On 4/18/2010 16:02, Matthew Petach wrote:
On Sun, Apr 18, 2010 at 10:15 AM, gordon b slater <gordslater@ieee.org> wrote:
On Sat, 2010-04-17 at 16:45 -0400, William Herrin wrote:
Interesting; I see similar results for my address space. Two addresses, one of which hasn't been attached to a machine for a decade and the other a virtual IP on a web server where the particular IP never emits connections. Magnitude's only "0.48" for both but still, they shouldn't even appear.
Yep, same here, at two seperate sites. It's in the "reserved for extreme emergencies" zone at the top of each assigned block. As per house practice it is tcpdumped 24/7, and has been for the last 4 years. Zero traffic from it at the perimiter.
Go figure.
Gord
Have you checked cyclops and other BGP announcement tracking systems to see if it might have been a short-lived whack-a-mole short prefix hijack (pop up, announce block, send burst of spam, remove announcement, disappear again)?
Maybe I'm just tired and cranky or too old to understand.....if the addresses in question never send traffic, who cares? And if senderbase is so bad, why use it? -- Somebody should have said: A democracy is two wolves and a lamb voting on what to have for dinner. Freedom under a constitutional republic is a well armed lamb contesting the vote. Requiescas in pace o email Ex turpi causa non oritur actio Eppure si rinfresca ICBM Targeting Information: http://tinyurl.com/4sqczs http://tinyurl.com/7tp8ml