[40201] in North American Network Operators' Group
Re: trapdoor.merit.edu and other impatient Postfix mailers everywhere (fwd)
daemon@ATHENA.MIT.EDU (Wojtek Zlobicki)
Fri Aug 3 08:26:21 2001
Message-ID: <003b01c11c17$6ba07d30$0602a8c0@wojtek>
From: "Wojtek Zlobicki" <wojtekz@idirect.com>
To: <nanog@nanog.org>
Date: Fri, 3 Aug 2001 08:25:45 -0400
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
> Remember in your analysis that NSI's whois is *notoriously* inaccurate,
> and quite often the "owner of record" of a /16 is a service provider, and
> the person you WANT to send the mail to is the admin of the company that
> bought a /22 from that provider's /16.
>
> Hint: You ever had a hack-in attempt at your site, and tried to figure
> out who owned the IP address? How long did it take you? Have you ever
> come up empty-handed? Good - now design a way to do that look-up several
> hundred times *a second*.
>
> But yeah, with a little bit of hand-waving, they could get the mail
> to the right admin at the right company.
This isn't NSI's fault !!! Every ISP that I have worked for that assigned a
block of 8 or more IPs properly swipped their IPs with ARIN. If people get
lazy and just swip(spelling ?) a /16 instead of individual blocks, ARIN
cannot be blamed. Even the IP's for the /25 that I am on on my cable modem
at home are properly swipped to reflect the geographic region as well as my
MSO.
