Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [Full-Disclosure] MediaSentry false positives?
Date: Wed Jan 05 2005 - 08:53:55 CST
On Tue, 04 Jan 2005 23:22:27 CST, Kevin said:
> the complaint, or somebody on the Internet is spoofing BGP route
> announcements for unused address space out of larger allocations.
This is actually quite likely a possibility. There are enough tier-1's who do
a piss-poor job of filtering their BGP feeds that if you can inject an
announcement you can hijack the address block. This is being actively abused by
several different groups of spammers. You might want to wander over to the
NANOG list archives and search for 'BGP hijack' and/or poke one/several of the
BGP looking glasses out there to see if there's an announcement for your space.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
-----END PGP SIGNATURE-----
Full-Disclosure - We believe in it.