Re: I got a live one! - Spam source

[Truman Boyes <truman () suspicious org>]

Interesting scenario ... but would be far more interesting to us if you share the /24? 

Truman

On 25/11/2009, at 3:07 PM, Russell Myba wrote:

> > I'm confused.  Who are you billing and for what services?
> Let's say our direct customer is CustomerA.  They seem to buy rackspace from
> BusinessB.  CustomerA seem to retain BusinessC for "IT Solutions" even
> though all three entities purport to be IT solutions providers.
> BusinessC came into the picture after the spamming started saying a wholly
> different /24 (Different from the spam source) "doesn't work".  It routes
> fine on our end.  I have a feeling they've been added to some RBLs but I
> haven't found them listed yet.
>
> Just a simple ethernet handoff in a colo.  We delegated rDNS to the servers
> of their choice and haven't heard a peep out of them until now.
>
>
>
> > Spamhaus is the first one that comes to mind.  From what I understand of
> > your description, this doesn't sound all that different from typical spammer
> > behavior.  Multiple layers of indirection seems to be the latest thing for
> > spammers.
> >
> > ----------------------------------------------------------------------
> > Jon Lewis                   |  I route
> > Senior Network Engineer     |  therefore you are
> > Atlantic Net                |
> > _________ http://www.lewis.org/~jlewis/pgp<http://www.lewis.org/%7Ejlewis/pgp>for PGP public key_________