North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: McColo and SPAM

  • From: Raymond Corbin
  • Date: Fri Dec 05 16:33:24 2008

I thought it was mostly control servers....I doubt any 'botnet master'
would hardcode an IP address of a server without some sort of backup
using some domains that they can always change the DNS on. They update
that and the bots will then start connecting to the new 'control
servers' and thus spam would come from them. Also did the spam really
'stop' or were they just not able to now get updates from their control
servers...those infected I imagine are still sending the spam....

-r

-----Original Message-----
From: Mike Walter [mailto:mwalter@xxxxxx] 
Sent: Friday, December 05, 2008 4:03 PM
To: Revolver Onslaught; nanog
Subject: RE: McColo and SPAM

We have not seen any decrease.  In the last 24 hours we have seen 3.5
million messages blocked.

-Mike

-----Original Message-----
From: Revolver Onslaught [mailto:revolver.onslaught@xxxxxxxxx] 
Sent: Friday, December 05, 2008 2:14 PM
To: nanog
Subject: McColo and SPAM

Hello,

Since McColo closed, we noticed the spam was far more intensive than
before.

However, it seems the amount of spam is similar than than before.

Do you feel the same ?

Many thanks,
RO