Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: the value of reverse address lookups?

  • From: Andrew - Supernews
  • Date: Wed Mar 31 22:23:45 2004

>>>>> "Adrian" == Adrian Chadd <adrian@creative.net.au> writes:

 Adrian> if you reverse resolve, then some registry somewhere (ARIN,
 Adrian> RIPE, APNIC, etc) recognises that network as having 'valid'
 Adrian> contact details and has assigned someone reverse authority.

 Adrian> It stops some IP block hijackers - if you find the right
 Adrian> peer, you can just pop up for a bit, say "hi! I'm foo/12!",
 Adrian> start spamming from a few /16's worth of IPs, then drop away
 Adrian> after an hour.

This tactic is often bandied about - but given the number of people
and sites that track BGP changes, why does no one produce any evidence
of it actually happening?

 Adrian> In practice, at least with IP block hijackers, they'll either
 Adrian> (a) hijack a smaller chunk of a registered/announced ip
 Adrian> network, complete with nameservers, or
 Adrian> (b) they'll find a registered but un-announced ip network,
 Adrian> with the in-addr authoritative nameservers inside said
 Adrian> network, and just pop up for spamming there.

Most commonly, IP space hijackers start by falsely updating the
registration info at the RIR, and/or forging letters of authority
purporting to allow them to announce the block, and work from there.

-- 
Andrew, Supernews
http://www.supernews.com





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.