Information re: Cyberpromo

Mailman List Mirror (Read Only)
1

Martin J. Hannigan put this into my mailbox:

Can someone verify that this is the interface facing cyberpromo
from AGIS?

I called AGIS' NOC and they refused to tell me, so I want to make
sure I'm cutting just them...

a0.1.philadelphia1.agis.net (206.185.158.237)

Well, AGIS appears to be hijacking its own netblocks for CyberPromo, as
it were. I blocked out the CP netblocks, and still got spam from other
netblocks through AGIS. I finally went ahead and blocked this:

# cyberpromo
ALL: 205.199.212. 205.199.4. 206.27.86.210 207.124.161.50
# Cyberpromo through IDCI
ALL: 207.124.161.0/255.255.255.0
# AGIS
ALL: 205.254.160.0/255.255.224.0, 205.137.48.0/255.255.240.0, \
        204.157.0.0/255.255.0.0, 206.84.0.0/255.254.0.0, \
        206.42.0.0/255.254.0.0, 205.198.0.0/255.254.0.0, \
        206.62.0.0/255.255.0.0, 206.148.0.0/255.254.0.0, \
        206.185.0.0/255.255.0.0, 206.249.0.0/255.254.0.0, \
        204.137.128.0/255.255.192.0, 204.137.192.0/255.255.224.0, \
        205.164.64.0/255.255.192.0, 205.164.128.0/255.255.192.0, \
        205.164.192.0/255.255.192.0, 204.130.243., 209.14.0.0/255.255.0.0 \
        207.142.0.0/255.255.0.0

Two months with these filters, and no complaints yet.

-dalvenjah

2

I find this very interesting. Some people claim that AGIS is quite
large... (I don't think I believe them) and if you don't peer with agis
you really don't reach all the net.

yet here is a case where someone else cuts them off with no complaints....
I have seen similar statements from others. any consensus on whether
connectivity to them is irrelevant to doing reasonable business on the net
or not now a days?

one wonders how long they will hang on. (Watching sergio heker's antics
with GES (jvncnet) i used to wonder the same. Sergio however had one major
major customer called princeton university left at the end.) AGIS has
the spammers.....surely they will meet their well deserved fate before
long?

3

Well, AGIS appears to be hijacking its own netblocks for CyberPromo, as
it were. I blocked out the CP netblocks, and still got spam from other
netblocks through AGIS. I finally went ahead and blocked this:

# cyberpromo
ALL: 205.199.212. 205.199.4. 206.27.86.210 207.124.161.50
# Cyberpromo through IDCI
ALL: 207.124.161.0/255.255.255.0
# AGIS
ALL: 205.254.160.0/255.255.224.0, 205.137.48.0/255.255.240.0, \
        204.157.0.0/255.255.0.0, 206.84.0.0/255.254.0.0, \

204.157.36.0/23 is used by a company completely unrelated to AGIS other
than having gotten address blocks from Net99 at one point in the long
past. AFAIK they don't spam.

        206.42.0.0/255.254.0.0, 205.198.0.0/255.254.0.0, \

Ditto for 205.199.64.0/20. Don't know about them spamming (haven't heard
any complaints anyhow).

- --
\/\ Lab.NET| Ryan Smith-Roberts <rsr@lab.net> | finger/www for
/\/ we do | "Consistency requires you to be as | PGP key
\/\ stuff | ignorant today as you were a year ago" - Bernard Berenson
         89 FC 59 49 D3 DD 20 20 54 0D B0 C5 81 32 01 CC

4

Okay, I've got a question actually related to North American Network
Operations...here goes:

I'm currently the Network Admin for a medium sized ISP in Cincinnati
Ohio. We are currently multi-homed through US Sprint (Sprintlink), one
connection in DC one in Chicago.

We are interested in diversifying across another Network Service Provider
backbone. We currently run BGP4 with Sprint, and will be running it
to our additional NSP. We're working on getting our own netblock to have
us be able to announce our AS via both NSPs.

My question is twofold:

1) Are there recommendations on which NSP I should go with now, based on
    the fact that I currently have Sprintlink? Our Sprint connections are
    a full DS3 and a full T1 (DS3 to Chicago, T1 to DC). I want to buy
    another DS3.

    We've placed an order for
    UUNet, however, they have now taken 160 days (they gave me a 120 day
    due date and missed it), and cannot give me a firm due date, and I'm
    not convinced they will ever be able to deliver. I'm tired of waiting.
    I looked at MCI, but the "InternetMCI voice mail system" is "Full". So
    you can't even leave a message to have someone call you back
    (800.582.1253, kinda funny since they spend all that money on advertising
    and customer's can't even contact them).

2) What is the best way to handle the AS announcements? I've got three
    netblocks from Sprint, but Sprint won't announce my more specific
    routes (nor should they), so people will just route to the blocks
    Sprint is advertising. If I announce the more specific routes out
    UUNet (for lack of another example), I'll start getting all my
    inbound traffic down that pipe.

    From what I can tell, I'd be better off getting my own netblock from
    the InterNIC, and annoucing my own routes through both NSPs. That way
    the Internet will make it's own routing decisions based on the
    "closeness" of the routes (AS Path length, etc.). I'd then renumber
    my internal network, and give Sprint their IPs back.

    Does that sound right?

Thanks in advance. I've learned a great deal being on this list, and I'm
going to put up with the signal-to-noise ratio for a while as long as there's
still information I can glean.

5

Well, that was interesting.

Thanks to everyone who has responded thus far. I've gotten a lot of
"sale" types of email, but also a lot of really good information.

It appears as if I was right in my assumption that I needed to get my own
IP block of PI space from the InterNIC.

So, my follow-up question is this:

What exact documentation and formats does the InterNIC need to see.
I've been told network diagrams and IP allocations, but that to me
means diagrams, and that means I have to ship them some drawing format.
What do they use?

Or, can I just great a table of IP addresses and hosts and how my
IPs are allocated to customers, etc.

I want to make sure that I'm somewhat successful in securing some reasonable
amount of IP space from the NIC, and would like some advice from people
who have gone through this process.

Thank You Again.

-Rob

6

Rob,

  I've acquired a few /18's from the NIC with simple text block lists of
machines and IP addresses. Your miles may vary -- from your text it seems
you're an ISP. We're a webfarm.com and we're multihomed (makes an
excellent argument for portable space).

Steve

7

means diagrams, and that means I have to ship them some drawing format.
What do they use?

You can be certain that everybody can accept diagrams via fax or in a GIF
file, preferably delivered by emailling a URL.

I want to make sure that I'm somewhat successful in securing some reasonable
amount of IP space from the NIC, and would like some advice from people
who have gone through this process.

You can't give them too much information. Make sure you apply far enough
in advance that you have time to answer any questions that arise. Read
RFC2050 http://www.internic.net/rfc/rfc2050.txt and the Internic policy
guidelines at ftp://rs.internic.net/policy/internic/internic-ip-1.txt

The application template is at
ftp://rs.internic.net/templates/isp-ip-template.txt

If you feel that some of the information the Internic requires is
confidential and are reluctant to disclose it, there is an NDA that the
Internic will sign. You can get a copy of the actual NDA at
ftp://rs.internic.net/policy/internic/internic-ip-2.txt
You sign two copies and courier it to them, they sign them and send one
copy back to you.

If there are still some parts of the policies or reequirements that are
confusing, go to http://www.arin.net and read through the stuff in the
Recommended Reading section.

And if you do not meet the requirements for an IP netblock, be aware that
the single biggest reason why this cannot be changed at this point in time
is because the White House Interagency Task Force is stalling on letting
an industry run consortium (ARIN) take over the task of managing North
America's IPv4 address space. Let your congress person, and senator know
that the administration's actions are hurting your business and are the
exact opposite of their claims to support industry self regulation
initiatives. If you are Canadian, talk to your federal MP and ask
Industry Canada and the Dept of Foreign Affairs to pressure the White
House to move this forward.

Since ARIN also will serve South Africa and Latin America in it's early
stages, people in those countries could ask their governments to place
some pressure on the American White House.

Unfortunately, even in the USA, the politicians do not realize how fast
the Internet moves and how necessary it is to cut through the bureaucratic
red tabpe in order for it to flourish. And many Internet companies and
individuals have not in the past taken time to get involved in the
political process by educating politicians about the political and
economic realities of the Internet. It's time to change this, IMHO.