IPv4 squatters on the move again?
ops.lists at gmail.com
Tue Sep 7 14:49:08 UTC 2010
Yeah. This is just the way snowshoe spammers operate - GRE or VPN
tunnels back to a master server, and a /24 full of output points with
throwaway hostnames / reverse dns
On Tue, Sep 7, 2010 at 8:05 PM, Jon Lewis <jlewis at lewis.org> wrote:
> I haven't seen that excuse/justification from customers. What I did see
> recently that I have to admit was very slick was a customer who claimed they
> were going to be doing a bunch of remote "terminals" in stores VPN'd into
> their dedi servers and would be streaming video from the servers to the
> clients. This was of course 99% BS. There was VPN involved....they used
> the dedi servers as VPN endpoints for their spam servers that were hosted
> elsewhere. When we shut them down, there was absolutely nothing
> incriminating of spam operations on their servers...and all they had to do
> was sign up for service at another hosting company, setup the VPN server,
> change the IPs their spam servers VPN to, and they're back in business.
> When sales brought me their initial request, I really didn't believe it, but
> I didn't have good enough cause to reject it.
Suresh Ramasubramanian (ops.lists at gmail.com)
More information about the NANOG