I got a live one! - Spam source

Rich Kulawiec rsk at gsp.org
Wed Nov 25 11:49:55 UTC 2009

On Tue, Nov 24, 2009 at 10:22:36PM -0500, Russell Myba wrote:
> Looks like of our customers has decided to turn their /24 into a nice little
> space spewing machine.  Doesn't seem like just one compromised host.

1. This is possibly/probably better on spam-l.
2. This is a very common operational model.   Any number of spamgangs
have been busy doing this with multiple /24's scattered over numerous
providers in order to distribute the workload and minimize the impact
of any takedown.
3. There is no point in reporting this to any law enforcment agency
anywhere in the world *unless* child pornography is involved.  Any
action they take will be slow, inept, and ineffective.  The best that
you can probably do is (a) shut down them instantly and permanently
and (b) publish all relevant details -- name names --  on spam-l so
that workers and researchers can use the information.


More information about the NANOG mailing list