Re: Is malicious asymmetrical routing still a thing?

[Christopher Munz-Michielin <christopher () ve7alb ca>]

Not this exact scenario, but what we see a lot of in my VPS company is 
people sending spam by using our VPS' source addresses, but routing 
outbound via some kind of tunnel to a VPN provider or similar in order 
to bypass our port 25 blocks.

We've had to start blocking source port 25 to catch the replies from the 
recipient mail servers in order to prevent this kind of abuse.

Chris

On 2023-03-09 12:02, John Levine wrote:
> Back in the olden days, a spammer would set up a server with a fast
> broadband connection and a dialup connection, and send out lots of
> spam over the broadband connection using the dialup's IP address.  Since
> mail traffic is quite asymmetric, this got them most of the broadband
> speed, and when the dialup provider cancelled their service, they could
> just dial into someone else.  Or maybe work through that giant pile of
> AOL CD-ROMs we all had.  The broadband provider often wouldn't notice
> since it wasn't their IP and they didn't get the complaints.
>
> Is this still a thing? Broadband providers fixed this by some
> combination of filtering port 25 traffic both ways, and BCP38 so you
> can only send packets with your own address. Do providers do both of
> these? More of one than the other? TIA.
>
> R's,
> John