nanog mailing list archives
Re: Weird distributed spam attack
From: Joe St Sauver <JOE () OREGON UOREGON EDU>
Date: Wed, 20 Nov 2002 09:40:50 -0800 (PST)
Hi, #Here is the kicker. I check where these are coming from, they #are from all over the place. I check for IP address spoofing... #not happening. No IP options or TCP options. # #This came from like about 300 different networks, and yes #I don't accept source routing (IP Options). In addition to thousands of open relays, which are bad enough in their own right, there are also thousands of open proxy servers which a growing number of spammers have been using to launch spam runs lately. I suspect that's what you're seeing. You can see some of the open proxy servers that we've seen traffic from at http://darkwing.uoregon.edu/~joe/open-proxies-used-to-send-spam.html If you aren't blocking traffic from open proxy servers via a dns blacklist, I predict that you will definitely see increasingly aggressive spam attacks coming in from diverse locations (although the more you look at the problem, the easier it becomes to identify the handful of carriers who are open proxy-tolerant). [I will also say that it would really be great if mail-abuse.org would add an open proxy listing project to complement their RSS, DUL, and other initiatives.] Regards, Joe
Current thread:
- Weird distributed spam attack dru-nanog (Nov 19)
- Re: Weird distributed spam attack Mike Lewinski (Nov 20)
- Re: Weird distributed spam attack chuck goolsbee (Nov 20)
- RE: Weird distributed spam attack Jacob M Wilkens (Nov 20)
- Re: Weird distributed spam attack Bryan Bradsby (Nov 20)
- Re: Weird distributed spam attack sjj (Nov 22)
- Re: Weird distributed spam attack chuck goolsbee (Nov 20)
- <Possible follow-ups>
- Re: Weird distributed spam attack Joe St Sauver (Nov 20)
- Re: Weird distributed spam attack Margie Arbon (Nov 20)
- Re: Weird distributed spam attack Kai Schlichting (Nov 20)
- Re: Weird distributed spam attack Chip Rosenthal (Nov 22)
- Re: Weird distributed spam attack Mike Lewinski (Nov 20)