Has anyone else gotten one of these? It appears they are trolling
a Nanog archive on the web and sending these out to posters. *sigh*
Perhaps it should be a nanog AUP violation to archive the list on
the web, and merit could keep a single web archive with the e-mail
addresses removed / altered to prevent this sort of harvesting.
These are known spammers; we've had them blocked for ages. Probably not
an issue of just trolling NANOG - just a stupid blunder on their part.
See also: http://spamhaus.org/SBL/sbl.lasso?query=SBL6909
Hosted by Internap and have been for quite some time.
They've got a bunch of other blocks too - I guess it's time to block
these too:
64.94.204.240/29, 66.150.42.0/24, 66.150.43.0/24, 64.94.206.224/28
anyone here having problems resolving americaonline.aol.com with spoof
protection enabled on their dns servers? It appears AOL via a series of
cnames is specifying a non-authoritive dns server as authoritive for
internet.aol.com which is where the first url is cnamed.
I need a dns expert to untangle this one so I can explain it to the aol
tech. Can anyone help?
Geo.
I can't even load www.aol.com now that we're running both IPV4 and IPV6
in the office. nslookup just times out. Does anyone else have this
problem?
Michael
I�m constantly seeing responses to queries for AOL servers which come
in from different IP addresses than the query was sent to.
Pete
In the immortal words of Leo Bicknell (bicknell@ufp.org):
Has anyone else gotten one of these?
Dozens, and have bitbucketed them on every single mail server I can
get my hands on.
It appears they are trolling a Nanog archive on the web and sending
these out to posters. *sigh*
They may be doing that as well, but they are also simply spamming
domain contact addresses, and have been for over a year now.
-n
------------------------------------------------------------<memory@blank.org>
"I like my beer cold, my TV loud, and my homosexuals FLAAAA-MING!"
(--Homer Simpson)
<http://blank.org/memory/>\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
pete@he.iki.fi ("Petri Helenius") writes:
I�m constantly seeing responses to queries for AOL servers which come
in from different IP addresses than the query was sent to.
due to the weakness of the 16-bit query id field, bind will throw that
stuff away. the source address and port has to match the destination
of the query, and the question section has to be copied in its entirety.
i don't know who aol is going to be able to send responses to who won't
apply those same restrictions.
dig www.aol.com. aaaa
; <<>> DiG 8.3 <<>> www.aol.com. aaaa
;; res options: init recurs defnam dnsrch
;; res_nsend to server default: Operation timed out
I think that's your problem. It seems aol is not answering AAAA queries at all, when to be correct they should actually be sending back responses saying there is no AAAA record, so the client can then request an A record, and move on.
--Phil
Just for everyone's information, the issue I originally mentioned has been
fixed, there was a weird NS entry loop in the aol dns but it's been
corrected and seems to function normally now (for IPv4 anyway, don't know
about that 4/6 issue someone mentioned).
One of the guys from AOL reads the list and worked with me to get it
resolved, hats off to that nameless man. 
Geo.
i don't know who aol is going to be able to send responses to who won't
apply those same restrictions.
NAT or "content switch" are the terms that come to mind.
Pete
As the owner of answerpointe, I think it would be a shame to kill it because
it does get a significant number of hits with legitimate searches.
Stripping emails would seem to make it impossible to make inquiries of the
collective knowledge of NANOG. Whether its webcrawling answerpointe or
Ftp'ing the archive from MERIT, the net result is the same.
You also have the sporadic people who say "for whatever reason, I said
something on NANOG I shouldn't have because now that I am unemployed from a
dot bomb, when I try to get a job, they search the web and these stupid
posts I made show up in your archive and can you remove them so I can get a
job???" I explain to them the concept of an an archive.
Whats the collective voice of NANOG say, keep it or kill it?
It is likely that anyone who has posted to NANOG for any length of time
also has his/her email address strewn throughout the 'net in numerous
places where spammers troll. I'd keep it as is. Archives are a good
resource and help to keep the noise ratio down.
One option would be to make the archives only available to the members
of the list. This gets tricky as some form of authentication would then
be needed and it's difficult unless the archive and the list are under
the same administrative entity.
A quick google seems to indicate that internetseer are well-known and
persistent spammers, and they've hit several spamtraps of ours. Giving
them a static route to null0 wouldn't be a bad thing.
You also have the sporadic people who say "for whatever reason, I said
something on NANOG I shouldn't have because now that I am unemployed from a
dot bomb, when I try to get a job, they search the web and these stupid
posts I made show up in your archive and can you remove them so I can get a
job???" I explain to them the concept of an an archive.Whats the collective voice of NANOG say, keep it or kill it?
I think we're all big boys (and girls) here and understand that
subscribing to a large, archived mailing list will get your subscription
address on yet another "1,000 MILLION EMAIL ADDRESSES" CD. I should hope
everyone here can implement, or at least ask for, basic spam filtering.
This isn't your grandmother's crochet chat group; everyone here should be
smart enough to at least glance at the Merit site before subscribing.
If you come in here and say things that make you unattractive as a
prospective employee, tough crap. 
More jobs for the rest of us.
Charles
Charles Sprickman wrote:
> You also have the sporadic people who say "for whatever reason, I said
> something on NANOG I shouldn't have because now that I am unemployed from a
> dot bomb, when I try to get a job, they search the web and these stupid
> posts I made show up in your archive and can you remove them so I can get a
> job???" I explain to them the concept of an an archive.
>
> Whats the collective voice of NANOG say, keep it or kill it?
Personally, since Merit is already archiving it, I'd really prefer that
everyone else did not. You don't do us any favor. If I want to search the
archives, I know where they are. I never understand the need to archive
someone else's mailing list. On the other hand...
I think we're all big boys (and girls) here and understand that
subscribing to a large, archived mailing list will get your subscription
address on yet another "1,000 MILLION EMAIL ADDRESSES" CD. I should hope
everyone here can implement, or at least ask for, basic spam filtering.
This isn't your grandmother's crochet chat group; everyone here should be
smart enough to at least glance at the Merit site before subscribing.
Sure, maybe, but I really think, in this day and age, if you're going to
archive mail in a public manner, that you ought to do the courteous thing,
and at least make it somewhat difficult to collect email addresses. Sure,
bugtraq (for example) is archived from here to Mars, and they surely don't
obscure, but I really think that Nanog ought to be a cut or so above
them...but then, it isn't my call.
If you come in here and say things that make you unattractive as a
prospective employee, tough crap.
Oh, even more important than that: It makes it easier for prospective
employers to weed out the bad ones. Think about it. If you behave
unprofessionally here, my guess is you're unprofessional. Go right ahead
and display your bad manners in public; you're doing everyone a favor, and
providing an early warning as well. There you have it.
imiho, an archive should be just that, and as complete and
unaltered as possible.
if you want to solve the spam, job hunting, ... problems, there are
better means than book burning.
randy