North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: IP spoofing and spamming

  • From: Dale Drew
  • Date: Tue Oct 28 23:02:03 1997 
What does your contract say you can do?  First and foremost
contact your legal department to ensure that you can cut
service within the parameters of the contract, or your
company can defend itself for terminating the contract
without cause.

Contact ISP X and ask for any complaints surrounding the
customer in question.  Explain the situation to them, they
should be cooperative.  If not, have your legal folks nag them.

What does your Acceptable Use Policy state in the area
of spamming, forged addresses, etc?  If nothing, MODIFY IT
NOW.

Once you have a copy of some complaints (either directly or
from ISP X), that should be enough to take direct action.

Dale

	"Si Hoc Legere Scis Nimium Eruditionis Habes"
================================================================
 
Dale Drew                                 MCI Telecommunications
Sr. Manager                                 internetMCI Security
                                                     Engineering
Voice:  703/715-7058                     Internet: [email protected]
Fax:    703/715-7066                 MCIMAIL: Dale_Drew/644-3335
 
 
 

At 09:17 PM 10/28/97 -0600, Stephen Dolloff wrote:
>Terminate his feed.  End of story.
>
>Stephen Dolloff
>([email protected])
>
>On Wed, 29 Oct 1997, Hank Nussbacher wrote:
>
>> Please no religionics.  Part of the below is true - part is what will
happen
>> in the near future:
>> 
>> I have a spammer I am trying to block.  He is multihomed to me and ISP X.
>> He has address a.b.c.d from me and address a.b.c.e from ISP X.  Users
>> started seeing spams from a.b.c.e and complained to ISP X.  He shut off
SMTP
>> to the customer but the spamming continued.  Turns out the user defaults
out
>> to me no matter what, so his address was a.b.c.e when coming out of me.
For
>> me that is a spoofed address.  I then go to block his spoofed address.
User
>> then says, it is a valid address and I have no business blocking his IP
>> addresses, whether he has them from me or ISP X.  I then say I'll block
SMTP
>> and the user says, "show me one letter from a user on the Internet
>> complaining to you that I am spamming".  Since his dns is located elsewhere
>> and since the IP addresses are not mine, the users aren't complaining to me
>> - but to ISP X and perhaps ISP Y (providing him secondary DNS service).
All
>> the ISP X & Y attempts to shut out the spam aren't affective due to the
>> multihoming.
>> 
>> What do we do in these cases?
>> 
>> Thanks,
>> Hank
>> 
>> 
>
>
>