[119645] in North American Network Operators' Group
Re: I got a live one! - Spam source
daemon@ATHENA.MIT.EDU (Truman Boyes)
Wed Nov 25 06:48:41 2009
From: Truman Boyes <truman@suspicious.org>
In-Reply-To: <5e1ca1ac0911242007v1b6cb4a7gd2b08a37b4226d1e@mail.gmail.com>
Date: Wed, 25 Nov 2009 22:47:38 +1100
To: Russell Myba <rusmyba@gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Interesting scenario ... but would be far more interesting to us if you =
share the /24?=20
Truman
On 25/11/2009, at 3:07 PM, Russell Myba wrote:
>>=20
>>=20
>> I'm confused. Who are you billing and for what services?
>>=20
>>=20
> Let's say our direct customer is CustomerA. They seem to buy =
rackspace from
> BusinessB. CustomerA seem to retain BusinessC for "IT Solutions" even
> though all three entities purport to be IT solutions providers.
> BusinessC came into the picture after the spamming started saying a =
wholly
> different /24 (Different from the spam source) "doesn't work". It =
routes
> fine on our end. I have a feeling they've been added to some RBLs but =
I
> haven't found them listed yet.
>=20
> Just a simple ethernet handoff in a colo. We delegated rDNS to the =
servers
> of their choice and haven't heard a peep out of them until now.
>=20
>=20
>=20
>> Spamhaus is the first one that comes to mind. =46rom what I =
understand of
>> your description, this doesn't sound all that different from typical =
spammer
>> behavior. Multiple layers of indirection seems to be the latest =
thing for
>> spammers.
>>=20
>> =
----------------------------------------------------------------------
>> Jon Lewis | I route
>> Senior Network Engineer | therefore you are
>> Atlantic Net |
>> _________ =
http://www.lewis.org/~jlewis/pgp<http://www.lewis.org/%7Ejlewis/pgp>for =
PGP public key_________
>>=20
>=20
