McColo and SPAM

Raymond Corbin rcorbin at TRAFFIQ.com
Fri Dec 5 15:30:38 CST 2008


I thought it was mostly control servers....I doubt any 'botnet master'
would hardcode an IP address of a server without some sort of backup
using some domains that they can always change the DNS on. They update
that and the bots will then start connecting to the new 'control
servers' and thus spam would come from them. Also did the spam really
'stop' or were they just not able to now get updates from their control
servers...those infected I imagine are still sending the spam....

-r

-----Original Message-----
From: Mike Walter [mailto:mwalter at 3z.net] 
Sent: Friday, December 05, 2008 4:03 PM
To: Revolver Onslaught; nanog
Subject: RE: McColo and SPAM

We have not seen any decrease.  In the last 24 hours we have seen 3.5
million messages blocked.

-Mike

-----Original Message-----
From: Revolver Onslaught [mailto:revolver.onslaught at gmail.com] 
Sent: Friday, December 05, 2008 2:14 PM
To: nanog
Subject: McColo and SPAM

Hello,

Since McColo closed, we noticed the spam was far more intensive than
before.

However, it seems the amount of spam is similar than than before.

Do you feel the same ?

Many thanks,
RO






More information about the NANOG mailing list