On Fri, 16 Jan 2004, Petri Helenius wrote:
I wouldn't be surprised if more people are filtering 69/8 now than before, roughly 40% of the spam hitting my servers is from there.
That's likely going to be true of each newly allocated block as spammers move around, move into them, or even scam the RIRs into allocating IPs directly to them.
It also seems that 69box.atlantic.net (or someone nearby) is filtering one specific size of ICMP packets.
Is certain packet size also considered a "bogon" or is this something that will eventually be removed from the filters?
It's those dang Nachi-sized ICMP echo/echo-replies. We block those at all our transit points and dial-up ports. Nachi was killing our cisco access-servers until we did this to stop the spread. Unfortunately, this breaks Windows tracert as it uses 92-byte echo requests. Use a "real" traceroute, and you won't see this problem. ---------------------------------------------------------------------- Jon Lewis *jlewis@lewis.org*| I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________