IP spoofing and spamming
J.D. Falk
jdfalk at priori.net
Wed Oct 29 01:30:14 UTC 1997
On Oct 29, Hank Nussbacher <hank at ibm.net.il> wrote:
> I have a spammer I am trying to block. He is multihomed to me and ISP X.
> He has address a.b.c.d from me and address a.b.c.e from ISP X. Users
> started seeing spams from a.b.c.e and complained to ISP X. He shut off SMTP
> to the customer but the spamming continued. Turns out the user defaults out
> to me no matter what, so his address was a.b.c.e when coming out of me. For
> me that is a spoofed address. I then go to block his spoofed address. User
> then says, it is a valid address and I have no business blocking his IP
> addresses, whether he has them from me or ISP X. I then say I'll block SMTP
> and the user says, "show me one letter from a user on the Internet
> complaining to you that I am spamming". Since his dns is located elsewhere
> and since the IP addresses are not mine, the users aren't complaining to me
> - but to ISP X and perhaps ISP Y (providing him secondary DNS service). All
> the ISP X & Y attempts to shut out the spam aren't affective due to the
> multihoming.
Are you under any contractural obligation to transit that IP
address? The user in question seems to think you are, but you
should check that as well; most contracts that I've seen do
not mention multihoming specificially, and this could be the
perfect loophole for you to use while you give him the 30 days
notice or whatever it takes to disconnect him completely.
*********************************************************
J.D. Falk voice: +1-650-482-2840
Supervisor, Network Operations fax: +1-650-482-2844
PRIORI NETWORKS, INC. http://www.priori.net
"The People You Know. The People You Trust."
*********************************************************
More information about the NANOG
mailing list