[119621] in North American Network Operators' Group
Re: I got a live one! - Spam source
daemon@ATHENA.MIT.EDU (Suresh Ramasubramanian)
Wed Nov 25 00:46:12 2009
In-Reply-To: <5e1ca1ac0911241922u25634547u7eeb7ec6e357b352@mail.gmail.com>
Date: Wed, 25 Nov 2009 11:15:20 +0530
From: Suresh Ramasubramanian <ops.lists@gmail.com>
To: Russell Myba <rusmyba@gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Wed, Nov 25, 2009 at 8:52 AM, Russell Myba <rusmyba@gmail.com> wrote:
> Looks like of our customers has decided to turn their /24 into a nice lit=
tle
> space spewing machine. =C2=A0Doesn't seem like just one compromised host.
>
> Reverse DNS for most of the /24 are suspicious domains. =C2=A0Each domain=
used in
> the message-id forwards to a single .net which lists their mailing addres=
s
> as a PO box an single link to an unsubscribe field.
Sounds like what spamhaus.org calls snowshoe. What /24 would this be?
