<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Full Disclosure: Re: MediaSentry false positives?

Re: MediaSentry false positives?

From: <Valdis.Kletnieks_at_vt.edu>
Date: Wed, 05 Jan 2005 09:53:55 -0500

On Tue, 04 Jan 2005 23:22:27 CST, Kevin said:

> the complaint, or somebody on the Internet is spoofing BGP route
> announcements for unused address space out of larger allocations.

This is actually quite likely a possibility. There are enough tier-1's who do
a piss-poor job of filtering their BGP feeds that if you can inject an
announcement you can hijack the address block. This is being actively abused by
several different groups of spammers. You might want to wander over to the
NANOG list archives and search for 'BGP hijack' and/or poke one/several of the
BGP looking glasses out there to see if there's an announcement for your space.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

application/pgp-signature attachment: stored

Received on Jan 05 2005

This message: [ Message body ]
Next message: nicholasnam_at_hush.com: "Possible DNS compromise/poisoning?"
Previous message: White Self-Existing World-Bridger: "DMA[2005-0103a] - 'William LeFebvre "top" format string vulnerability'"
In reply to: Kevin: "MediaSentry false positives?"
Next in thread: Kevin: "Re: MediaSentry false positives?"
Reply: Kevin: "Re: MediaSentry false positives?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]