Spammers are doing a great job abusing the gaps in the systems. Another common pattern in the last 12-14 months has been a combination of squatting on an AS, forging some business documentation, buying transit to an IX, and proceeding to hijack prefixes over bilateral peering sessions. Pain in the rear to catch, even worse when the IX and transit providers aren't receptive to do anything about it when it's brought to their attention because the business docs used to instantiate those services are 'good enough', and they have a fiduciary interest in _not_ disconnecting the IX port or circuit. This will continue to be the norm until prefix validation is standardized and in widespread use. On Fri, Oct 28, 2016 at 5:40 PM, Ronald F. Guilmette <rfg@tristatelogic.com> wrote:
I just got a spam from 103.11.67.105. The containing /24 appears to be unallocated APNIC space.
RIPE tools seem to say that AS18450 has been routing this block since around May 23rd.
I see this kind of stuff almost every day now, it seems. And you know, there are days when I really do start to wonder "Has the Internet gone mad?"
I'm going to call these turkeys right now and just ask them, point blank, what the bleep they think they're doing, routing unallocated APNIC space. But if history is any guide, this is probably going to turn out to be another one of these "absentee landlord" kinds of ASes, where all they have is an answering machine.
I have to either laugh or cry when I see people posting here about the non-functionality of abuse@ email addresses, and then see other people saying "Well, this is why all ASes also have phone numbers."
I wish I had a dollar for every AS I had ever tried to contact where -neither- the abuse@ address -nor- the phone number got me to any actual human being.
Regards, rfg