transaction had the NANOG server not been
> listed on DNSWL-High). Spam hosts plus fake ASN = paging the Spamhaus DROP
> maintainers to the white courtesy phone....
> --
> Dave Pooser
> Manager of Information Services
> Alford Media http://www.alfordmedia.com
>
>
>
>
