Wired mag article on spammers playing traceroute games with trojaned boxes
Suresh Ramasubramanian
suresh at outblaze.com
Thu Oct 9 16:18:08 UTC 2003
Chris Boyd writes on 10/9/2003 9:21 PM:
> A few minutes later, or from a different nameserver, I get
>
> Name: vano-soft.biz
> Addresses: 131.220.108.232, 165.166.182.168, 193.165.6.97, 12.229.122.9
> 12.252.185.129
>
> This is a real Hydra. If everyone on the list looked up vano-soft.biz
> and removed the trojaned boxes, would we be able to kill it?
Nope - the guy would get more trojaned boxes, no shortage of unpatched
windows machines on broadband.
There are two ways to go here -
* Nullroute or bogus out in your resolvers the DNS servers for this
domain --> two problems here. One is that the spammer doesn't use
vano-soft.biz in the smtp envelope, and second, he abuses open
redirectors like yahoo's srd.yahoo.com
* "Follow the money" - find out the spammer / the guy who he spams for,
from payment information etc. Sic law enforcement on them.
srs
--
srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9
manager, outblaze.com security and antispam operations
More information about the NANOG
mailing list