I got a live one! - Spam source
Truman Boyes
truman at suspicious.org
Wed Nov 25 11:47:38 UTC 2009
Interesting scenario ... but would be far more interesting to us if you share the /24?
Truman
On 25/11/2009, at 3:07 PM, Russell Myba wrote:
>>
>>
>> I'm confused. Who are you billing and for what services?
>>
>>
> Let's say our direct customer is CustomerA. They seem to buy rackspace from
> BusinessB. CustomerA seem to retain BusinessC for "IT Solutions" even
> though all three entities purport to be IT solutions providers.
> BusinessC came into the picture after the spamming started saying a wholly
> different /24 (Different from the spam source) "doesn't work". It routes
> fine on our end. I have a feeling they've been added to some RBLs but I
> haven't found them listed yet.
>
> Just a simple ethernet handoff in a colo. We delegated rDNS to the servers
> of their choice and haven't heard a peep out of them until now.
>
>
>
>> Spamhaus is the first one that comes to mind. From what I understand of
>> your description, this doesn't sound all that different from typical spammer
>> behavior. Multiple layers of indirection seems to be the latest thing for
>> spammers.
>>
>> ----------------------------------------------------------------------
>> Jon Lewis | I route
>> Senior Network Engineer | therefore you are
>> Atlantic Net |
>> _________ http://www.lewis.org/~jlewis/pgp<http://www.lewis.org/%7Ejlewis/pgp>for PGP public key_________
>>
>
More information about the NANOG
mailing list