IPv4 squatters on the move again?

Suresh Ramasubramanian ops.lists at gmail.com
Tue Sep 7 14:49:08 UTC 2010

Yeah.  This is just the way snowshoe spammers operate - GRE or VPN
tunnels back to a master server, and a /24 full of output points with
throwaway hostnames / reverse dns

On Tue, Sep 7, 2010 at 8:05 PM, Jon Lewis <jlewis at lewis.org> wrote:
> I haven't seen that excuse/justification from customers.  What I did see
> recently that I have to admit was very slick was a customer who claimed they
> were going to be doing a bunch of remote "terminals" in stores VPN'd into
> their dedi servers and would be streaming video from the servers to the
> clients.  This was of course 99% BS.  There was VPN involved....they used
> the dedi servers as VPN endpoints for their spam servers that were hosted
> elsewhere.  When we shut them down, there was absolutely nothing
> incriminating of spam operations on their servers...and all they had to do
> was sign up for service at another hosting company, setup the VPN server,
> change the IPs their spam servers VPN to, and they're back in business.
> When sales brought me their initial request, I really didn't believe it, but
> I didn't have good enough cause to reject it.

Suresh Ramasubramanian (ops.lists at gmail.com)

More information about the NANOG mailing list