Spammers Hijacking IP Space

Ron Guilmette writes "As reported in the Washington Post's Security Fix blog, a substantial hunk of IP address space has apparently been taken over by notorious mass e-mailing company Media Breakaway, LLC, formerly known as OptInRealBig, via means that are at best questionable. The block in question is 134.17.0.0/16, which I documented in depth in an independent investigation. (Apparently, the President of Media Breakaway has now admitted to the Washington Post that his company has been occupying and using the 134.17.0.0/16 block and that front company JKS Media, which provides routing to the block, is actually owned by Media Breakaway.) Remarkably, the president of Media Breakaway, who happens to be an attorney, is trying to defend his company's apparent snatching of this block based upon his own rather novel legal theory that ARIN doesn't have jurisdiction over any IP address space that was handed out before ARIN was formed, in 1997."

I say we dust off and nuke the site from orbit

[$RANDOMLUSER]

It's the only way to be sure...

Even better. 134.17.0.0/16 /dev/null

[Gary W. Longsine]

This is almost as good as asking spammers to Set the Evil Bit, so we can filter them out. If all the spammers sign on for address space in this block, we can just route that block to /dev/null and be done with it. ;-)

Re:

[just_another_sean]

This is almost as good as asking spammers to Set the Evil Bit, so we can filter them out. If all the spammers sign on for address space in this block, we can just route that block to /dev/null and be done with it. ;-)

Maybe. This would stop the questionable spammers. The ones that send the "opt in" crap that a lot of people fall for on web forms. Heck, some of them even want email like this.

Somehow I doubt the V14gr4 and P3n15 Enlargmenttt! stuff will go away by filtering these IPs. I may be wrong, but somehow I don't think your average zombie is routing through this space.

Re:

[Technician]

I agree. It needs to be placed in the same status as 10. and 192.168. That should fix it.

If only we could...

[Fluffeh]

Form an agry mob, arm ourselves with pitchforks and flaming brands, and the chase those rascals way out to the outskirts of town.

Hell, if there was any trouble, we could even transform into an angry lynch mob - THEN lets see who owns that space eh? EH? Whaddya say?

Re:

[TapeCutter]

I'll bring the rope if someone is willing to lend me a pichfork.

Wouldn't it be nice...

[dreamchaser]

...if everyone just blocked that IP range entirely at their routers, shutting off their connectivity?

There was a time when the Internet was a 'small' enough place that it would have even been feasible. Kind of like blacklisting a Usenet server for spam.

Re:Wouldn't it be nice...

[Fluffeh]

Only problem with that approach is that you are therefore in fact giving them that IP space by lack of a fight.

That would then lead to another group "claiming" another spot of space, and so on and so forth - until there was no legitimate or unused space left at all - then you would have to fight the same fight with many many people rather than one spamming company as we have now.

Re:

[rbanffy]

No. By isolating them we will make them non-viable and, when they die, we will reclaim the block.

For now, I have blocked it in my firewalls.

Re:Wouldn't it be nice...

[Metasquares]

How will everyone know when the block is reclaimed? You'll end up with an entire /16 that no one can use because everyone is still blocking it.

Re:

[Ziest]

Dear spammer bastard.

Welcome to my firewall. I hope you rot in hell.

Re:

[Spudley]

Lack of fight or not, it looks like there's going to be a legal fight over the block, so he'll be effectively free to use it until that's over at least. And there's always the outside chance he'll bamboozle the judge and win the case, in which case it'll be party time in Spamland, and everyone's IP ranges will be at risk. But I suppose the one good thing if that happens -- you can be sure that all those companies the currently can't be bothered to move to IP6 will suddenly start seeing the benefits of it.

Re:

[Kadin2048]

> So what? There's enough internet to go around â" do we really need any of the stuff that ARIN doesn't have control over?

Huh? There certainly isn't enough "internet", if that includes IPv4 address space. We definitely don't have enough space if every jackass in the universe runs out and squats in the first /16 they decide to use.

Hijacking the IP Space Owners, not just the Space

[billstewart]

As much as I dislike Scotty Richter and his tactics, you can't say he isn't a clever bastard.

The rules for managing pre-ARIN space aren't totally clear, but nobody's worried about them too much because they were mostly owned by large reputable organizations, such as universities and government contractors. (Some of them may need to set the Evil Bit on their packets, but none of them needed to set the Stupid Bit.) In many cases, they've given most of their space back to IANA or ARIN - several universities

Re:

[LostCluster]

You're forgetting that this "claimed" IP space has a legit owner who might want to use it someday. It'd be an internet turf war of people were simply able to advertise the availability of a network they don't own.

Re:

[John Hasler]

> You're forgetting that this "claimed" IP space has a legit owner who might want to use
> it someday.

So why isn't SF Bay Packet Radio taking any action?

> It'd be an internet turf war of people were simply able to advertise the availability of
> a network they don't own.

Isn't that what is happening here?

Re:

[Mister Transistor]

Packet radio is a segment of amateur radio that is languishing and dying at the moment. It was very popular 5-10 years ago, but only offers data speeds of 1200-9600 baud, so it's pretty ancient technology compared to what we're used to these days.

I'm guessing the Packet radio org either no longer exists or is probably depopulated or disinterested in maintaining the IP space anymore.

Re:

[varmittang]

Doesn't he need access to the back bone to make this even work? Hell, I could grab all the IP addresses of the Internet and put it in a router but it would only work in my own little world here in my house. So, does he control a back bone node that he can redirect traffic to make this work? And if the AT&T's of the world black list his set of router mac addresses then it should exclude him from getting any traffic or his ability to send any traffic, right?

Re:

[TooMuchToDo]

You don't need to control a backbone to announce an AS number and a chunk of address space.

Re:

[sjames]

You do have to get your transit providers or peers to recognize your route advertisement.

Re:

[TooMuchToDo]

I've worked with several large IP transit providers who don't always filter prefixes properly, either due to technical or bureaucratic reasons. Simply look at the problem YouTube ran into when a Pakistan ISP tried to blackhole YouTube only in Pakistan, but due to prefixes not being filtered properly, their announcement propagated out to the net.

While I'm glad you've been able to work with organizations that filter prefixes properly, it doesn't always work out the way you've experienced.

Re:

[tlhIngan]

I've worked with several large IP transit providers who don't always filter prefixes properly, either due to technical or bureaucratic reasons. Simply look at the problem YouTube ran into when a Pakistan ISP tried to blackhole YouTube only in Pakistan, but due to prefixes not being filtered properly, their announcement propagated out to the net.

While I'm glad you've been able to work with organizations that filter prefixes properly, it doesn't always work out the way you've experienced.

Given how well the Pa

Re:

[Kadin2048]

From what I can tell the scheme is a little more involved than that.

The spammers set up a front corporation in Nevada with a name that's basically identical to the now-defunct Ham radio club that got the block back in 1989. Then they just took control of it using that name; to a casual observer -- and apparently ARIN didn't bother to look too closely -- they looked like the legitimate owner. It's basically a social engineering exploit.

And because of the way the ARIN's rules are set up, they don't pay anyt

Re:

[PalmKiller]

I just did...thanks for their /16, its blocked so let them enjoy

Re:

[petecarlson]

Lets say I were to filter their advertisements at my core routers. Would I need legal justification to do this? I could just as easily filter Google or MS or anyone else for that matter but I don't because I believe that it is not my job to decide what is good bad or ugly on the internet. We need to have standards for behaviors and when it comes to IP space, I respect ARIN. When ARIN says that the bastards don't own the IP space and they continue to advertise it, I will then start to filter it. Until t

SImple, blackhole the IP space

[jmorris42]

This one is simple. Everyone just blackholes the IP range and game over. Better if the backbones drop the route. Best if we all drop the IP space of whoever is directly connecting to a known spam network.

Re:SImple, blackhole the IP space

[dave.josephsen]

It really isn't that simple. I'd refer you to my own work (http://www.usenix.org/media/events/lisa07/tech/videos/josephsen.mp4, and http://media.defcon.org/dc-15/video/Defcon15-Dave_Josephsen-Homeless_Vikings.mp4 [defcon.org] ) or that of Nick Feamster at Georgia tech. They've been hijacking address space via short-lived BGP prefix hijacks for at least 5 years now, and It is exactly the attitude of "we'll just block X" that got us here in the first place. If you use RBL's and make the arms race about IP's , then the most direct response is to attack the network layer and/or IP space. Further there are real world reasons why IP filters just aren't going to work on a global scale. For that I'd refer you to the work of Mohit Lad at UCLA. There is an economic layer on top of BGP. The effect of no-valley routing is that you're going to get route propagation from folks you think you can trust but cannot. It's a bit much to get into here, but off-handedly blacklisting more shit isn't the answer here, it's the problem.

Re:

[19thNervousBreakdown]

Content filtering doesn't work well. Everyone who has seen his legitimate mail filtered away knows this, as does everyone who receives spam despite filters being in place. As the filtering arms race progresses it will become harder and harder to seperate spam from legitimate mail, resulting in more processing power used and more false negatives and false positives. In the end only something with a near-human intelligence would be able to tell the difference, but it would be unethical to employ such a syst

Firewall Updated

[Bigbutt]

Thanks.

[John]

I say they can have it...

[Talez]

# ip route add blackhole 134.17.0.0/16
# route -n

All good!

Re:

[Barny]

So, uh, they win?

It needs to be policed NOT ignored.

Re:

[Bigbutt]

Then call the police. In the mean time, I'm going to lock my doors and windows to keep the thieves out.

[John]

Re:

[Barny]

Great interpretation of a concept.

*clap*

Blackhole == Defeat!

[Fluffeh]

If the IP is simply blackholed, you are by lack of argument allowing this Spammer to put some sort of credible hold on that IP. That's like finding a squatter in a house on the street where the owners have gone on holiday - and simply putting a peice of tape across the driveway - it doesn't solve the bigger problem which is that someone walked into the house and started living there without any credible reason of doing so. It doesn't solve the problem of what's going to happen when the people return from holidays and find this squatter in their house.

Also, if we simply blackhole that IP, what's going to happen when a legitimate user tries to use that space. It's going to go to bollocks for them when they find that the rest of the net is ignoring them already.

Re:

[Nullav]

So let 'em have it. Then we can start citing it as even more reason to move over to IPv6 already.

Re:

[QuantumG]

That's like finding a squatter in a house on the street where the owners have gone on holiday

Huh? That's not squatting. If the premises are occupied then it is trespass. I know this must be hard to understand in the US where there are no sensible squatting laws, but in civilized world squatting is where you are living somewhere that is vacant without the authorization of the owner. Squatting serves an important purpose: to force property owners to develop the property. Otherwise all the buying up property for the purpose of speculating on an increase in the market would result in widespread h

Re:

[John Hasler]

> I know this must be hard to understand in the US where there are no sensible squatting
> laws...

Google "adverse possession".

> Squatting serves an important purpose: to force property owners to develop the property.

Why is necessary that all property be "developed"?

> Otherwise all the buying up property for the purpose of speculating on an increase in
> the market would result in widespread homelessness.

You have a defective understanding of economics.

Re:

[Fluffeh]

Goodness me, that's so utterly way off the mark :)

Quote:
squatting is where you are living somewhere that is vacant without the authorization of the owner

Yes, and the problem here is that when the owner comes to the squatter and says "I would like you to go somewhere else as I would like to [insert reason]." the squatter then replies with "But I have been living here for [insert length] and I ain't moving."

The IP address they have been using does not belong to them.
Rather than putting forward the

Re:

[IndustrialComplex]

Although it has no recognized owner, I'm willing to be the instant you tried to claim it, 400 other countries would jump in with their own claims.

Re:

[El Torico]

Your definition of trespass is wrong; no where does it say that property has to be occupied. Of course, the legal definition will vary by jurisdiction, but in Standard English the definition doesn't mention occupancy, only permission.

This is from Mirriam-Webster online -

Main Entry: 1trespass Pronunciation: \tres-ps, -pas\ Function: noun Etymology: Middle English trespas, from Anglo-French, passage, overstepping, misdeed, from trespasser Date: 13th century 1 a: a violation of moral or social ethics : tra

Re:

[El Torico]

Whoa -- time out there, kiddo. What makes you so sure that absentee landlords DESERVE to regain access to land that they ABANDONED for such a long time? In my opinion, it's all about occupancy and use.

So, by your reasoning, it's OK for SF Bay Packet Radio LLC to have the 134.17/16 block? They are using it apparently.

Re:

[TapeCutter]

Quit or go postal, preferably the second option if you can get away with it.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Blackholing this address space may not be wise

[Whuffo]

If you're going to add this address space to your firewall or block it at the router - consider that this rogue outfit is likely to be taken down soon, and that address space may then be assigned to a legitimate operation. There's not an unlimited number of addresses left in IPv4 you know.

What's been happening for years now is well-meaning admins blocking various IP addresses / blocks and/or domain names. Their motives are good, but after the address or domain name is blocked they almost never go back and recheck to see if the block is still needed. What this leads to over time are holes in the address space that can't be used, awkward or no routes to some addresses from some other addresses, etc. Especially in this time of zombie machines; blackhole that IP address and you've knocked some individual off line - but you've done nothing to reduce the amount of spam / viruses / worms / etc.

This is what killed ORBS and other services of that type. Easy to add domains / addresses to the blocklist, but difficult to remove them. Eventually the list becomes useless...

Much better solution: make an example out of the people who are squatting on this netblock. Break out the pitchforks and torches...

Re:Blackholing this address space may not be wise

[v1]

He has to peer somewhere. THEY should be the ones to blackhole him. One way or another he has to be paying someone off to route in his direction. I don't see why that's hard to cut off?

Re:

[mysidia]

If you're willing to pay enough for the bandwidth you will probably find a major provider to let you advertise your range.

For the origin of that range to get as far as they have, they clearly had paperwork to prove to their upstream that the range is assigned to them.

You're their customer. Without a very good reason to do so, they won't (can't) blackhole you without violating whatever interconnection agreement was signed.

Temporarily blocking a range should cause no permanent issue for the new own

Re:

[Burdell]

For the origin of that range to get as far as they have, they clearly had paperwork to prove to their upstream that the range is assigned to them.

Except they don't. The IANA/ARIN records for that block show it being assigned to SF Bay Packet Radio in 1999. However, the nameservers appear to have been changed in October 2007 to sfbprservices.com, which is then registered by Media Breakaway (trying to pretend to be the original owner). Apparently, their upstreams (Level3, Cogent, and XO) did not do any checking, nor are they doing proper route filtering. IIRC all three of those companies are hurting finacially, so they probably just looked the oth

Re:

[Kadin2048]

They have what looks like a front company with an ASN that advertises routes to the stolen address space.

It's "JKS Media" and they have ASN 32311 [fixedorbit.com].

Peers include Cogent, XO, Level3, and 360Networks.

IMO, it's the networks peering with JKS that need to pull the plug, rather than having every sysop on the net blacklist either the ASN or the IP address range.

Re:

[nuzak]

I think everyone who has the capability should start announcing the same netblock via BGP.

AS32311 SPARTACUS

Re:

[Fluffeh]

Hey! It's pitchforks and flaming brands, not torches...

See here! [slashdot.org]

Re:

[EdIII]

If you're going to add this address space to your firewall or block it at the router - consider that this rogue outfit is likely to be taken down soon, and that address space may then be assigned to a legitimate operation. There's not an unlimited number of addresses left in IPv4 you know.

I already considered it. For about 60 seconds as I watched an inordinate number of spam attempts on my mail servers. Took me less than 5 seconds to add 134.17.0.0./16 to the firewall. I felt sorry for the eventually leg

Spammers know no limits

[erroneus]

There's only one true solution to the problem of spammers. Death. I'm not joking. These people that create botnets, hijack networks and servers so that they can sell advertising are creating problems on a global scale for money. Nothing but death will stop or deter them. They need to die.

It's good that I do not own any firearms and good that I do not know where these people live and good that I lack the means to get there. If I had those things and an air-tight alibi, I wouldn't hesitate to make my first murder one of these people.

Re:

[dfm3]

Dude. Back away from the computer, get out of the basement for a little, and maybe step outside for a minute to take a breather. I'm not joking. ;-)

Re:

[ForumTroll]

I wouldn't hesitate to make my first murder one of these people.

First? You plan on murdering other people?

Re:

[aliquis]

Probably? I think many people could come up with others they would have wanted to see dead if possible and safe for themself.

Re:

[owlnation]

Hmmm... I'm not sure modding him flamebait was really fair. He does have a point, all too scarily emphatic about it, but a point nonetheless. He's on that cusp between funny, insightful and flamebait. It's not really flamebait since he's only likely to offend spammers, and I'm not sure we really should care what they think.

We do definitely treat spammers (and lawyers) with far too much leniency in society. Spammers, direct marketers, viral marketers should all be in prison for a very, very long time. If

Re:

[erroneus]

For years I've been trying to explode their heads with my mind... it hasn't seemed to work yet.

Re:

[aliquis]

And how long before Paypal decides the money are theirs? :D

"Hijack?"

[PhotoGuy]

Apparently, the President of Media Breakaway has now admitted to the Washington Post that his company has been occupying and using the 134.17.0.0/16 block and that front company JKS Media, which provides routing to the block, is actually owned by Media Breakaway.

If he is president of a company that owns the company that provides routing for the block, doesn't that mean he has legal ownership of that block?

Yes, if the block is used primarily for spam, I'm all for people blackholing the range. And if he's using it for illegal purposes, yes, he should be punished (and the range appropriated). But I don't see where the term "hijacking" could be applied at all.

If I own some cars and use them in crimes, I haven't "hijacked" anyone.

What am I missing?

Re:

[Fluffeh]

You are missing the fact that his so called "ownership" is in his eyes only, not that of anyone else.

Just becuase you squat doesn't mean you own.

Quote:
Remarkably, the president of Media Breakaway, who happens to be an attorney, is trying to defend his company's apparent snatching of this block based upon his own rather novel legal theory that ARIN doesn't have jurisdiction over any IP address space that was handed out before ARIN was formed, in 1997.

Re:"Hijack?"

[jon787]

That it doesn't belong to the parent company either:

$ whois 134.17.0.0

OrgName: SF Bay Packet Radio
OrgID: SBPR-1
Address: 1490 W 121st Ave
Address: Suite 201
City: Westminster
StateProv: CO
PostalCode: 80234
Country: US

NetRange: 134.17.0.0 - 134.17.255.255
CIDR: 134.17.0.0/16
NetName: BAY-PR-NET
NetHandle: NET-134-17-0-0-1
Parent: NET-134-0-0-0-0
NetType: Direct Assignment
NameServer: NS1.SFBPRSERVICES.COM
NameServer: NS2.SFBPRSERVICES.COM
Comment:
RegDate: 1989-04-12
Updated: 2007-10-05

Re:"Hijack?"

[Kadin2048]

Humm ... San Francisco Packet Radio ... with a Colorado mailing address. Somehow I don't think so.

It looks like what they did was just register a company with a similar-sounding name to a defunct organization that had an old /16. Then they went to ARIN and got control of it on the strength of the similar name, including getting themselves listed in WHOIS. (Which, when you think about it, isn't that hard -- there's no real authentication mechanism for proving you're the "real" San Francisco Packet Radio.)

Then they had another front company obtain an AS number and provide routing, and suddenly they have lots of IPs from which to send spam.

The even-creepier part is that it looks like they have another block stolen through similar means (currently registered to a P.O. box in NYC) and possible connections to Russian spammers, which means basically the Russian mafia.

Here's hoping that when the whole thing falls apart, the Russian mob comes calling for this guy's head. Ironically they're the best chance for this guy getting the slow, painful death he so richly deserves.

To read this comment

[lisany]

I'm sorry but to read this comment you must accept the terms of service of my crappy comment. Please click your back button to accept terms of service.

A lack of ethics

[mlwmohawk]

I will continue to say it every time I can.

We need a strong societal repudiation of the violation of ethics. Organizations like Microsoft, SCO, and the like and people like Bill Gates, Darl McBride, etc. need to be made pariahs for the shameless unethical and illegal behavior.

"Spamming" is unethical. The only reason why it is done is because their unethical behavior is not shunned.

And what is spam?

[Jane Q. Public]

There must be a line somewhere: this is spam and that is not. Current U.S. law defines it pretty specifically.

Re:

[mlwmohawk]

It is like the definition of PORN. Unfortunately, it is "I know it when I see it."

Re:

[Jane Q. Public]

Ah... but it's not. That was my point. Spam has a narrow legal definition. If they are on the "proper" side of that line then they are "mass mailers", not "spammers".

I might agree with you that even legal bulk mail is annoying... but if it is that annoying, then we should change the law, yes?

Re:

[Kadin2048]

The legal definition of "spam", at least on the Federal level, was crafted with help from spammers themselves (oh, I'm sorry, they're "mass marketers" now). Good thing nobody cares: they're still spammers in the eyes of God and the Internet. Those 'mass marketers' using their CAN-SPAM-approved "free shot" on everyone's email address? Spammers. You know it, I know it, the people who write spam filters know it; hell, even the spammers themselves probably know it.

The fact that the U.S. Congress -- a pretty t

Re:

[Jane Q. Public]

I think we are pretty much in agreement there.

Except, perhaps, for the "free shot" thing. I do not think that allowing a company to make a single, one-shot email to your email address is necessarily unreasonable... *IF* it is truly only one email per company, which does not then sell your address to others who do the same thing.

But even that can be annoying, I grant you. Since I am definitely against bulk commercial snail-mail, I suppose I should also be opposed to bulk commercial email, in any form.

Re:

[aliquis]

Just ban all sorts of advertisment for all I care :)

Re:

[xdroop]

You, sir miss the obvious.

The, ah, "only reason why it is done" is because there's money in it.

Re:

[swordgeek]

I expect that people will misinterpret what you mean by shun, or maybe I am. However, I agree entirely--if it could be done in a comprehensive way. Imagine if nobody would sell groceries or toilet paper to Bill Gates, because of his behaviour. Rather than being invited as guests to TV shows, the media would all collectively turn their backs on the likes of Darl McBride and Steve Ballmer at press conferences. The Richters shouldn't be able to get power, water, or gas service to their houses or businesses. Pe

Re:

[mlwmohawk]

Spamming would continue to occur despite any amount of "shunning". It just generates large amounts of revenue for the spammers.

If they were shunned by business, then it could not generate large amounts of revenue. Which is the point of my post.

Ethics are not considered anymore, people don't even care. We applaud the balls it takes to do the most obviously unethical deeds in public, and not say to the effect: "I can't do business with you, my reputation is too important."

That is why spam is profitable. That

Comment removed

[account_deleted]

Comment removed based on user account deletion

what's the big deal?

[ILuvRamen]

I assume they mean they own 134.17.0.0 through 134.17.0.16, right? What's the big deal? If I owned 16 web servers, I'd have control over a block that size too. Even if they mean it goes up to 134.17.16.255 large web hosts can own that much too. Now if they stole all of 134.anything that'd be bad.

Re:

[wytcld]

Um no. Everyone else knows this. But might as well clue you in. They've claimed 134.17.*.* - all of it.

Re:

[Ron Bennett]

No, it means they control 134.17.0.0 to 134.17.255.255 ... NOT 16 addresses, but rather 65,536 addresses. Though still a far cry from them controlling all of 134, since they only have 1/256 slice of it.

Ron

Re:

[Have Blue]

The "/16" means they claimed the remaining 16 bits of the 32-bit IP address whose first 2 bytes are 134.17 in decimal- everything from 134.17.0.0 to 134.17.255.255. That's one of only 65,000 blocks of its class available and is the sort of range that would be owned by a large corporation or university.

who is linking this to the backbone?

[timmarhy]

this has a very simple fix. major backbone providers like at&t need to cease routing from providers who allow this kind of misconfiguration of the internet.

because that's all it is, a mid level isp has added someone to their routing tables with ip's that they have no right to. simply telling their provider to correct their configurations or all their traffic will be dropped should be enough, indeed it should be mandatory for backbone providers to do this in order for them to legally keep their own ip ranges. anything else is asking for people to start claiming ip's all over the place and before you know it each isp will route you to a different site for the same ip, making the internet useless.

This is good news

[CustomDesigned]

Now I can just add that entry to my IP blacklist...

By George he's got something there

[JustNiz]

>>> Breakaway, who happens to be an attorney, is trying to defend his company's apparent snatching of this block based upon his own rather novel legal theory that ARIN doesn't have jurisdiction over any IP address space that was handed out before ARIN was formed, in 1997."

By George he's right! I'm gonna lay claim to 127.0.0.1. oh wait I already seem to own it...

Re:

[GuruBuckaroo]

Oh my god. I thought I had wasted 5 minutes reading through the posts on this thread. This made it worth it. Thank you.

Re:

[oglueck]

Even cooler. You own the whole 127.0.0.0/8 subnet! That's frikin 16581375 addresses!

I wish it weren't illegal

[Associate]

to set people like this on fire.

I'm All For It

[hardburn]

If ARIN doesn't control IP addresses assigned before it started, then it basically means a return to classful routing. And then everyone would be pretty much forced to use IPv6.

I say go for it.

easily fixed......

[Indy1]

" I felt a great disturbance in the internet, as if 65535 ip addresses suddenly cried out in terror and were suddenly silenced. I fear something terrible has happened. "

iptables -A spam -s 134.17.0.0/16 -j DROP

Re:

[evanbd]

OrgName: SF Bay Packet Radio
NetRange: 134.17.0.0 - 134.17.255.255
CIDR: 134.17.0.0/16

What do you have against the SF Bay Packet Radio?

Their upstream providers shouldn't be routing it, but you shouldn't blackhole it either...

Re:

[Gazzonyx]

But, you gave the 65536th ip a free pass? I'll let the off-by-one error slide since I thought that the command for iptables used a lowercase 'a' for the add flag... I alway forget that the first command is uppercase with iptables!

Running out of IP Addresses?

[PRMan]

And what ever happened to the alleged impending crisis of the world running out of IP addresses? If phantom companies, operating out of P.O. boxes, and lacking any real existence whatsoever... except on paper... can get their own /16s and /18s every day of the week, then it's no wonder the world is running out of IP addresses.

Seriously.

So I'm bored...

[Mutiny32]

The very first evidence I can find of the 134.17.0.0 being reserved is referenced in RFC 1166 to BAY-PR-NET with a contact of a Mr. Milo Medin of NASA Science Internet Program Office (MEDIN@NSIPO.NASA.GOV), who This RFC is obviously outdated (July 1990), but government agencies usually don't give up their IP space. Initial impression is that NASA was/is involved in providing connectivity to the Pacific Rim; in some ways with AX.25. If this is still the case, then the US Government should have a little talk

Re:

[Mutiny32]

A little more digging around reveals that NASA reserved this space for use of testing and implementing TCP/IP links over AX.25 (packet radio). This was later part of the NASA Science Internet; which eventually just became part of the Internet. The company name SF Bay Packet Radio, LLC looks to be a bogus company name to make it look to ARIN that it is the original owner of the address space, reserved and documented in RFC 1166 in 1990. Most accurately known as identity theft. It is most likely that NASA Ame

Isn't this (cough) terrorism?

[Fallen Andy]

So of what use exactly is the US Dept. of Homeland Security? This really *is* terrorism in the sense that it hits at the principles on which the internet infrastructure works...

Andy

What the heck?

[ArsenneLupin]

47-usc-230c2.org
(No Cookies)


We're sorry, but it appears that you have cookies disabled in your browser.

In order to access this site, you must have cookies enabled in your browser, at least for this site (47-usc-230c2.org).

Please enable cookies in your browser, and then use your BACK button to try your request again.

==> if you don't have anything to say, don't put your link on Slashdot.

ROKSO

[oglueck]

Just add them to the ROKSO list [spamhaus.org] and most ISPs won't route their traffic any more. Additionally this could be listed in the bogon zone [completewhois.com] at completewhois.

death penalty

[Tom]

I stand by my opinion that we should kill spammers.

We, as a society, accept way too many crimes against us, the society. Crimes against individuals are punished much harsher. Crimes against virtual entities (corporations, money, information) even more so.

Doesn't anyone else think we have this kind of backwards?

Re:

[timmarhy]

it's been done, and ironically he claimed it was harassment.

pot calling kettle black.

Re:

[zymano]

Exactly. All the stupid ideas floated by techocrats wont work. A firewall will work somewhat but you still have to get these guys in your own homeland.

These guys ARE CRIMINALS. They are committing telephone fraud and this idiot judge just bought their snakewater.

If my online co. was attacked with this crap I would sue but also contact FBI or local police and arrest these fools.

Re:Here's an idea. Lets start by makeing spam ille

[Kadin2048]

Um, they did that, at least in the U.S. It's a perfect case of the cure being worse than the condition.

The law Congress passed, called CAN-SPAM Act [wikipedia.org], was pretty quickly called the "YOU CAN SPAM Act" and for good reason. It has so many loopholes and outright legitimizations of spam that it's basically worse than useless.

As a bonus, as if greenlighting spam at the Federal level weren't enough, when they passed it they invalidated all the state laws that were tougher on spam, and also prevented any state from

Re:

[Kadin2048]

I think those only appear on links to the spammer's site. It's a little weird but the investigation page has a couple of links that point to pages that immediately redirect to the spammer's site.

I don't know if he's doing that to avoid giving them the link or what. (Seems to me he'd be better just not linking at all, but what do I know.)

But the site that pops up that weird disclaimer and requires you to agree before you can get to the actual site -- that's the site for the spammer's front company that pro

Re:

[kylehase]

I hear that nowadays if you want more than one static public IP many ISPs will require a document explaining what you plan to do with the IPs. Unfortunately many large blocks were given out before such rules were in place (before NAT was popularized) so owners of these huge blocks like your govt entity have a lot to spare while other's have to jump through hoops to get a few.

FYI, /16 is the amount of IPs that many accredited Universities were assigned.