nanog mailing list archives
Re: Is malicious asymmetrical routing still a thing?
From: Grant Taylor via NANOG <nanog () nanog org>
Date: Thu, 9 Mar 2023 17:05:00 -0700
On 3/9/23 2:19 PM, Christopher Munz-Michielin wrote:
Not this exact scenario, but what we see a lot of in my VPS company is people sending spam by using our VPS' source addresses, but routing outbound via some kind of tunnel to a VPN provider or similar in order to bypass our port 25 blocks.
I'd be curious what VPN providers they are using so that I could start blocking them. That seems like another player in the criminal support ecosystem.
We've had to start blocking source port 25 to catch the replies from the recipient mail servers in order to prevent this kind of abuse.
Interesting. -- Grant. . . . unix || die
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Is malicious asymmetrical routing still a thing? John Levine (Mar 09)
- Re: Is malicious asymmetrical routing still a thing? Aaron1 (Mar 09)
- Re: Is malicious asymmetrical routing still a thing? William Herrin (Mar 09)
- Re: Is malicious asymmetrical routing still a thing? Jon Lewis (Mar 09)
- Re: Is malicious asymmetrical routing still a thing? Grant Taylor via NANOG (Mar 09)
- Re: Is malicious asymmetrical routing still a thing? Mark Tinka (Mar 12)
- Re: Is malicious asymmetrical routing still a thing? William Herrin (Mar 09)
- Re: Is malicious asymmetrical routing still a thing? Christopher Munz-Michielin (Mar 09)
- Re: Is malicious asymmetrical routing still a thing? Christopher Morrow (Mar 09)
- Re: Is malicious asymmetrical routing still a thing? Grant Taylor via NANOG (Mar 09)
- Re: Is malicious asymmetrical routing still a thing? William Herrin (Mar 09)
- Re: Is malicious asymmetrical routing still a thing? William Herrin (Mar 09)
- Re: Is malicious asymmetrical routing still a thing? Aaron1 (Mar 09)