[70897] in North American Network Operators' Group
Re: Tracking the bad guys
daemon@ATHENA.MIT.EDU (Petri Helenius)
Mon May 31 10:26:02 2004
Date: Mon, 31 May 2004 17:25:14 +0300
From: Petri Helenius <pete@he.iki.fi>
To: Mike Tancsa <mike@sentex.net>
Cc: Sean Donelan <sean@donelan.com>, nanog@merit.edu
In-Reply-To: <6.0.3.0.0.20040531095805.049d1e28@64.7.153.2>
Errors-To: owner-nanog-outgoing@merit.edu
Mike Tancsa wrote:
>
> On a number of occasions, I watched in real time as a spammer nailed
> up a connection to one of our infected users and started spamming out
> via them. I reported the info complete with tcpdumps of the entire
> session to the large colo provider in the US with no response /
> results. Yes, it could just be yet another compromised computer, but
> somehow I doubt it was. The rwhois info did look rather suspicious
> (PO box, phone # bogus, email contact bounced) and no public services
> what so ever on the /28 allocated to the group of servers. This was
> back in the deep dark days of 2000-2001 when times were tough for many
> such hosting companies and the temptation no doubt great to make a
> quick buck.
There are quite a few hosting providers who specialize offering
platforms for spammers and charge double or triple the going rate for
hosting. As with other marginal products, if there is a market, there
will be a seller at the right price.
And as stated previously, until the "big guys" start cutting these
operations off their backbones instead of taking their money, hardly any
real progress will happen.
Pete
