nanog mailing list archives
RE: Wired mag article on spammers playing traceroute games with trojaned boxes
From: "McBurnett, Jim" <jmcburnett () msmgmt com>
Date: Thu, 9 Oct 2003 12:01:35 -0400
-> ->I found one of these today, as a matter of fact. The spam was ->advertising an anti-spam package, of course. -> ->The domain name is vano-soft.biz, and looking up the address, I get -> ->Name: vano-soft.biz ->Addresses: 12.252.185.129, 131.220.108.232, 165.166.182.168, ->193.165.6.97 -> 12.229.122.9 -> ->A few minutes later, or from a different nameserver, I get -> ->Name: vano-soft.biz ->Addresses: 131.220.108.232, 165.166.182.168, 193.165.6.97, ->12.229.122.9 -> 12.252.185.129 -> ->This is a real Hydra. If everyone on the list looked up ->vano-soft.biz ->and removed the trojaned boxes, would we be able to kill it? -> ->--Chris I got : Canonical name: vano-soft.biz Addresses: 165.166.182.168 193.92.62.42 200.80.137.157 12.229.122.9 12.252.185.129 I think even if we get all the ones for this domain name today, assuming we can muster even man hours to get it today, another 5000 will be added tomarrow. And looking at my list We have US(a very small ISP and a large ISP) RIPE, and LACNIC. I wonder if the better question should be: Can Broadband ISP's require a Linksys, dlink or other broadband router without too many problems? That is what it will take to slow this down, and then only if ALL of ISP's do it. This not only affects this instance but global security as a whole. Just a few days ago, Cisco was taken offline by a large # of Zombies, I am willing to say that those are potentially some of the same compromised systems. Thoughts? Jim
Current thread:
- Re: Wired mag article on spammers playing traceroute games with trojaned boxes, (continued)
- Re: Wired mag article on spammers playing traceroute games with trojaned boxes Suresh Ramasubramanian (Oct 09)
- Re: Wired mag article on spammers playing traceroute games with trojaned boxes Andy Ellifson (Oct 09)
- Re: Wired mag article on spammers playing traceroute games with trojaned boxes Suresh Ramasubramanian (Oct 09)
- Re: Wired mag article on spammers playing traceroute games with trojaned boxes Michael Airhart (Oct 09)
- Re: Wired mag article on spammers playing traceroute games with trojaned boxes Niels Bakker (Oct 10)
- Re: Wired mag article on spammers playing traceroute games with trojaned boxes Andy Ellifson (Oct 09)
- RE: Wired mag article on spammers playing traceroute games with trojaned boxes Geo. (Oct 09)
- RE: Wired mag article on spammers playing traceroute games with trojaned boxes David Keith (Oct 09)
- Re: Wired mag article on spammers playing traceroute games with trojaned boxes Kee Hinckley (Oct 09)
- RE: Wired mag article on spammers playing traceroute games with trojaned boxes McBurnett, Jim (Oct 09)
- RE: Wired mag article on spammers playing traceroute games with trojaned boxes Vinny Abello (Oct 09)
- Re: Wired mag article on spammers playing traceroute games with trojaned boxes Joe Boyce (Oct 09)
- Re: Wired mag article on spammers playing traceroute games with trojaned boxes Vinny Abello (Oct 09)
- Re: Wired mag article on spammers playing traceroute games with trojaned boxes jlewis (Oct 09)
- Re: Wired mag article on spammers playing traceroute games with trojaned boxes John Capo (Oct 09)
- RE: Wired mag article on spammers playing traceroute games with trojaned boxes Vinny Abello (Oct 09)
- Re: Wired mag article on spammers playing traceroute games with trojaned boxes Jeremy T. Bouse (Oct 09)
- Re: Wired mag article on spammers playing traceroute games with trojaned boxes Jack Bates (Oct 09)
- Re: Wired mag article on spammers playing traceroute games with trojaned boxes Joe Abley (Oct 09)
- Re: Wired mag article on spammers playing traceroute games with trojaned boxes Vinny Abello (Oct 09)