On Tue, Nov 24, 2009 at 10:22:36PM -0500, Russell Myba wrote:
Looks like of our customers has decided to turn their /24 into a nice little space spewing machine. Doesn't seem like just one compromised host.
1. This is possibly/probably better on spam-l. 2. This is a very common operational model. Any number of spamgangs have been busy doing this with multiple /24's scattered over numerous providers in order to distribute the workload and minimize the impact of any takedown. 3. There is no point in reporting this to any law enforcment agency anywhere in the world *unless* child pornography is involved. Any action they take will be slow, inept, and ineffective. The best that you can probably do is (a) shut down them instantly and permanently and (b) publish all relevant details -- name names -- on spam-l so that workers and researchers can use the information. ---Rsk