McColo and SPAM
rcorbin at TRAFFIQ.com
Fri Dec 5 15:30:38 CST 2008
I thought it was mostly control servers....I doubt any 'botnet master'
would hardcode an IP address of a server without some sort of backup
using some domains that they can always change the DNS on. They update
that and the bots will then start connecting to the new 'control
servers' and thus spam would come from them. Also did the spam really
'stop' or were they just not able to now get updates from their control
servers...those infected I imagine are still sending the spam....
From: Mike Walter [mailto:mwalter at 3z.net]
Sent: Friday, December 05, 2008 4:03 PM
To: Revolver Onslaught; nanog
Subject: RE: McColo and SPAM
We have not seen any decrease. In the last 24 hours we have seen 3.5
million messages blocked.
From: Revolver Onslaught [mailto:revolver.onslaught at gmail.com]
Sent: Friday, December 05, 2008 2:14 PM
Subject: McColo and SPAM
Since McColo closed, we noticed the spam was far more intensive than
However, it seems the amount of spam is similar than than before.
Do you feel the same ?
More information about the NANOG