Suresh Ramasubramanian wrote: > Let's think smaller. /16 shall we say? > > Like the /16 here. Originally the SRI / ARPANET SF Bay Packet Radio > network that started back in 1977. Now controlled by a shell company > belonging to a shell company belonging to a "high volume email > deployer" :) > > http://blog.washingtonpost.com/securityfix/2008/04/a_case_of_network_identity_the_1.html
Which leads me to ask an OT but slightly related question. How do other SPs handle the blacklisting of ASNs (not prefixes but entire ASNs). The /16 that Suresh mentioned here is being originated by a well-known spam factory. All prefixes originating from that AS could safely be assumed to be undesirable IMHO and can be dropped. A little Googling for that /16 brings up a lot of good info including: http://groups.google.com/group/news.admin.net-abuse.email/msg/5d3e3f89bb148a4c Does anyone have any good tricks for filtering on AS path that they'd like to share? I already have my RTBH set up so setting the next-hop for all routes originating from a given ASN to one of my blackhole routes (to null0, a sinkhole or srubber) would be ideal. Not accepting the route period and letting uRPF drop traffic would be ok too. Justin _______________________________________________ NANOG mailing list NANOG@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog
