[56340] in North American Network Operators' Group
Re: RIPE Down or DOSed ?
daemon@ATHENA.MIT.EDU (Douglas A. Dever)
Mon Mar 3 13:38:01 2003
Date: Mon, 3 Mar 2003 13:34:39 -0500
From: "Douglas A. Dever" <doug@e-xpedient.com>
To: nanog@merit.edu
Reply-To: doug@e-xpedient.com
Errors-To: owner-nanog-outgoing@merit.edu
On 2/28/03 at 16:51 EST, Kai Schlichting wrote:
>On 2/27/2003 at 9:58 PM, jlewis@lewis.org wrote:
>> ...
>> NetRange: 69.6.0.0 - 69.6.63.255
>> CIDR: 69.6.0.0/18
>> NetName: WHOLE-2
>> NetHandle: NET-69-6-0-0-1
>> Parent: NET-69-0-0-0-0
>> NetType: Direct Allocation
>> NameServer: NS1.WHOLESALEBANDWIDTH.COM
>> NameServer: NS2.WHOLESALEBANDWIDTH.COM
>> ...
>> Where are the swips? The rest of that record makes no mention of an
>> rwhois server. Doing a bunch of whois requests for IPs in that block, I
>> found only one swip (for a /21). I realize the ARIN regs don't seem to
>> require that reassignment info be made available to the public (just to
>> ARIN), but using your innocent customers (if there are any) as a shield to
>> hide your spammer customers is just wrong. Should I block 69.6.4.0/24
>> from sending email into my systems? 69.6.0.0/18?
>
>Correct answer: the /18, and then some.
>
>Oh, how you wished you hadn't posted this to the list (and Cc:'d
>wholesalebandwidth.com on it), but chosen reply-to-poster :)
>
>Random example from this block appearing in my rejects:
>http://www.openrbl.org/lookup?i=69.6.4.153 or: "I see red!"
>
>Extended answer directly from my auto-complaint override map:
>
> 'as:26956' => 'as:17054,isp:cogent', # netfreeinc.com/wholesalebandwidth.com - rogue AS
> 'as:11938' => 'abuse@yipes.com,isp:verio', # wholesalebandwidth.com - rogue AS
> 'as:17054' => 'abuse@e-xpedient.com,isp:genuity,abuse@yipes.com,isp:gblx', # e-xpedient.com - rogue AS?
>
>Anything announced out of 26956 and 11938 goes straight to the sendmail
>access file here, and given the various pointers from OTHER rogues back
>to 17054, e-xpedient.com routes will be there RSN, too.
We're not announcing 69.6.0.0/18 out of AS17054 nor
is Wholesale Bandwidth a customer.
We're announcing AS26956 for NetFree, and at this point I've
seen less than a dozen spam complaints out of it over the last
two months, and before that not a single one. If you want to
route our mail to the bit bucket because of an /18 we're not
announcing, that's your preogative.
My abuse team is concentrating on removing customers we're
actually seeing complaints on. (If you have any complaints,
send them to abuse@e-xpedient.com. They get read, more
often than not by me. :-) )
--
Douglas A. Dever doug@e-xpedient.com
Director, Customer Operations
E-xpedient
