IP spoofing and spamming

Stephen Dolloff vardalak at mc.net
Wed Oct 29 03:17:49 UTC 1997

Terminate his feed.  End of story.

Stephen Dolloff
(sysadmin at mc.net)

On Wed, 29 Oct 1997, Hank Nussbacher wrote:

> Please no religionics.  Part of the below is true - part is what will happen
> in the near future:
> I have a spammer I am trying to block.  He is multihomed to me and ISP X.
> He has address a.b.c.d from me and address a.b.c.e from ISP X.  Users
> started seeing spams from a.b.c.e and complained to ISP X.  He shut off SMTP
> to the customer but the spamming continued.  Turns out the user defaults out
> to me no matter what, so his address was a.b.c.e when coming out of me.  For
> me that is a spoofed address.  I then go to block his spoofed address.  User
> then says, it is a valid address and I have no business blocking his IP
> addresses, whether he has them from me or ISP X.  I then say I'll block SMTP
> and the user says, "show me one letter from a user on the Internet
> complaining to you that I am spamming".  Since his dns is located elsewhere
> and since the IP addresses are not mine, the users aren't complaining to me
> - but to ISP X and perhaps ISP Y (providing him secondary DNS service).  All
> the ISP X & Y attempts to shut out the spam aren't affective due to the
> multihoming.
> What do we do in these cases?
> Thanks,
> Hank

More information about the NANOG mailing list