On Tue, 06 Apr 2004 15:12:05 -0700, Rhugga wrote:
> Michael Sullivan wrote:
>> I read my log watch every day for my server PC each time I notice
>> an attempted unauthorized access I run the IP through whois and
>> then I send an email to the abuse@ address I see at the bottom of
>> whois report. This morning I found a third attempt to send email
>> through my smtp server from kornet.net. Is there anyone I can
>> report them to if it happens again? I've sent them email all
>> three times that they've attempted to use my server...
>>
>> -Michael Sullivan-
>>
>>
> Well, if it is one of these spare bedroom data center type ISPs
> that are springing up to send spam mail, your quest may become
> futile. I write code for an anti-spam mail filtering service
> provider, and it is a royal pain in the ass to track down these
> luzers. (assuming this is a spammer probe and not a legitimate
> mistake some admin might be making) Also, it may be an infected
> host in that network that has some kind of adware/spyware/spamware
> daemon probing for extra hops.
>
> You may wanna play with them a little bit, give him an open relay
> and see what follows. (dont walk away from the terminal while you
> are doing this, I mean, be watching tcpdump in real time) If this
> is a smapper ISP, just block their network/domain/whatever at your
> smtp server. (postfix is great for this type of thing)
>
> -cc
just a quick note - kornet.net is one of the biggest spam ISPs in the world (its the biggest ISP in Korea AFAIK). I dont even bother sending spam reports to them - they dont reply.
Jeff
|
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
