|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: Wired mag article on spammers playing traceroute games with trojaned boxes
At 12:01 PM 10/9/2003, McBurnett, Jim wrote: Personally, I think preventing residential broadband customers from hosting servers would limit a lot of that. I'm not saying that IS the solution. Whether or not that's the right thing to do in all circumstances for each ISP is a long standing debate that surfaces here from time to time. Same as allowing people to host mail servers on cable modems or even allowing them to access mail servers other than the ISP's.-> ->I found one of these today, as a matter of fact. The spam was ->advertising an anti-spam package, of course. -> ->The domain name is vano-soft.biz, and looking up the address, I get -> ->Name: vano-soft.biz ->Addresses: 12.252.185.129, 131.220.108.232, 165.166.182.168, ->193.165.6.97 -> 12.229.122.9 -> ->A few minutes later, or from a different nameserver, I get -> ->Name: vano-soft.biz ->Addresses: 131.220.108.232, 165.166.182.168, 193.165.6.97, ->12.229.122.9 -> 12.252.185.129 -> ->This is a real Hydra. If everyone on the list looked up ->vano-soft.biz ->and removed the trojaned boxes, would we be able to kill it? -> ->--Chris I got : Canonical name: vano-soft.biz Addresses: 165.166.182.168 193.92.62.42 200.80.137.157 12.229.122.9 12.252.185.129 I think even if we get all the ones for this domain name today, assuming we can muster even man hours to get it today, another 5000 will be added tomarrow. And looking at my list We have US(a very small ISP and a large ISP) RIPE, and LACNIC. I wonder if the better question should be: Can Broadband ISP's require a Linksys, dlink or other broadband router without too many problems? That is what it will take to slow this down, and then only if ALL of ISP's do it. This not only affects this instance but global security as a whole. Just a few days ago, Cisco was taken offline by a large # of Zombies, I am willing to say that those are potentially some of the same compromised systems. Thoughts? Vinny Abello Network Engineer Server Management [email protected] (973)300-9211 x 125 (973)940-6125 (Direct) PGP Key Fingerprint: 3BC5 9A48 FC78 03D3 82E0 E935 5325 FBCB 0100 977A Tellurian Networks - The Ultimate Internet Connection http://www.tellurian.com (888)TELLURIAN There are 10 kinds of people in the world. Those who understand binary and those that don't.
|