[129455] in North American Network Operators' Group
Re: IPv4 squatters on the move again?
daemon@ATHENA.MIT.EDU (Suresh Ramasubramanian)
Tue Sep 7 10:49:17 2010
In-Reply-To: <Pine.LNX.4.61.1009071026370.5148@soloth.lewis.org>
Date: Tue, 7 Sep 2010 20:19:08 +0530
From: Suresh Ramasubramanian <ops.lists@gmail.com>
To: Jon Lewis <jlewis@lewis.org>
Cc: Jeffrey Lyon <jeffrey.lyon@blacklotus.net>, NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Yeah. This is just the way snowshoe spammers operate - GRE or VPN
tunnels back to a master server, and a /24 full of output points with
throwaway hostnames / reverse dns
On Tue, Sep 7, 2010 at 8:05 PM, Jon Lewis <jlewis@lewis.org> wrote:
> I haven't seen that excuse/justification from customers. =C2=A0What I did=
see
> recently that I have to admit was very slick was a customer who claimed t=
hey
> were going to be doing a bunch of remote "terminals" in stores VPN'd into
> their dedi servers and would be streaming video from the servers to the
> clients. =C2=A0This was of course 99% BS. =C2=A0There was VPN involved...=
.they used
> the dedi servers as VPN endpoints for their spam servers that were hosted
> elsewhere. =C2=A0When we shut them down, there was absolutely nothing
> incriminating of spam operations on their servers...and all they had to d=
o
> was sign up for service at another hosting company, setup the VPN server,
> change the IPs their spam servers VPN to, and they're back in business.
> When sales brought me their initial request, I really didn't believe it, =
but
> I didn't have good enough cause to reject it.
--=20
Suresh Ramasubramanian (ops.lists@gmail.com)
