When someone abuses DNS...
Forrest Aldrich
forrie at navipath.com
Tue Jul 24 23:42:56 UTC 2001
We have had a rather interesting 2 weeks, filled with this abusive user who
owns a few domains, that have been spammed everywhere. His MO is to sign
up with fake credit (or stolen, for all I know) cards, and begin spamming.
The place where he registered the domanis is a partner of opensrs.org, so
he can update his DNS on-the-fly. He's been pointing these servers to
whatever dynamic IP he gets -- bouncing from different providers (including
our customers).
So, from a DNS perspective, what would one suggest I do to thwart some of
this -- or at least make it difficult. I thought we could include his
domains in our authoritative zones and distribute that around our PoPs --
point the IP to 127.0.0.3 or something arbitrary. At least it would
pretty much flatten some of his activity.
Suggestions?
I have contacted his "registrar" and they are apparently looking into it
now (but may not completely understand what to do).
Thanks in advance.
More information about the bind-users
mailing list