North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: the value of reverse address lookups?
- From: Andrew - Supernews
- Date: Wed Mar 31 22:23:45 2004
>>>>> "Adrian" == Adrian Chadd <firstname.lastname@example.org> writes:
Adrian> if you reverse resolve, then some registry somewhere (ARIN,
Adrian> RIPE, APNIC, etc) recognises that network as having 'valid'
Adrian> contact details and has assigned someone reverse authority.
Adrian> It stops some IP block hijackers - if you find the right
Adrian> peer, you can just pop up for a bit, say "hi! I'm foo/12!",
Adrian> start spamming from a few /16's worth of IPs, then drop away
Adrian> after an hour.
This tactic is often bandied about - but given the number of people
and sites that track BGP changes, why does no one produce any evidence
of it actually happening?
Adrian> In practice, at least with IP block hijackers, they'll either
Adrian> (a) hijack a smaller chunk of a registered/announced ip
Adrian> network, complete with nameservers, or
Adrian> (b) they'll find a registered but un-announced ip network,
Adrian> with the in-addr authoritative nameservers inside said
Adrian> network, and just pop up for spamming there.
Most commonly, IP space hijackers start by falsely updating the
registration info at the RIR, and/or forging letters of authority
purporting to allow them to announce the block, and work from there.