nanog mailing list archives
Re: IP spoofing and spamming
From: Dale Drew <ddrew () mci net>
Date: Tue, 28 Oct 1997 22:41:33 -0500
What does your contract say you can do? First and foremost contact your legal department to ensure that you can cut service within the parameters of the contract, or your company can defend itself for terminating the contract without cause. Contact ISP X and ask for any complaints surrounding the customer in question. Explain the situation to them, they should be cooperative. If not, have your legal folks nag them. What does your Acceptable Use Policy state in the area of spamming, forged addresses, etc? If nothing, MODIFY IT NOW. Once you have a copy of some complaints (either directly or from ISP X), that should be enough to take direct action. Dale "Si Hoc Legere Scis Nimium Eruditionis Habes" ================================================================ Dale Drew MCI Telecommunications Sr. Manager internetMCI Security Engineering Voice: 703/715-7058 Internet: ddrew () mci net Fax: 703/715-7066 MCIMAIL: Dale_Drew/644-3335 At 09:17 PM 10/28/97 -0600, Stephen Dolloff wrote:
Terminate his feed. End of story. Stephen Dolloff (sysadmin () mc net) On Wed, 29 Oct 1997, Hank Nussbacher wrote:Please no religionics. Part of the below is true - part is what will
happen
in the near future: I have a spammer I am trying to block. He is multihomed to me and ISP X. He has address a.b.c.d from me and address a.b.c.e from ISP X. Users started seeing spams from a.b.c.e and complained to ISP X. He shut off
SMTP
to the customer but the spamming continued. Turns out the user defaults
out
to me no matter what, so his address was a.b.c.e when coming out of me.
For
me that is a spoofed address. I then go to block his spoofed address.
User
then says, it is a valid address and I have no business blocking his IP addresses, whether he has them from me or ISP X. I then say I'll block
SMTP
and the user says, "show me one letter from a user on the Internet complaining to you that I am spamming". Since his dns is located elsewhere and since the IP addresses are not mine, the users aren't complaining to me - but to ISP X and perhaps ISP Y (providing him secondary DNS service).
All
the ISP X & Y attempts to shut out the spam aren't affective due to the multihoming. What do we do in these cases? Thanks, Hank
Current thread:
- IP spoofing and spamming Hank Nussbacher (Oct 28)
- Re: IP spoofing and spamming Karl Denninger (Oct 28)
- Re: IP spoofing and spamming J.D. Falk (Oct 28)
- Re: IP spoofing and spamming Dalvenjah FoxFire (Oct 28)
- Re: IP spoofing and spamming Stephen Dolloff (Oct 28)
- Re: IP spoofing and spamming Dale Drew (Oct 28)
- Re: IP spoofing and spamming Jon Lewis (Oct 28)
- <Possible follow-ups>
- Re: IP spoofing and spamming Hank Nussbacher (Oct 28)
- Re: IP spoofing and spamming Karl Denninger (Oct 28)
- Re: IP spoofing and spamming Steve Mansfield (Oct 28)
- Re: IP spoofing and spamming Alan Hannan (Oct 29)
- Re: IP spoofing and spamming Jeremy Porter (Oct 29)
- Re: IP spoofing and spamming Hank Nussbacher (Oct 28)
- Re: IP spoofing and spamming Sean Donelan (Oct 29)