Williams/UUNET/Sprint
Has anyone had to deal with this in their BGP filter tables? 5 washdc5lce1-oc48.wcg.net (64.200.95.118) 4 ms 11 ms 4 ms 6 GigabitEthernet5-0.GW4.IAD8.ALTER.NET (157.130.30.245) 4 ms 4 ms 4 ms 7 0.so-1-2-0.XR2.IAD8.ALTER.NET (152.63.41.34) 3 ms 4 ms 6 ms 8 0.so-0-0-0.CL2.IAD5.ALTER.NET (152.63.38.142) 4 ms 5 ms 5 ms 9 201.at-2-0-0.XR2.DCA6.ALTER.NET (152.63.35.49) 6 ms 6 ms 6 ms 0 0.so-1-3-0.XL2.DCA6.ALTER.NET (152.63.35.118) 6 ms 6 ms 6 ms 1 POS7-0.BR4.DCA6.ALTER.NET (152.63.41.233) 8 ms 6 ms 7 ms 2 POS5-3.sl-bb22-rly.sprint.net (204.255.169.130) 8 ms 8 ms 8 ms Is Williams getting transit to Sprint via UUNET or vice versa? Sorry if I have been out of the loop on this. DJ
On Mon, Jul 21, 2003 at 02:37:34PM -0400, Deepak Jain wrote:
Has anyone had to deal with this in their BGP filter tables?
5 washdc5lce1-oc48.wcg.net (64.200.95.118) 4 ms 11 ms 4 ms 6 GigabitEthernet5-0.GW4.IAD8.ALTER.NET (157.130.30.245) 4 ms 4 ms 4 ms 7 0.so-1-2-0.XR2.IAD8.ALTER.NET (152.63.41.34) 3 ms 4 ms 6 ms 8 0.so-0-0-0.CL2.IAD5.ALTER.NET (152.63.38.142) 4 ms 5 ms 5 ms 9 201.at-2-0-0.XR2.DCA6.ALTER.NET (152.63.35.49) 6 ms 6 ms 6 ms 0 0.so-1-3-0.XL2.DCA6.ALTER.NET (152.63.35.118) 6 ms 6 ms 6 ms 1 POS7-0.BR4.DCA6.ALTER.NET (152.63.41.233) 8 ms 6 ms 7 ms 2 POS5-3.sl-bb22-rly.sprint.net (204.255.169.130) 8 ms 8 ms 8 ms
Is Williams getting transit to Sprint via UUNET or vice versa? Sorry if I have been out of the loop on this.
Williams buys transit from UUNet. Williams also pays (or at least paid, last I looked) Sprint for direct connectivity. Wouldn't surprise me if they were paying more for the Sprint than they were for the UU, and decided to consolidate. It also wouldn't surprise me if they still had a Sprint pipe and yet accepted more specifics from their transits, I used to see that a lot on them. -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
Richard A Steenbergen wrote:
On Mon, Jul 21, 2003 at 02:37:34PM -0400, Deepak Jain wrote:
Has anyone had to deal with this in their BGP filter tables?
5 washdc5lce1-oc48.wcg.net (64.200.95.118) 4 ms 11 ms 4 ms 6 GigabitEthernet5-0.GW4.IAD8.ALTER.NET (157.130.30.245) 4 ms 4 ms 4 ms 7 0.so-1-2-0.XR2.IAD8.ALTER.NET (152.63.41.34) 3 ms 4 ms 6 ms 8 0.so-0-0-0.CL2.IAD5.ALTER.NET (152.63.38.142) 4 ms 5 ms 5 ms 9 201.at-2-0-0.XR2.DCA6.ALTER.NET (152.63.35.49) 6 ms 6 ms 6 ms 0 0.so-1-3-0.XL2.DCA6.ALTER.NET (152.63.35.118) 6 ms 6 ms 6 ms 1 POS7-0.BR4.DCA6.ALTER.NET (152.63.41.233) 8 ms 6 ms 7 ms 2 POS5-3.sl-bb22-rly.sprint.net (204.255.169.130) 8 ms 8 ms 8 ms
Is Williams getting transit to Sprint via UUNET or vice versa? Sorry if I have been out of the loop on this.
Regarding Williams, here is an excerpt of an abuse complaint I sent to them (and Edge 1 - theoretically one of their customers):
As the end result of chasing down spam originating from one of our hosts, we discovered the host was infected with the Jeem backdoor trojan. This was found "in the wild" Thursday, July 17, and examination of our PIX logs showed that the proxy source was various IPs in the 69.44.28.x netblock, registered to Edge 1 Networks, but yielding reverse DNS names in WCG.NET. The machine was removed from the network, but the proxy attempts from 69.44.28.x (and a few other addresses) continued for quite some time (logs are included below). It is quite clear from the logs that for each incoming proxy, the machine responded with an SMTP connection to the spammer's next recipient.
In the process of finding the trojan and identifying the traffic source, we placed the machine on a sniffer and reconnected to the network today (Friday, July 18). Within five minutes, the machine was again swarmed by hosts in the 69.44.28.x netblock. If you want the ethereal trace file, I can supply it, but the results are the same. It was quickly removed from the network, and the proxy attempts continued.
Jeff
Thanks to everyone who responded. I seem to have gotten my questions answered with very thorough answers. It seems that WCG buys transit from at least UUNET and C&W at this point. DJ
participants (3)
-
Deepak Jain
-
Jeff Kell
-
Richard A Steenbergen