[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Senderbase is offbase, need some help

Subject: Senderbase is offbase, need some help
From: mpetach at netflight.com (Matthew Petach)
Date: Sun, 18 Apr 2010 14:02:27 -0700
In-reply-to: <1271610918.29944.8.camel@ub-g-d2>
References: <[email protected]> <[email protected]> <1271610918.29944.8.camel@ub-g-d2>

On Sun, Apr 18, 2010 at 10:15 AM, gordon b slater <gordslater at ieee.org> wrote:
> On Sat, 2010-04-17 at 16:45 -0400, William Herrin wrote:
>
>> Interesting; I see similar results for my address space. Two
>> addresses, one of which hasn't been attached to a machine for a decade
>> and the other a virtual IP on a web server where the particular IP
>> never emits connections. Magnitude's only "0.48" for both but still,
>> they shouldn't even appear.
>
> Yep, same here, at two seperate sites. It's in the "reserved for extreme
> emergencies" zone at the top of each assigned block. As per house
> practice it is tcpdumped 24/7, and has been for the last 4 years. Zero
> traffic from it at the perimiter.
>
> Go figure.
>
> Gord

Have you checked cyclops and other BGP announcement tracking systems
to see if it might have been a short-lived whack-a-mole short prefix hijack
(pop up, announce block, send burst of spam, remove announcement, disappear
again)?

Matt

Follow-Ups:
- Senderbase is offbase, need some help
  - From: LarrySheldon at cox.net (Larry Sheldon)

References:
- Senderbase is offbase, need some help
  - From: mike-nanog at tiedyenetworks.com (Mike)
- Senderbase is offbase, need some help
  - From: bill at herrin.us (William Herrin)
- Senderbase is offbase, need some help
  - From: gordslater at ieee.org (gordon b slater)

Prev by Date: Senderbase is offbase, need some help
Next by Date: Rate of growth on IPv6 not fast enough?
Previous by thread: Senderbase is offbase, need some help
Next by thread: Senderbase is offbase, need some help
Index(es):
- Date
- Thread