On December 5, 2004 at 16:49 asrg2(_at_)billmail(_dot_)scconsult(_dot_)com
(Bill Cole) wrote:
As a somewhat tangential note, I think 'joe job' is a bit overbroad
in this context. Its origin was a very conscious, intentional,
targeted, and successful attempt to smear a hosting provider who had
kicked the particular spammer off of his service. That sort of attack
is pretty rare.
It's not rare, it's actually a pretty common reaction I see to
aggressively blocking an aggressive spammer, w/in a few hours we see
cascades of joe job traffic I can't help but suspect (tho can't prove)
is related. But there are patterns that would seem to defy total
coincidence like you block an aggressive spammer who uses zombies on
german DSL networks and a couple of hours later you're being hit with
joe jobs w/ all kinds of german fingerprints (e.g., bouncing off of
german ISPs, german language bodies, etc.)
What I will say is:
a) It doesn't go on for very long, "hours" is rare, just a blast or
two is more common (e.g. I guess they send a few thousand joe job msgs
out in one effort and move on.) Or very identical-looking blasts once
or twice a day for a few days like when they think of it they hit the
"joe job 'em" button.
b) It's not that big a deal, really, tho I guess it's a bigger deal to
end-users than companies who have resources. We'll just body pattern
block the joe job and that's pretty much the end of it, or the end of
seeing it.
--
-Barry Shein
Software Tool & Die | bzs(_at_)TheWorld(_dot_)com |
http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD
The World | Public Access Internet | Since 1989 *oo*
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg