nanog mailing list archives

Re: I got a live one! - Spam source

From: Suresh Ramasubramanian <ops.lists () gmail com>
Date: Wed, 25 Nov 2009 11:15:20 +0530

On Wed, Nov 25, 2009 at 8:52 AM, Russell Myba <rusmyba () gmail com> wrote:

Looks like of our customers has decided to turn their /24 into a nice little
space spewing machine.  Doesn't seem like just one compromised host.

Reverse DNS for most of the /24 are suspicious domains.  Each domain used in
the message-id forwards to a single .net which lists their mailing address
as a PO box an single link to an unsubscribe field.


Sounds like what spamhaus.org calls snowshoe. What /24 would this be?

Current thread:

Re: I got a live one! - Spam source, (continued)
- Re: I got a live one! - Spam source Paul Ferguson (Nov 24)
- Re: I got a live one! - Spam source Jon Lewis (Nov 24)
  - Re: I got a live one! - Spam source Russell Myba (Nov 24)
    - Re: I got a live one! - Spam source Michael Peddemors (Nov 24)
    - Re: I got a live one! - Spam source Paul Ferguson (Nov 24)
    - Re: I got a live one! - Spam source Russell Myba (Nov 25)
    - Re: I got a live one! - Spam source Justin Shore (Nov 24)
    - Re: I got a live one! - Spam source Truman Boyes (Nov 25)
- Re: I got a live one! - Spam source Gadi Evron (Nov 24)
  - Re: I got a live one! - Spam source Eric Brunner-Williams (Nov 25)
- Re: I got a live one! - Spam source Suresh Ramasubramanian (Nov 24)
- Re: I got a live one! - Spam source Rich Kulawiec (Nov 25)
  - Re: I got a live one! - Spam source Jon Lewis (Nov 25)
- Re: I got a live one! - Spam source Steve Linford (Nov 26)
- Re: I got a live one! - Spam source Michael Peddemors (Nov 25)
  - Re: I got a live one! - Spam source John Peach (Nov 25)
  - Re: I got a live one! - Spam source Suresh Ramasubramanian (Nov 25)
    - Re: I got a live one! - Spam source John Peach (Nov 25)
  - Re: I got a live one! - Spam source Rich Kulawiec (Nov 26)
    - Re: I got a live one! - Spam source Michael Peddemors (Nov 26)