Hi Joe,
> How did you know this? And I quote "Well, I have no direct experience
> with the 3560, but SFF-8472 is a spec that includes diagnosting
> monitoring of SFPs...". Really am I missing some secret search
> engine? Is google not the answer? Please do let me know because if
> it was from
Hello all,
> http://livejournal.com/
is there any technical data about the attack? e.g. average traffic in
Gb/s, amount of bots, etc.
Cheers,
Vladimir
Adding AS2200 to the list, as I'm sure packets should not be following this
path:
192.190.234.0/24 2914 1273 2200 3356 5511 1708
traceroute to 192.190.234.0 (192.190.234.0), 64 hops max, 40 byte packets
1 * ge-5-2.r00.chcgil09.us.bb.gin.ntt.net (204.42.254.1) 0.269 ms 0.223 ms
2 ae-1.r20.c
I just stumbled onto this one the other day.
Apparently, Spamhaus has known about this one for THREE MONTHS already:
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL98308
It's being routed by AS11730, aka "Circle Internet LTD", a known spammer-
friendly provider that I have come across many t
As I already mentioned, 159.223.0.0/16, which is actually registered to
the Hoechst Celanese Corporation, has quite obviously been hijacked and
is being used & abused by snowshoe spammers as we speak. And Spamhaus,
at least, has known about this for more than three months already.
What Spamhaus
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mar 30, 2011, at 1:58 PM, Ronald F. Guilmette wrote:
> As I already mentioned, 159.223.0.0/16, which is actually registered to
> the Hoechst Celanese Corporation, has quite obviously been hijacked
And have you reported this to ARIN?
https://www.a
I have a level 3 circuit with BGP. Level 3 set me up a maintainer. To
communicate with this program I just send an email to the maintainer, based
on my email address and the maintainer name it will allow the route I
request advertisement. I don't believe any one monitors this system and I
would ima
In message ,
Bill Woodcock wrote:
>On Mar 30, 2011, at 1:58 PM, Ronald F. Guilmette wrote:
>> As I already mentioned, 159.223.0.0/16, which is actually registered =
>to
>> the Hoechst Celanese Corporation, has quite obviously been hijacked
>
>And have you reported this to ARIN?
No. Why would
In message <002201cbef24$c1b61d70$45225850$@com>, you wrote:
>I don't believe any one monitors this system and I
>would imagine if no one complains about this company advertising hijacked
>routes to level 3 then it would be quite easy to advertise a network that
>has been abandon(sic).
At this p
On Tuesday 29 Mar 2011 17:54:27 Wil Schultz wrote:
> On Mar 29, 2011, at 3:51 AM, Franck Martin wrote:
>
>
> And here's a breakdown of which user agents are seen on which ip, as you can
see the user-agent doesn't exactly match IP range.
>
> Googlebot-Image/1.0
> Mozilla/5.0 (compatible; Googl
If anyone has contacts inside the companies that have fiber available in
Philadelphia metro (especially Philadelphia itself), I'd greatly appreciate
hearing about it off list. Sales pitches from sales people are welcome,
provided the said sales people understand the difference between "available
f
On Mar 30, 2011, at 4:39 PM, Alexander Harrowell wrote:
> On Tuesday 29 Mar 2011 17:54:27 Wil Schultz wrote:
>> On Mar 29, 2011, at 3:51 AM, Franck Martin wrote:
>>
>>
>> And here's a breakdown of which user agents are seen on which ip, as you can
> see the user-agent doesn't exactly match I
On 3/31/11 11:55 , "Wil Schultz" wrote:
>
>
>On Mar 30, 2011, at 4:39 PM, Alexander Harrowell
>wrote:
>
>> On Tuesday 29 Mar 2011 17:54:27 Wil Schultz wrote:
>>> On Mar 29, 2011, at 3:51 AM, Franck Martin wrote:
>>>
>>>
>>> And here's a breakdown of which user agents are seen on which ip, as
This is an old enough "technique" dating back to a few years -
re-registering an expired domain that belonged to the ARIN contact,
and filling out the ISP paperwork.
There does seem to be something that needs to be done - its not
something ARIN can easily look into, the SP is much better placed to
In message , you
wrote:
>This is an old enough "technique" dating back to a few years -
>re-registering an expired domain that belonged to the ARIN contact,
>and filling out the ISP paperwork.
FYI - That does not seem to have been what occured in the two particular
cases I reported on today. T
On Wed, 30 Mar 2011, Ronald F. Guilmette wrote:
So that _really_ begs the question... Why did Circle Internet and (apparently)
Level3's customer, BANDCON, blindly accept _any_ sort of assertion that the
crook who hijacked these two /16s had the right to use them?
What makes you think it was bl
Its also a procedure that does need some due diligence done on it, to
avoid attacks where a SP's netblock is stolen when its actively routed
rather than abandoned.
On Thu, Mar 31, 2011 at 9:30 AM, Brandon Ross wrote:
>
> What makes you think it was blind? The standard industry practice is to ask
Wait a second, I'm pretty sure that in most contexts, a signature or
letterhead means not so much "this is real because it's so obviously
genuine", but rather:
"This is real or I am willing to take a forgery rap".
As it happens, that's good enough for many if not most non-cash
transactions. Now,
On Wed, 30 Mar 2011, Ross Harvey wrote:
Wait a second, I'm pretty sure that in most contexts, a signature or
letterhead means not so much "this is real because it's so obviously
genuine", but rather:
"This is real or I am willing to take a forgery rap".
Do you think most providers check the s
Ronald...
Cleaning up the routing, true.
However, this sounds like there are two issues...
1. Routing -- Would be nice if the advertising provider(s) stopped doing
so.
Not something ARIN can really do much about.
2. Database -- Sounds like the existing resource holder may not
If they put it on letterhead and signed their own name in such a way that it
purports
to be an agent of the organization for which they were not an authorized agent,
that
is usually enough to become a criminal act, whether it is considered forgery,
fraud,
or something else, I'm not sure about th
On Wed, Mar 30, 2011 at 10:15 PM, Owen DeLong wrote:
> If they put it on letterhead and signed their own name in such a way that it
> purports
> to be an agent of the organization for which they were not an authorized
> agent, that
> is usually enough to become a criminal act, whether it is con
It also needs
1. Someone to complain to law enforcement
2. Law enforcement to decide this is something worth following up on
re prosecution - especially if the crook is not within their
jurisdiction, it'd be FBI, and they have a minimum threshold for
damage caused (higher than the few thousand do
On Mar 30, 2011, at 10:26 PM, Suresh Ramasubramanian wrote:
> It also needs
>
> 1. Someone to complain to law enforcement
>
True,
> 2. Law enforcement to decide this is something worth following up on
> re prosecution - especially if the crook is not within their
> jurisdiction, it'd be FBI, a
Local law isnt likely to touch this at all.
On Thu, Mar 31, 2011 at 11:27 AM, Owen DeLong wrote:
>
> If the crook is in another county, same state, it could be simple extradition.
>
> If the crook is across state lines, it could still be handled as an
> extradition,
> but, slightly more complica
25 matches
Mail list logo
