Yes, this is all too familiar. Luckily it was not so acute for us. The porn company in question was using legit credit cards and we knew where they were located. We too got to the point where I had to contemplate blocking dialups with no ANI as I had already blocked all access from their phone numbers. However, once they started doing that I called up their office yelling and screaming law suits and I guess they figured there were other ISPs that didnt care as much and moved on to them. ---Mike At 10:39 PM 20/09/2003, jlewis@lewis.org wrote:
At one time, signing up for "throwaway dial-up accounts" was a common spammer MO. We got hit a couple times, and they were like a plague of vermin [the spammers]. They'd sign up giving us bogus contact info and a freshly stolen (active) credit card. When the account was activated, they'd dial in using half a dozen or so lines and pump out as much spam (direct-to-MX) as they could. The really annoying bit is, we'd terminate them, they'd call right back, and sign up again, giving different bogus info and card numbers. We'd block them by ANI, and they'd block caller-ID when calling us. I ended up being forced to block access to some of our dial-up numbers both by ANI, and if there was no ANI, and then had to setup exceptions for a few customers in those areas who we never got ANI for. When I tried getting police in their areacode to investigate, they had no interest/were too busy...even though I could give them phone numbers the accounts were used from and stolen credit cards.
To put a little operational spin in here...how many of you run dial-up networks where you refuse logins unless you get ANI?...and if you do this, do you also maintain an ANI blacklist?
Anyway...they moved on to proxy abuse, then outright theft by creating their own proxies on compromised MS Windows boxes. Both methods have the advantage of totally hiding the spammer from the recipients and bandwidth amplification. I imagine you could utilize multiple spam proxies on broadband connections pumping out your spam while connected via dial-up yourself.
If you look at the numbers at http://njabl.org/stats, about 5% of the hosts that have ever been checked are currently open relays (or nobody's bothered to remove them). IIRC, at one point, this was nearly 20%. 13.6% are open proxies...and the disparity is definitely still growing, with about 10x as many open proxies as relays being detected daily. Unfortunately, the new breed of purpose-built spam proxies are generally not remotely detectable, so the proxy percentage would be even higher if it included the newer spam proxies.
---------------------------------------------------------------------- Jon Lewis *jlewis@lewis.org*| I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________