Is malicious asymmetrical routing still a thing?
Grant Taylor
gtaylor at tnetconsulting.net
Fri Mar 10 00:05:00 UTC 2023
On 3/9/23 2:19 PM, Christopher Munz-Michielin wrote:
> Not this exact scenario, but what we see a lot of in my VPS company is
> people sending spam by using our VPS' source addresses, but routing
> outbound via some kind of tunnel to a VPN provider or similar in order
> to bypass our port 25 blocks.
I'd be curious what VPN providers they are using so that I could start
blocking them. That seems like another player in the criminal support
ecosystem.
> We've had to start blocking source port 25 to catch the replies from the
> recipient mail servers in order to prevent this kind of abuse.
Interesting.
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4017 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20230309/b62aa938/attachment.bin>
More information about the NANOG
mailing list