This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] Romanian Spam Network with curious effetcs
- Previous message (by thread): [anti-abuse-wg] Romanian Spam Network with curious effetcs
- Next message (by thread): [anti-abuse-wg] Romanian Spam Network with curious effetcs
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ronald F. Guilmette
rfg at tristatelogic.com
Tue Mar 19 11:59:20 CET 2013
Lutz Petersen <lp at shlink.de> wrote: >it's a mysterious for me, sorry. Maybe I did not made it clearly enough what >irritates me.. Viewing BGP tables one don't see a single accouncement for this >netblock. Traces all ends obvious at default null route in core routers. >Seems to be one of the cases where nets are only announced when spinning out >short time spam waves - one can see this comparing older logs. > >But: Reverse delegation from RIPE for this nets has been done to two >nameservers - 176.121.32.2 + 176.121.32.3. But even if there does not exit an >BGP entry, these nameservers can be asked and give an answer: >... >What may be the trick with that ? Just because a traceroute ends at a certain point, that most definitely DOES NOT mean that other (non-traceroute) types of packets will have any trouble at all getting through to the final destination and/or back again. There are quite a lot of networks on the Internet that are blocking traceroute packets, due to either incompetence or malevolence. Networks that know that they are harboring criminals and criminal activity will almost always be found to be blocking ordinary traceroute packets. tinet.net, in parcticular, does not have the best reputation when it comes to who they are willing to connect with. They and their dodgy customer probably don't want you to know even what little you can learn from the following... % traceroute 176.121.32.2 traceroute to 176.121.32.2 (176.121.32.2), 64 hops max, 52 byte packets 1 3.255-62-69.res.dyn.surewest.net (69.62.255.3) 44.516 ms 44.805 ms 43.774 ms 2 172.21.2.57 (172.21.2.57) 45.517 ms 46.255 ms 46.922 ms 3 172.21.0.250 (172.21.0.250) 45.977 ms 45.436 ms 45.825 ms 4 sjo-bb1-link.telia.net (213.248.88.73) 49.417 ms 49.347 ms 49.497 ms 5 xe-1-3-0.sjc10.ip4.tinet.net (173.241.128.109) 49.521 ms 50.778 ms 49.954 ms 6 xe-10-1-1.fra60.ip4.tinet.net (141.136.109.253) 214.637 ms xe-5-1-0.fra60.ip4.tinet.net (141.136.108.41) 253.992 ms xe-10-1-1.fra60.ip4.tinet.net (141.136.109.253) 210.634 ms 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 *^C Regards, rfg
- Previous message (by thread): [anti-abuse-wg] Romanian Spam Network with curious effetcs
- Next message (by thread): [anti-abuse-wg] Romanian Spam Network with curious effetcs
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]