nanog mailing list archives
Re: Providers removing blocks on port 135?
From: jlewis () lewis org
Date: Sat, 20 Sep 2003 22:39:47 -0400 (EDT)
On Sat, 20 Sep 2003, Justin Shore wrote:
This veers off the original topic. Of course I don't think any of us recall what that was anyways... I remember back when I first started using the DUL. Of all the DNSBLs I used at the time it blocked the most spam of any of them. I mean that by long shot. About the time the DUL and other MAPS lists went commericial is about the same time I noticed fewer and fewer hits on the DUL. We still pay for an AXFR (IXFR) of it but it doesn't block nearly as much as it used to.
At one time, signing up for "throwaway dial-up accounts" was a common spammer MO. We got hit a couple times, and they were like a plague of vermin [the spammers]. They'd sign up giving us bogus contact info and a freshly stolen (active) credit card. When the account was activated, they'd dial in using half a dozen or so lines and pump out as much spam (direct-to-MX) as they could. The really annoying bit is, we'd terminate them, they'd call right back, and sign up again, giving different bogus info and card numbers. We'd block them by ANI, and they'd block caller-ID when calling us. I ended up being forced to block access to some of our dial-up numbers both by ANI, and if there was no ANI, and then had to setup exceptions for a few customers in those areas who we never got ANI for. When I tried getting police in their areacode to investigate, they had no interest/were too busy...even though I could give them phone numbers the accounts were used from and stolen credit cards. To put a little operational spin in here...how many of you run dial-up networks where you refuse logins unless you get ANI?...and if you do this, do you also maintain an ANI blacklist? Anyway...they moved on to proxy abuse, then outright theft by creating their own proxies on compromised MS Windows boxes. Both methods have the advantage of totally hiding the spammer from the recipients and bandwidth amplification. I imagine you could utilize multiple spam proxies on broadband connections pumping out your spam while connected via dial-up yourself. If you look at the numbers at http://njabl.org/stats, about 5% of the hosts that have ever been checked are currently open relays (or nobody's bothered to remove them). IIRC, at one point, this was nearly 20%. 13.6% are open proxies...and the disparity is definitely still growing, with about 10x as many open proxies as relays being detected daily. Unfortunately, the new breed of purpose-built spam proxies are generally not remotely detectable, so the proxy percentage would be even higher if it included the newer spam proxies. ---------------------------------------------------------------------- Jon Lewis *jlewis () lewis org*| I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
Current thread:
- Re: Providers removing blocks on port 135?, (continued)
- Re: Providers removing blocks on port 135? Richard Cox (Sep 20)
- Re: Providers removing blocks on port 135? Margie (Sep 20)
- Re: Providers removing blocks on port 135? Andy Walden (Sep 20)
- Re: Providers removing blocks on port 135? Margie (Sep 20)
- Re: Providers removing blocks on port 135? Jack Bates (Sep 22)
- Re: Providers removing blocks on port 135? Sean Donelan (Sep 20)
- Re: Providers removing blocks on port 135? Justin Shore (Sep 20)
- Any actual data to back up blocking Netbios ports? Sean Donelan (Sep 20)
- Re: Providers removing blocks on port 135? John Kristoff (Sep 21)
- Re: Providers removing blocks on port 135? Justin Shore (Sep 20)
- Re: Providers removing blocks on port 135? jlewis (Sep 20)
- Message not available
- Re: Providers removing blocks on port 135? Mike Tancsa (Sep 21)
- Re: Providers removing blocks on port 135? Justin Shore (Sep 21)
- Message not available
- Re: Providers removing blocks on port 135? Mike Tancsa (Sep 23)
- Re: Providers removing blocks on port 135? Jack Bates (Sep 23)
- Re: Providers removing blocks on port 135? Mike Tancsa (Sep 23)
- Re: Providers removing blocks on port 135? Jack Bates (Sep 23)
- Re: Providers removing blocks on port 135? Mike Tancsa (Sep 23)
- Re: Providers removing blocks on port 135? Justin Shore (Sep 23)
- Re: Providers removing blocks on port 135? Owen DeLong (Sep 21)
- Re: Providers removing blocks on port 135? Iljitsch van Beijnum (Sep 21)