[Dshield] Have spammers managed to forge the first received lines?

Johannes B. Ullrich jullrich at sans.org
Sun Feb 1 15:19:00 GMT 2004

>  OR have somehow 
> managed
> to program the upstream routers to "steal" these IP addresses,  and are 
> only
> activating them during their spam binges.

Spammers are hijacking IP space for a quite a while now. Usually they
try to figure out assigned but unused IP space which they will then
temporarily announce from other networks. Services like Renesys's 
'GRADUS' service can be used to watch for announcement of one's IP space
from unauthorized sources.

CTO SANS Internet Storm Center               http://isc.sans.org
phone: (617) 837 2807                          jullrich at sans.org 

contact details: http://johannes.homepc.org/contact.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040201/83541562/attachment.bin

More information about the list mailing list