Re: not spoofing, was IP-based reputation services vs. DNSBL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>What some spammers used to do when dialup connections were still
>common and broadband rare is that they would use a dialup session as
>the purported source of the packets but really send the bulk of the
>message from a high speed connection. The dialup connection telling
>the high speed connection which sequence numbers to employ.

Spammers used to do that, but it didn't involve any address spoofing,
just routing games.

The bad guy had a T1 and a dialup into the same box.  It used the IP
of the dialup its traffic but sent outbound packets over the T1,
getting return packets via the dialup.  Since spamming involves a lot
more outbound than inbound traffic, this still let them use most of
the T1.  When the dialup ISP noticed and cancelled the dialup account,
they'd just switch to another one, typically using a stack of free
trial AOL disks.

Regards,
John Levine, johnl@xxxxxxxx, Primary Perpetrator of "The Internet for Dummies",
Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor
"More Wiener schnitzel, please", said Tom, revealingly.
_______________________________________________

Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]