* [EMAIL PROTECTED] (Andy Ellifson) [Fri 10 Oct 2003, 01:04 CEST]:
And as soon as you call law enforcement what happends? The spammer is
located offshore. Then what?
This hasn't stopped the FTC before. Recently it named a Dutch
national in a complaint:
I mentioned before that it doesn't really make much sense with web
hosting because the port can easily be changed so it's not very effective
at all.
Stop thinking of policing the user and start
thinking of providing a security service. The
default setting of the security service might
With all due respect, we have a *problem*. End user machines on
broadband connections are being misconfigured and/or compromised in
frightening numbers. These machines are being used for everything
from IRC flooder to spam engines, to DNS servers to massive DDoS
infrastructure. If the
[EMAIL PROTECTED] writes on 10/10/2003 4:39 PM:
Why don't you come to the next NANOG in Miami
in February and give a presentation on how people
are doing these things? The trouble with a mailing
list discussion is that it wanders all over the place.
But at NANOG you could focus on the network
http://www.wired.com/news/business/0,1367,60747,00.html
--
srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9
manager, outblaze.com security and antispam operations
On Thursday, October 9, 2003, at 10:04 AM, Suresh Ramasubramanian
wrote:
http://www.wired.com/news/business/0,1367,60747,00.html
--
srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9
manager, outblaze.com security and antispam operations
I found one of these today, as a matter of fact.
-
-I found one of these today, as a matter of fact. The spam was
-advertising an anti-spam package, of course.
-
-The domain name is vano-soft.biz, and looking up the address, I get
-
-Name:vano-soft.biz
-Addresses: 12.252.185.129, 131.220.108.232, 165.166.182.168,
-193.165.6.97
-
At 11:51 AM 10/9/2003, Chris Boyd wrote:
On Thursday, October 9, 2003, at 10:04 AM, Suresh Ramasubramanian wrote:
http://www.wired.com/news/business/0,1367,60747,00.html
--
srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9
manager, outblaze.com security and antispam operations
I found
Chris Boyd writes on 10/9/2003 9:21 PM:
A few minutes later, or from a different nameserver, I get
Name:vano-soft.biz
Addresses: 131.220.108.232, 165.166.182.168, 193.165.6.97, 12.229.122.9
12.252.185.129
This is a real Hydra. If everyone on the list looked up vano-soft.biz
and
At 12:01 PM 10/9/2003, McBurnett, Jim wrote:
-
-I found one of these today, as a matter of fact. The spam was
-advertising an anti-spam package, of course.
-
-The domain name is vano-soft.biz, and looking up the address, I get
-
-Name:vano-soft.biz
-Addresses: 12.252.185.129,
Thursday, October 9, 2003, 9:19:37 AM, you wrote:
VA Personally, I think preventing residential broadband customers from hosting
VA servers would limit a lot of that. I'm not saying that IS the solution.
VA Whether or not that's the right thing to do in all circumstances for each
VA ISP is
Vinny Abello writes on 10/9/2003 9:41 PM:
They're using extremely low TTL's on most of their records. Typically 2
minutes to accomplish this. The thing is I would imagine at least ONE of
those NS servers cannot change within a 2 hour window whereas the others
They are using a whole lot of
Hi,
#I think even if we get all the ones for this domain name today,=20
#assuming we can muster even man hours to get it today, another
#5000 will be added tomarrow.
Actually, we wrote a little tool to systematically track the
dotted quads associated with the vano-soft domain name. We have
At 10:51 AM -0500 10/9/03, Chris Boyd wrote:
A few minutes later, or from a different nameserver, I get
Name:vano-soft.biz
Addresses: 131.220.108.232, 165.166.182.168, 193.165.6.97, 12.229.122.9
12.252.185.129
This is a real Hydra. If everyone on the list looked up
vano-soft.biz
Hank Nussbacher writes on 10/9/2003 10:00 PM:
I think we can all safely assume that the people behind this are most
probably on NANOG or reading the archives and are now aware of your idea
:-)
vano-soft has been extensively discussed on other forums (spam-l, nanae
etc) for quite some time. But
Vinny Abello wrote:
Personally, I think preventing residential broadband customers from
hosting servers would limit a lot of that. I'm not saying that IS the
solution. Whether or not that's the right thing to do in all
circumstances for each ISP is a long standing debate that surfaces here
On Thu, 9 Oct 2003 12:01:35 -0400
McBurnett, Jim [EMAIL PROTECTED] wrote:
| I think even if we get all the ones for this domain name today,
| assuming we can muster even man hours to get it today, another
| 5000 will be added tomorrow. And looking at my list We have US
| (a very small ISP and a
Date: Thu, 9 Oct 2003 10:51:08 -0500
Subject: Re: Wired mag article on spammers playing traceroute games with
trojaned boxes
From: Chris Boyd [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
On Thursday, October 9, 2003, at 10:04 AM, Suresh Ramasubramanian
wrote:
http://www.wired.com
Oops... Try this again...
And as soon as you call law enforcement what happends? The spammer is
located offshore. Then what?
--- Hank Nussbacher [EMAIL PROTECTED] wrote:
On Thu, 9 Oct 2003, Suresh Ramasubramanian wrote:
* Follow the money - find out the spammer / the guy who he spams
There are two ways to go here -
* Nullroute or bogus out in your resolvers the DNS servers for this
domain -- two problems here. One is that the spammer doesn't use
vano-soft.biz in the smtp envelope, and second, he abuses open
redirectors like yahoo's srd.yahoo.com
There is another option,
On 9 Oct 2003, at 12:19, Vinny Abello wrote:
Personally, I think preventing residential broadband customers from
hosting servers would limit a lot of that. I'm not saying that IS the
solution. Whether or not that's the right thing to do in all
circumstances for each ISP is a long standing
On Thursday, October 9, 2003, at 12:24 PM, Suresh Ramasubramanian wrote:
Nope - the guy would get more trojaned boxes, no shortage of unpatched
windows machines on broadband.
There are two ways to go here -
* Nullroute or bogus out in your resolvers the DNS servers for this
domain --
At 12:53 PM 10/9/2003, you wrote:
On 9 Oct 2003, at 12:19, Vinny Abello wrote:
Personally, I think preventing residential broadband customers from
hosting servers would limit a lot of that. I'm not saying that IS the
solution. Whether or not that's the right thing to do in all
circumstances
On Thu, 9 Oct 2003, Joe Boyce wrote:
VA Personally, I think preventing residential broadband customers from hosting
VA servers would limit a lot of that. I'm not saying that IS the solution.
It's not like those customers are aware they are hosting servers, they
most likely were exploited
Michael G writes on 10/9/2003 10:27 PM:
Also, after doing some preliminary digging, it would seem that the
GTLD.BIZ servers have very low TTLs on a lot of their domains. In fact,
7200 seems high compared to some other ones I found.
Any correlation with the unusually high proportion of .biz
And as soon as you call law enforcement what happends? The spammer
--- Hank Nussbacher [EMAIL PROTECTED] wrote:
On Thu, 9 Oct 2003, Suresh Ramasubramanian wrote:
* Follow the money - find out the spammer / the guy who he spams
for,
from payment information etc.Sic law enforcement on
Andy Ellifson writes on 10/9/2003 10:58 PM:
Oops... Try this again...
And as soon as you call law enforcement what happends? The spammer is
located offshore. Then what?
99% of them are americans - and mostly from Florida at that. See
http://www.spamhaus.org/rokso/
they might subcontract
Looks like attachments wont go through, so I will repost without the
attachment. If anyone wants a copy, let me know
---Mike
At 01:28 PM 09/10/2003, Andy Ellifson wrote:
Oops... Try this again...
And as soon as you call law enforcement what happends? The spammer is
located
At 09:01 AM 10/9/2003, McBurnett, Jim wrote:
Can Broadband ISP's require a Linksys, dlink or other
broadband router without too many problems?
The router vendors would like that to happen :^)
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 09, 2003 9:56 AM
To: Joe Boyce
Cc: [EMAIL PROTECTED]
Subject: Re: Wired mag article on spammers playing traceroute games with
trojaned boxes
On Thu, 9 Oct 2003, Joe Boyce wrote:
VA Personally, I
On Thu, 09 Oct 2003 12:01:35 EDT, McBurnett, Jim [EMAIL PROTECTED] said:
Can Broadband ISP's require a Linksys, dlink or other
broadband router without too many problems?
So now instead of a misconfigured PC, you're going to have a misconfigured router
front-ending a misconfigured PC?
Or are
On Thu, 9 Oct 2003 12:55:36 -0400 (EDT), [EMAIL PROTECTED] wrote:
Trouble is, how do you stop this?
You use the same principles that are successfully applied every in society
(except the Internet) to prevent the negligent from injuring the public.
http://www.camblab.com/misc/univ_std.txt
At 03:42 PM 09/10/2003, [EMAIL PROTECTED] wrote:
On Thu, 09 Oct 2003 12:01:35 EDT, McBurnett, Jim
[EMAIL PROTECTED] said:
Can Broadband ISP's require a Linksys, dlink or other
broadband router without too many problems?
So now instead of a misconfigured PC, you're going to have a
On Thu, 09 Oct 2003 14:36:53 -0400, Mike Tancsa wrote:
OrgName:CyberGate, Inc.
This is a notorious spam-enabler about which I had a quarrel
with ATT management several years back to get them thrown off
the ATT network. I had to take it to their lawyers since the
abuse staff would do
How many times have you received SPAM selling a product from a U.S. based
company? I have received plenty follow the money Hank has it right.
M
(speaking only for myself)
Oops... Try this again...
And as soon as you call law enforcement what happends? The spammer is
located offshore.
On Thu, 9 Oct 2003 10:28:30 -0700 (PDT), Andy Ellifson wrote:
And as soon as you call law enforcement what happends? The spammer is
located offshore. Then what?
This is an easy one. Again, see http://www.camblab.oom/misc/univ_std.txt
It looks like they are using there little team of zombie machines that
are doing the port 80 redirect to also respond to DNS requests:
;; AUTHORITY SECTION:
vano-soft.biz. 120 IN NS ns3.uzc12.biz.
vano-soft.biz. 120 IN NS ns4.uzc12.biz.
Quoting [EMAIL PROTECTED] ([EMAIL PROTECTED]):
[snip]
it? Convince registrars to kill domains that are clearly being used by
thieves?
From a post on NANE, here's what the registar for vano-soft.biz had
to say on Oct 1:
In order to terminate service of this domain name we will need a
Folks, let's move this discussion onto one of the many lists that focuses
on spam:
http://www.claws-and-paws.com/spam-l/spam-l.html -- spam-l list for
spam prevention and discussion
http://www.abuse.net/spamtools.html -- spam tools list for software
tools that detect spam
--On Thursday, October 09, 2003 7:54 PM -0400 Susan Harris
[EMAIL PROTECTED] wrote:
Folks, let's move this discussion onto one of the many lists that
focuses on spam:
http://www.claws-and-paws.com/spam-l/spam-l.html -- spam-l list
forspam prevention and discussion
Margie Arbon wrote:
I am curious as to why open proxies, compromised hosts, trojans and
routing games are not considered operational issues simply because
the vehicle being discussed is spam.
With all due respect, we have a *problem*. End user machines on
broadband connections are being
On Thu, Oct 09, 2003 at 07:44:35PM -0500, Laurence F. Sheldon, Jr. wrote:
Two-three years ago the warnings were ignored because it was only
IRC. Now it's only spam. What does it take to make the Network
Operators and NANOG decide that things that are a very bad thing on
one protocol
On Thu, 9 Oct 2003, Margie Arbon wrote:
I am curious as to why open proxies, compromised hosts, trojans and
routing games are not considered operational issues simply because
the vehicle being discussed is spam.
Susan did not say it wasn't an operational issue. She said there are
other lists
(I dislike meta-discussion, but since it /is/ applicable to the list...)
Thus spake Sean Donelan ([EMAIL PROTECTED]) [09/10/03 21:32]:
Susan did not say it wasn't an operational issue. She said there are
other lists which focus on that issue.
Agreed.
There are many subjects of interest to
On Thu, Oct 09, 2003 at 05:20:10PM -0700, Margie Arbon wrote:
--On Thursday, October 09, 2003 7:54 PM -0400 Susan Harris
[EMAIL PROTECTED] wrote:
Folks, let's move this discussion onto one of the many lists that
focuses on spam:
http://www.claws-and-paws.com/spam-l/spam-l.html --
On Thu, 9 Oct 2003 18:40:35 -0400, John Capo wrote:
I spent
the rest of the day googleing for case law that might be applied
to the network operators providing connectivity to the trojaned
boxes being used for illegal activities, identity theft. Didn't
accomplish much except wasting the day.
46 matches
Mail list logo