North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: Wired mag article on spammers playing traceroute games with trojanedboxes
- From: Suresh Ramasubramanian
- Date: Thu Oct 09 12:24:04 2003
Chris Boyd writes on 10/9/2003 9:21 PM:
A few minutes later, or from a different nameserver, I get
Name: vano-soft.biz
Addresses: 131.220.108.232, 165.166.182.168, 193.165.6.97, 12.229.122.9
12.252.185.129
This is a real Hydra. If everyone on the list looked up vano-soft.biz
and removed the trojaned boxes, would we be able to kill it?
Nope - the guy would get more trojaned boxes, no shortage of unpatched
windows machines on broadband.
There are two ways to go here -
* Nullroute or bogus out in your resolvers the DNS servers for this
domain --> two problems here. One is that the spammer doesn't use
vano-soft.biz in the smtp envelope, and second, he abuses open
redirectors like yahoo's srd.yahoo.com
* "Follow the money" - find out the spammer / the guy who he spams for,
from payment information etc. Sic law enforcement on them.
srs
--
srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9
manager, outblaze.com security and antispam operations
|
