ietf
[Top] [All Lists]

Re: not spoofing, was IP-based reputation services vs. DNSBL

2008-11-12 16:35:06
What some spammers used to do when dialup connections were still
common and broadband rare is that they would use a dialup session as
the purported source of the packets but really send the bulk of the
message from a high speed connection. The dialup connection telling
the high speed connection which sequence numbers to employ.

Spammers used to do that, but it didn't involve any address spoofing,
just routing games.

The bad guy had a T1 and a dialup into the same box.  It used the IP
of the dialup its traffic but sent outbound packets over the T1,
getting return packets via the dialup.  Since spamming involves a lot
more outbound than inbound traffic, this still let them use most of
the T1.  When the dialup ISP noticed and cancelled the dialup account,
they'd just switch to another one, typically using a stack of free
trial AOL disks.

Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet 
for Dummies",
Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor
"More Wiener schnitzel, please", said Tom, revealingly.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf