[13110] in North American Network Operators' Group
Re: IP spoofing and spamming
daemon@ATHENA.MIT.EDU (Stephen Dolloff)
Tue Oct 28 22:31:01 1997
Date: Tue, 28 Oct 1997 21:17:49 -0600 (CST)
From: Stephen Dolloff <vardalak@mc.net>
To: Hank Nussbacher <hank@ibm.net.il>
cc: nanog@merit.edu
In-Reply-To: <2.2.32.19971029011121.006ce100@max.ibm.net.il>
Terminate his feed. End of story.
Stephen Dolloff
(sysadmin@mc.net)
On Wed, 29 Oct 1997, Hank Nussbacher wrote:
> Please no religionics. Part of the below is true - part is what will happen
> in the near future:
>
> I have a spammer I am trying to block. He is multihomed to me and ISP X.
> He has address a.b.c.d from me and address a.b.c.e from ISP X. Users
> started seeing spams from a.b.c.e and complained to ISP X. He shut off SMTP
> to the customer but the spamming continued. Turns out the user defaults out
> to me no matter what, so his address was a.b.c.e when coming out of me. For
> me that is a spoofed address. I then go to block his spoofed address. User
> then says, it is a valid address and I have no business blocking his IP
> addresses, whether he has them from me or ISP X. I then say I'll block SMTP
> and the user says, "show me one letter from a user on the Internet
> complaining to you that I am spamming". Since his dns is located elsewhere
> and since the IP addresses are not mine, the users aren't complaining to me
> - but to ISP X and perhaps ISP Y (providing him secondary DNS service). All
> the ISP X & Y attempts to shut out the spam aren't affective due to the
> multihoming.
>
> What do we do in these cases?
>
> Thanks,
> Hank
>
>
