25 Nov
2009
25 Nov
'09
12:45 a.m.
On Wed, Nov 25, 2009 at 8:52 AM, Russell Myba <rusmyba@gmail.com> wrote:
Looks like of our customers has decided to turn their /24 into a nice little space spewing machine. Doesn't seem like just one compromised host.
Reverse DNS for most of the /24 are suspicious domains. Each domain used in the message-id forwards to a single .net which lists their mailing address as a PO box an single link to an unsubscribe field.
Sounds like what spamhaus.org calls snowshoe. What /24 would this be?