[Dshield] Need Suggestions

jayjwa jayjwa at atr2.ath.cx
Sat Jun 25 08:51:41 GMT 2005


On Thu, 23 Jun 2005, Golden_Eternity wrote:

-> Mike Wydra wrote:

-> > I NeoTraced the addresses back to Beijing (Peking), and of course,
-> > there's no information available.
-> 
-> from the apnic whois:
-> 
-> trouble:      send anti-spam reports to spam at jsinfo.net
-> trouble:      send abuse reports to abuse at jsinfo.net

After dozens and dozens of abuse reports sent, I never, ever, got even a 
one response from any China/Chinanet network. That's if the addresses 
accepted mail at all, many are 'user unknown', 'mailbox full', or no 
postmaster (in violation of rfc's). Althought I don't like to do it in the 
normal run of things, I started dropping any and all traffic from China 
and also Korea. Understand that this was after many, many incidents, with 
the biggest factor being no response whatsoever from any ISP there. It's 
like that just don't care.

There are lists of all those address here: http://www.blackholes.us/ Some 
forms fit into an IPtables script nicely.

What the OP was likely seeing was Messenger Spam, there are alot of 
Messenger spammers there and a few Spam-Cannons that appear so frequently 
on the monitor that I recognize the IP address when it pops up.

-- 
Confidentiality Notice: This email may contain confidential
and privileged information. If in the event that it does,
please send it back to me with a reply telling me how
stupid I am for sending confidential info to a public forum.


More information about the list mailing list