[Dshield] Joe-job aftermath

Nels Lindquist nlindq at maei.ca
Fri Oct 3 16:53:17 GMT 2003

Hi there.

We've been the victim of a joe-job which started last Friday and 
proceeded for a week (it's finally let up this morning, but that 
could be temporary).  I've collected a ton of bounce messages (looks 
like the spam run was directed primarily at Hotmail and MSN).

Unfortunately it appears that each message was relayed through a 
different blind proxy, so I've been unable to trace the original 
spammer(s) so far.  Does anyone know of a way to correlate open 
proxies with those who exploit them?

Any other suggestions as to possible action we could take?  I've 
already spoken to our ISP, but they have no ideas.

Nels Lindquist <*>
Information Systems Manager
Morningstar Air Express Inc.

More information about the list mailing list