nanog mailing list archives

Re: IP spoofing and spamming

From: Dalvenjah FoxFire <dalvenjah () dal net>
Date: Tue, 28 Oct 1997 18:38:09 -0800 (PST)

I'm no lawyer, but i'd do the following:

* Have an AUP that has something akin to the following paragraph:

  If you spam, either through us or through another ISP, then your
  account with us will be terminated with extreme prejudice. You will
  also be charged <some exorbitant sum of money> for our work in
  tracking your spam down and repairing our reputation.

Then, you can talk to the other ISP, explain the situation, request that
they forward 10 or so of the complaints to you, and boot the idiot.

Granted, I don't know how this would work as far as contract law goes,
but it seems to make some amount of sense.

-dalvenjah

Hank Nussbacher put this into my mailbox:

Please no religionics.  Part of the below is true - part is what will happen
in the near future:

I have a spammer I am trying to block.  He is multihomed to me and ISP X.
He has address a.b.c.d from me and address a.b.c.e from ISP X.  Users
started seeing spams from a.b.c.e and complained to ISP X.  He shut off SMTP
to the customer but the spamming continued.  Turns out the user defaults out
to me no matter what, so his address was a.b.c.e when coming out of me.  For
me that is a spoofed address.  I then go to block his spoofed address.  User
then says, it is a valid address and I have no business blocking his IP
addresses, whether he has them from me or ISP X.  I then say I'll block SMTP
and the user says, "show me one letter from a user on the Internet
complaining to you that I am spamming".  Since his dns is located elsewhere
and since the IP addresses are not mine, the users aren't complaining to me
- but to ISP X and perhaps ISP Y (providing him secondary DNS service).  All
the ISP X & Y attempts to shut out the spam aren't affective due to the
multihoming.

What do we do in these cases?




-- 
 Dalvenjah FoxFire (aka Sven Nielsen) "Sir, your wit ambles well;
 Founder, the DALnet IRC Network       it goes easily."
 
 e-mail: dalvenjah () dal net             WWW: http://www.dal.net/~dalvenjah/
 whois: SN90                           Try DALnet! http://www.dal.net/

Current thread:

IP spoofing and spamming Hank Nussbacher (Oct 28)
- Re: IP spoofing and spamming Karl Denninger (Oct 28)
- Re: IP spoofing and spamming J.D. Falk (Oct 28)
- Re: IP spoofing and spamming Dalvenjah FoxFire (Oct 28)
- Re: IP spoofing and spamming Stephen Dolloff (Oct 28)
  - Re: IP spoofing and spamming Dale Drew (Oct 28)
- Re: IP spoofing and spamming Jon Lewis (Oct 28)
- <Possible follow-ups>
- Re: IP spoofing and spamming Hank Nussbacher (Oct 28)
  - Re: IP spoofing and spamming Karl Denninger (Oct 28)
  - Re: IP spoofing and spamming Steve Mansfield (Oct 28)
    - Re: IP spoofing and spamming Alan Hannan (Oct 29)
  - Re: IP spoofing and spamming Jeremy Porter (Oct 29)
- Re: IP spoofing and spamming Hank Nussbacher (Oct 28)
- Re: IP spoofing and spamming Sean Donelan (Oct 29)