Is malicious asymmetrical routing still a thing?
christopher at ve7alb.ca
Thu Mar 9 21:19:20 UTC 2023
Not this exact scenario, but what we see a lot of in my VPS company is
people sending spam by using our VPS' source addresses, but routing
outbound via some kind of tunnel to a VPN provider or similar in order
to bypass our port 25 blocks.
We've had to start blocking source port 25 to catch the replies from the
recipient mail servers in order to prevent this kind of abuse.
On 2023-03-09 12:02, John Levine wrote:
> Back in the olden days, a spammer would set up a server with a fast
> broadband connection and a dialup connection, and send out lots of
> spam over the broadband connection using the dialup's IP address. Since
> mail traffic is quite asymmetric, this got them most of the broadband
> speed, and when the dialup provider cancelled their service, they could
> just dial into someone else. Or maybe work through that giant pile of
> AOL CD-ROMs we all had. The broadband provider often wouldn't notice
> since it wasn't their IP and they didn't get the complaints.
> Is this still a thing? Broadband providers fixed this by some
> combination of filtering port 25 traffic both ways, and BCP38 so you
> can only send packets with your own address. Do providers do both of
> these? More of one than the other? TIA.
More information about the NANOG