Providers removing blocks on port 135?

• Previous message (by thread): Providers removing blocks on port 135?
• Next message (by thread): Providers removing blocks on port 135?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Yes, this is all too familiar.  Luckily it was not so acute for us.  The 
porn company in question was using legit credit cards and we knew where 
they were located.  We too got to the point where I had to contemplate 
blocking dialups with no ANI as I had already blocked all access from their 
phone numbers.  However, once they started doing that I called up their 
office yelling and screaming law suits and I guess they figured there were 
other ISPs that didnt care as much and moved on to them.

         ---Mike

At 10:39 PM 20/09/2003, jlewis at lewis.org wrote:
>At one time, signing up for "throwaway dial-up accounts" was a common
>spammer MO.  We got hit a couple times, and they were like a plague of
>vermin [the spammers].  They'd sign up giving us bogus contact info and a
>freshly stolen (active) credit card.  When the account was activated,
>they'd dial in using half a dozen or so lines and pump out as much spam
>(direct-to-MX) as they could.  The really annoying bit is, we'd terminate
>them, they'd call right back, and sign up again, giving different bogus
>info and card numbers.  We'd block them by ANI, and they'd block caller-ID
>when calling us.  I ended up being forced to block access to some of our
>dial-up numbers both by ANI, and if there was no ANI, and then had to
>setup exceptions for a few customers in those areas who we never got ANI
>for.  When I tried getting police in their areacode to investigate, they
>had no interest/were too busy...even though I could give them phone
>numbers the accounts were used from and stolen credit cards.
>
>To put a little operational spin in here...how many of you run dial-up
>networks where you refuse logins unless you get ANI?...and if you do this,
>do you also maintain an ANI blacklist?
>
>Anyway...they moved on to proxy abuse, then outright theft by creating
>their own proxies on compromised MS Windows boxes.  Both methods have the
>advantage of totally hiding the spammer from the recipients and bandwidth
>amplification.  I imagine you could utilize multiple spam proxies on
>broadband connections pumping out your spam while connected via dial-up
>yourself.
>
>If you look at the numbers at http://njabl.org/stats, about 5% of the
>hosts that have ever been checked are currently open relays (or nobody's
>bothered to remove them).  IIRC, at one point, this was nearly 20%.
>13.6% are open proxies...and the disparity is definitely still growing,
>with about 10x as many open proxies as relays being detected daily.
>Unfortunately, the new breed of purpose-built spam proxies are generally
>not remotely detectable, so the proxy percentage would be even higher if
>it included the newer spam proxies.
>
>----------------------------------------------------------------------
>  Jon Lewis *jlewis at lewis.org*|  I route
>  Senior Network Engineer     |  therefore you are
>  Atlantic Net                |
>_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

• Previous message (by thread): Providers removing blocks on port 135?
• Next message (by thread): Providers removing blocks on port 135?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]