FUD: 15% of world's internet traffic hijacked
This is starting to be picked up by mainstream media, but was was first reported here (I believe): <http://www.nationaldefensemagazine.org/blog/Lists/Posts/Post.aspx?ID=249> "Cyber Experts Have Proof That China Has Hijacked U.S.-Based Internet Traffic" "For 18 minutes in April, China.s state-controlled telecommunications company hijacked 15 percent of the world.s Internet traffic, including data from U.S. military, civilian organizations and those of other U.S. allies." This article, which quotes Dmitri Alperovitch of McAfee, is full of false data as far as I can tell. I assert that much less than 15%, probably on the order of 1% to 2% (much less in the US) was actually diverted. The correct statement is that 15% of the world's network prefixes were "hijacked", but the impact was minimal in the US. My concern is that this "report" will be presented to the US Congress without being refuted by experts in the know. My request is that someone with some gravitas please issue a press release setting the facts straight on this matter. I have been in contact with Dan Goodin at The Register but I'm just a lowly grunt with a small network. -- Bob Poortinga K9SQL<http://www.linkedin.com/in/bobpoortinga> Bloomington, Indiana US "the Internet interprets spam as noise and suppresses it"
Re: BGP hijack from 23724 -> 4134 China?
Jay Hennigan writes: > We just got Cyclops alerts showing several of our prefixes sourced from > AS23474 propagating through AS4134. Anyone else? For the record, yes. Two of our blocks were announced via 7575 4134 23724 yesterday. First seen by Cyclops at 2010-04-08 15:57:13 UTC and lasted about 20 minutes. Does AS7575, Australian Academic and Reasearch Network, do any filtering? -- Bob Poortinga K9SQL<http://www.linkedin.com/in/bobpoortinga> Technology Service Corp.<http://www.tsc.com> Bloomington, Indiana US
Re: Spamhaus and Barracuda Networks BRBL
> Dean Drako writes: ^ > When they were providing a free service we promoted them strongly, Translation: We made money using it and it didn't cost us anything. > but when they started charging the customers that really used it, > we had to part ways. Translation: Our customers complained about being asked to pay for something that we should have paid for, but it's cheaper to let our customers hang in the wind than to pay up. Sorry, I could let this pass without comment. -- Bob Poortinga K9SQL Bloomington, Indiana US
TWTELECOM.NET to the white courtesy phone!
Would someone at twtelecom.net's NOC please contact me about a routing issue we are having with you. You apparently have an internal route for one of our netblocks that is causing packets destined to us to be blackholed. TWTELECOM is an upstream of an upstream. -- Bob Poortinga K9SQL<http://www.linkedin.com/in/bobpoortinga> Technology Service Corp.<http://www.tsc.com> Bloomington, Indiana US +1-812-558-7070
Re: ATT / Bellsouth Email Feedback Loop
Wade Peacock writes: > We have found ATT to be heavy handed with their email (spam) filtering. > Without warn all of our mail servers will be denied from delivering email > to their many domains (att.net, bellsouth.net, etc). They have a removal > request form (like most other large ISPs) which takes 2 days to process. We > never find out why the we get listed. We have dealt with issue in the past. AT&T maintains an internal blacklist and their blacklist policies are not published. There is also no feedback loop mechanism in place, AFAICT. I do know that sending backscatter to AT&T will get you in their blacklist. If your server sends NDRs instead for rejecting during the SMTP transaction for 5xx type messages then that is probably what got you on their list. The email address we have used at AT&T to resolve these issues is: . Make sure that all of issues which caused your blacklisting are resolved because if they put you on the list again, it is much tougher to get removed. -- Bob Poortinga K9SQL<http://www.linkedin.com/in/bobpoortinga> Bloomington, Indiana US
Re: Spamcop Blocks Facebook?
Shon Elliott writes: > Feb 25 19:08:18 postfix/smtpd[12682]: NOQUEUE: reject: RCPT from > outmail011.snc1.tfbnw.net[69.63.178.170]: 554 5.7.1 Service unavailable; > host [69.63.178.170] blocked using bl.spamcop.net; Blocked - see > http://www.spamcop.net/bl.shtml?69.63.178.170; Using the Spamcop BL *solely* as the basis for rejecting mail is a sure way to lose wanted email. From Spamcop's website: "... SpamCop encourages use of the SCBL in concert with an actively maintained whitelist of wanted email senders. SpamCop encourages SCBL users to tag and divert email, rather than block it outright." "The SCBL is aggressive and often errs on the side of blocking mail... Many mailservers operate with blacklists in a "tag only" mode, which is preferable in many situations." IMO, the best use of the SCBL is as a scoring metric with Spam Assassin. Additional discussion should be directed to SPAM-L. -- Bob Poortinga K9SQL<http://www.linkedin.com/in/bobpoortinga> Bloomington, Indiana US
