[Dshield] Have spammers managed to forge the first received lines?

Pete Cap peteoutside at yahoo.com
Sun Feb 1 19:19:27 GMT 2004

I wonder if CAIDA is seeing a lot of this.
If memory serves they have an ungodly amount of netspace which they're using to catch backscatter.

Ooh, that reminds me...I wonder if they're seeing a lot of bounce from the SCO/M$ DDoS attacks or what...

"Johannes B. Ullrich" <jullrich at sans.org> wrote:
> OR have somehow 
> managed
> to program the upstream routers to "steal" these IP addresses, and are 
> only
> activating them during their spam binges.

Spammers are hijacking IP space for a quite a while now. Usually they
try to figure out assigned but unused IP space which they will then
temporarily announce from other networks. Services like Renesys's 
'GRADUS' service can be used to watch for announcement of one's IP space
from unauthorized sources.

CTO SANS Internet Storm Center http://isc.sans.org
phone: (617) 837 2807 jullrich at sans.org 

contact details: http://johannes.homepc.org/contact.htm

> ATTACHMENT part 1.2 application/pgp-signature name=signature.asc
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list

Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!

More information about the list mailing list