[anti-abuse-wg] Hijacked netblocks - any SOP for these?
firstname.lastname@example.org world.antispam.report at inbox.com
Mon Aug 8 18:56:46 CEST 2011
The problem is : Does any network operator wants to examine how does a "Spamming Trojan that works on its own" works? Live, while in contact with the remote intruder with whom the infected trojan is in contact with? Please, let me give a specific example... I have this "Other" given mailbox for which maybe its exact email address was given to what is know as a "SPAM List". I decide to keep to keep that address instead of getting rid of it. Of course, if there was a SPAM to get on the Internet, rest assure that I'll get that SPAM at that email address! Anyhow, at one time (Rather many, many times), I get a SPAM that bares an HTLM link in its email body but the domain name is an absolutle gibberish word inintellible in any language that anyone could dream of. So, I sent the complaint to both the abuse@ department from which the SPAM originated and to the other network website (IP#) where the gibberish domain name was located... If I remember well, the origin of the SPAM was from "Spain-Bada-Telecome", a very respectable & serious network and the other network hosting the "Gibberish" domain name (IP#...) was also a quite respectable network... I have kept their reply as some other "Same type" reply in which a given network operator thank me to advise him about this or that trojan using his own network for spamming purpose (Sort of an intrusion)... If you want I can send or post these thanfull dudes? Ok??? Let's go on... Some 2 days later, I get another SPAM baring the same gibberish HTML domain name but now located on a IP# located within the APNIC authority... Done complaint as usual and watched it for the whole day thereafter... For about 10 hours, the gibberish domain name disapeared from the APNIC network and re-appeared on a network located in Romania and for which close to none of the "RIPE registration datas" appeared to be valid. All email addies and civic addies appeared wrong, bounced back, etc... Now, about the question what does the term "hijacked Netwok or IP#" means to RiPE or to any Internet concerned individual? Within all the cases I seen up to now, all network operators of good faith and good will resolved the given problem in less than 6 hours. Aside from blacklisting the "Supposed" source of trojan intruders. In do time, if the infectuous network runs into problems because he's refused connection with this network elsewhere, he could always use another email address to reach the network that blacklisted him? No problem there! Got it? > -----Original Message----- > From: woeber at cc.univie.ac.at > Sent: Mon, 08 Aug 2011 15:42:35 +0000 > To: ops.lists at gmail.com > Subject: Re: [anti-abuse-wg] Hijacked netblocks - any SOP for these? > > [Catching up after being out of office for a while...] > > Suresh Ramasubramanian wrote: > > [...] >> >> Can we turn back to the question that was actually riased in the thread? > > Yes, please. :-) > > As Spamhouse was mentioned, and the term "hijacked" pointed at, > can anyone please provide me/us with (a pointer to) the definition of > "hijacked", in particular as used by Spamhouse? > > TIA, > Wilfried. ____________________________________________________________ Send any screenshot to your friends in seconds... Works in all emails, instant messengers, blogs, forums and social networks. TRY IM TOOLPACK at http://www.imtoolpack.com/default.aspx?rc=if2 for FREE