On Jan 9, 2005, at 12:20 PM, John Levine wrote:
Please consider the situation of net abuse with the source address being an infected PCs on a dialup pool that has port 25 filtering enabled. [ triangular routing ]
Back when Ernesto Haberli was active, this was his trademark technique. He'd burn through large numbers of dialup accounts, but hide the address of his high-speed connection.
At the time he left the business a few years ago it worked pretty well and I gather he left because he'd run out of high speed ISPs to sign up with. I'd be interested to know if triangular routing is used by particular people now, or is it just another trick thrown into the mix along with zombie proxies and such.
Imagine all those "high speed ISPs" who would never have been burned if they just followed BCPs and source filtered their customer base. Especially since broadband ISPs should be able to source filter easier than anyone, having fewer "issues" like multi-homed customers. (Ignoring the discuss of whether that is really an issue or not.) But hey, who wants to actually make the network work better these days anyway? -- TTFN, patrick