Kaiwan.com a SPAM Source?
Chris A. Icide
chris at nap.net
Tue Nov 18 14:13:54 UTC 1997
*WARNING* Configuration of your router with the following file may cause
multiple configuration errors. Do not configure your router with the
following information.
Recently today, Nap.Net's coprorate mail exhanger (does not support
relaying) was e-mail bombed. Upon tracking this down, we found that the
attack was sourcing from kaiwan.com. Our NOC contacted thier contact per
InterNIC database, and asked them about the attack, thinking it might have
been relayed through them or such. However, the nice gentleman on the
phone (read irony into that please) said that that in fact was not the
case. The had a script that when it identifies SPAM, it parses the header,
retrieves the path of the spam, gets the contact info from the InterNIC
database, and then sends multiple emails out to the path of the SPAM for
each one received. An automated Denial of Service attack. How nice.
Kaiwan.com has been completely uncooperative. Nap.Net has a strict AUP,
and has agressively addressed any SPAM complaints addressed against any of
it's downstream customers. However, unfortunately a customer must SPAM at
least once before we can identify such SPAM. Automated scripts like this
are of no help, and in fact possibly cause more harm than help.
Just an FYI, it was either steam here, or add a network statement to my BGP
config that contains more specific routes of kaiwan.com. This seemed a
little less drastic.
Chris A. Icide
----------------------------------------------------------------------
Chris A. Icide Genuity, Inc. / Nap.Net, L.L.C.
Sr. Network Engineer 4041 North Central Ave. Suite 400
602-207-6409 Phoenix, AZ 85012
-
Notice: NVRAM invalid, possibly due to write erase.
Press RETURN to get started!
-
PGP Keys located at pgpkeys.mit.edu or http://nap.net/~chris/keys.html
----------------------------------------------------------------------
More information about the NANOG
mailing list