[160279] in North American Network Operators' Group
Re: Announcing a reserved ASN?
daemon@ATHENA.MIT.EDU (Brandon Ross)
Sun Feb 3 11:17:07 2013
Date: Sun, 3 Feb 2013 11:15:04 -0500 (EST)
From: Brandon Ross <bross@pobox.com>
To: Suresh Ramasubramanian <ops.lists@gmail.com>
In-Reply-To: <CAArzuou+4L-Shc252A=2i0uDQOnVWdOoccE7_-54fWnjjyz6fA@mail.gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
I strongly recommend that you read about and fully understand how 4-byte
ASNs work, and their use of AS23456 before you continue this thread.
On Sun, 3 Feb 2013, Suresh Ramasubramanian wrote:
> I do believe, as has been pointed out to me elsewhere that this is what
> shows up when there's a 64 bit ASN and router software that doesn't grok 64
> bit ASNs
>
> So, completely by chance that one such as belongs to what looks like a bulk
> mailer
>
> --srs (htc one x)
> On 03-Feb-2013 9:02 PM, "Dave Pooser" <dave.nanog@alfordmedia.com> wrote:
>
>> On 2/3/13 9:04 AM, "Rich Kulawiec" <rsk@gsp.org> wrote:
>>
>>> On Sun, Feb 03, 2013 at 06:12:32PM +0530, Suresh Ramasubramanian wrote:
>>>> AS23456 is currently announcing a good few netblocks (which don't have a
>>>> very good smtp reputation, by the way).
>>>
>>> To say the least. A quick rDNS scan reveals that those netblocks include:
>>>
>>> 8448 addresses
>>> 6932 return nxdomain
>>> 512 return servfail
>>> 1004 with rDNS entries
>>>
>>> Those 1004 hosts with rDNS account for 36 domains:
>>
>> <snip long list of spammy domains>
>>
>> Just as another data point, the domain names you listed hit on enough URL
>> blacklists that Spamassassin quarantined the message for me (and would
>> have rejected it during the SMTP transaction had the NANOG server not been
>> listed on DNSWL-High). Spam hosts plus fake ASN = paging the Spamhaus DROP
>> maintainers to the white courtesy phone....
>> --
>> Dave Pooser
>> Manager of Information Services
>> Alford Media http://www.alfordmedia.com
>>
>>
>>
>>
>
--
Brandon Ross Yahoo & AIM: BrandonNRoss
+1-404-635-6667 ICQ: 2269442
Schedule a meeting: https://doodle.com/bross Skype: brandonross
