[160283] in North American Network Operators' Group
Re: Announcing a reserved ASN?
daemon@ATHENA.MIT.EDU (Richard Barnes)
Sun Feb 3 13:58:26 2013
In-Reply-To: <alpine.OSX.2.02.1302031114160.492@brugal.local>
Date: Sun, 3 Feb 2013 13:58:13 -0500
From: Richard Barnes <richard.barnes@gmail.com>
To: Brandon Ross <bross@pobox.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Some links:
http://www.nanog.org/meetings/nanog45/presentations/Tuesday/Hankins_4byteASN_N45.pdf
https://tools.ietf.org/html/rfc6793
On Sun, Feb 3, 2013 at 11:15 AM, Brandon Ross <bross@pobox.com> wrote:
> I strongly recommend that you read about and fully understand how 4-byte
> ASNs work, and their use of AS23456 before you continue this thread.
>
>
> On Sun, 3 Feb 2013, Suresh Ramasubramanian wrote:
>
> I do believe, as has been pointed out to me elsewhere that this is what
>> shows up when there's a 64 bit ASN and router software that doesn't grok
>> 64
>> bit ASNs
>>
>> So, completely by chance that one such as belongs to what looks like a
>> bulk
>> mailer
>>
>> --srs (htc one x)
>> On 03-Feb-2013 9:02 PM, "Dave Pooser" <dave.nanog@alfordmedia.com> wrote:
>>
>> On 2/3/13 9:04 AM, "Rich Kulawiec" <rsk@gsp.org> wrote:
>>>
>>> On Sun, Feb 03, 2013 at 06:12:32PM +0530, Suresh Ramasubramanian wrote:
>>>>
>>>>> AS23456 is currently announcing a good few netblocks (which don't have
>>>>> a
>>>>> very good smtp reputation, by the way).
>>>>>
>>>>
>>>> To say the least. A quick rDNS scan reveals that those netblocks
>>>> include:
>>>>
>>>> 8448 addresses
>>>> 6932 return nxdomain
>>>> 512 return servfail
>>>> 1004 with rDNS entries
>>>>
>>>> Those 1004 hosts with rDNS account for 36 domains:
>>>>
>>>
>>> <snip long list of spammy domains>
>>>
>>> Just as another data point, the domain names you listed hit on enough URL
>>> blacklists that Spamassassin quarantined the message for me (and would
>>> have rejected it during the SMTP transaction had the NANOG server not
>>> been
>>> listed on DNSWL-High). Spam hosts plus fake ASN = paging the Spamhaus
>>> DROP
>>> maintainers to the white courtesy phone....
>>> --
>>> Dave Pooser
>>> Manager of Information Services
>>> Alford Media http://www.alfordmedia.com
>>>
>>>
>>>
>>>
>>>
>>
> --
> Brandon Ross Yahoo & AIM:
> BrandonNRoss
> +1-404-635-6667 ICQ:
> 2269442
> Schedule a meeting: https://doodle.com/bross Skype:
> brandonross
>
>
