[119613] in North American Network Operators' Group
Re: I got a live one! - Spam source
daemon@ATHENA.MIT.EDU (Russell Myba)
Tue Nov 24 23:08:06 2009
In-Reply-To: <Pine.LNX.4.61.0911242231420.22812@soloth.lewis.org>
Date: Tue, 24 Nov 2009 23:07:20 -0500
From: Russell Myba <rusmyba@gmail.com>
To: Jon Lewis <jlewis@lewis.org>, nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
>
>
> I'm confused. Who are you billing and for what services?
>
>
Let's say our direct customer is CustomerA. They seem to buy rackspace from
BusinessB. CustomerA seem to retain BusinessC for "IT Solutions" even
though all three entities purport to be IT solutions providers.
BusinessC came into the picture after the spamming started saying a wholly
different /24 (Different from the spam source) "doesn't work". It routes
fine on our end. I have a feeling they've been added to some RBLs but I
haven't found them listed yet.
Just a simple ethernet handoff in a colo. We delegated rDNS to the servers
of their choice and haven't heard a peep out of them until now.
> Spamhaus is the first one that comes to mind. From what I understand of
> your description, this doesn't sound all that different from typical spammer
> behavior. Multiple layers of indirection seems to be the latest thing for
> spammers.
>
> ----------------------------------------------------------------------
> Jon Lewis | I route
> Senior Network Engineer | therefore you are
> Atlantic Net |
> _________ http://www.lewis.org/~jlewis/pgp<http://www.lewis.org/%7Ejlewis/pgp>for PGP public key_________
>
