You catch a spammer trying to relay off your network..

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Gadsden
    Goon
    • Jul 2002
    • 1241
    #1

    You catch a spammer trying to relay off your network..

    Let's say you are the admin of a network and your IDS alerts you that a spammer is trying to relay off of your mail server. You see that it is indeed spam (thank you, mailsnarf!) and you know his IP. Do you:
    • Flex your 31337 skillz and teach him a lesson he will never forget?
    • Try to DoS him off the map?
    • Try to scare him away by portscanning, etc.?
    • Report him to his ISP and try to get him booted?
    • Quietly block him out?
    • Rape his dog, kill his wife, burn his house, then salt the earth where he slept?


    WWBWD? (What Would BlackWave Do?) :p
    33
    Flex your 31337 skillz and teach him a lesson he will never forget?
    21.21%
    7
    Try to DoS him off the map?
    12.12%
    4
    Try to scare him away by portscanning, etc..
    6.06%
    2
    Report him to his ISP and try to get him booted?
    15.15%
    5
    Quietly block him out?
    12.12%
    4
    Rape his dog, kill his wife, burn his house, then salt the earth where he slept?
    33.33%
    11
    Happiness is a belt-fed weapon.
    Tags: None
    • converge
      No Values Voter
      • Oct 2001
      • 3322
      #2
      Keep in mind that the IP you're seeing is probably not anything that will identify or damage the spammer directly... unless the spammer is really stupid, which is much less the case nowadays.

      The safer route is to take the abuse@ route... but it's often a futile battle. Just don't let the spammer relay off any of _your_ servers
      if it gets me nowhere, I'll go there proud; and I'm gonna go there free.

        Comment

        • blackwave
          Member
          • Jun 2002
          • 4270
          #3
          it isn't the spam it is the security through obscurity messages in the spam!

          Anyone remember this?

          Defcon Forums > Technical Area > Got Questions? > Reading foreign leet?

          http://forum.defcon.org/showthread.php?s=&threadid=429

            Comment

            Previous template Next
            Working...