Looking through my logs for April I have received spams from
170.208.17.65, 170.208.17.67, 170.208.17.70, 170.208.17.92,
170.208.17.112, 170.208.17.113, 170.208.17.114, 170.208.17.115
You have got porno spammers in these netblocks scanning for open relays
and relay raping innocent third parties.
Looking through my logs for April I have received spams from
170.208.17.65, 170.208.17.67, 170.208.17.70, 170.208.17.92,
170.208.17.112, 170.208.17.113, 170.208.17.114, 170.208.17.115
You have got porno spammers in these netblocks scanning for open relays
and relay raping innocent third parties.
... apparently you have a portscanner on 170.208.15.82.
Which is a salient reminder that while spam may be the most visible
indication of compromised machines, bogus routing etc) it is likely to
be by far the least of the evils that will originate from such a source.
Spot the spam, catch the REAL problem ... prevent more serious issues.
I would not be so sure that LANET-1 ASN has anything to do with
LANET-1 Network or with LANET organization id.
To be frank, I wasn't as sure as I wanted to be; that's why I simply
pointed to the repeated use of the LANET-1 label, so that others could
make their own judgements. Further research confirms William is right
about it being a California LANET: compare the listing for 170.208.0.0
in: http://euclid.math.brandeis.edu/turtschi/whois/netb22.html with
the listing for (the block currently in use by LA County) 159.83.0.0
in: http://euclid.math.brandeis.edu/turtschi/whois/netb16.html
I have today spoken to the appropriate people who have confirmed their
ongoing ownership of the block and are now taking appropriate action.
We have also identified how the deception was carried out in this case.
For the record, the current routing analysis is as follows: