[Dshield] Need Suggestions
jayjwa at atr2.ath.cx
Sat Jun 25 08:51:41 GMT 2005
On Thu, 23 Jun 2005, Golden_Eternity wrote:
-> Mike Wydra wrote:
-> > I NeoTraced the addresses back to Beijing (Peking), and of course,
-> > there's no information available.
-> from the apnic whois:
-> trouble: send anti-spam reports to spam at jsinfo.net
-> trouble: send abuse reports to abuse at jsinfo.net
After dozens and dozens of abuse reports sent, I never, ever, got even a
one response from any China/Chinanet network. That's if the addresses
accepted mail at all, many are 'user unknown', 'mailbox full', or no
postmaster (in violation of rfc's). Althought I don't like to do it in the
normal run of things, I started dropping any and all traffic from China
and also Korea. Understand that this was after many, many incidents, with
the biggest factor being no response whatsoever from any ISP there. It's
like that just don't care.
There are lists of all those address here: http://www.blackholes.us/ Some
forms fit into an IPtables script nicely.
What the OP was likely seeing was Messenger Spam, there are alot of
Messenger spammers there and a few Spam-Cannons that appear so frequently
on the monitor that I recognize the IP address when it pops up.
Confidentiality Notice: This email may contain confidential
and privileged information. If in the event that it does,
please send it back to me with a reply telling me how
stupid I am for sending confidential info to a public forum.
More information about the list