Is malicious asymmetrical routing still a thing?

Grant Taylor gtaylor at tnetconsulting.net
Fri Mar 10 00:05:00 UTC 2023


On 3/9/23 2:19 PM, Christopher Munz-Michielin wrote:
> Not this exact scenario, but what we see a lot of in my VPS company is 
> people sending spam by using our VPS' source addresses, but routing 
> outbound via some kind of tunnel to a VPN provider or similar in order 
> to bypass our port 25 blocks.

I'd be curious what VPN providers they are using so that I could start 
blocking them.  That seems like another player in the criminal support 
ecosystem.

> We've had to start blocking source port 25 to catch the replies from the 
> recipient mail servers in order to prevent this kind of abuse.

Interesting.



-- 
Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4017 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20230309/b62aa938/attachment.bin>


More information about the NANOG mailing list