Re: Req: info on IP range popup ad software supposedly called "Extreme Marketing"

From: Barry Margolin (barmar@genuity.net)
Date: 12/30/02 

From: Barry Margolin <barmar@genuity.net>
Date: Mon, 30 Dec 2002 18:52:56 GMT

In article <pan.2002.12.30.17.16.07.282181@forme.com>,
Joe Schmoe <nomail@forme.com> wrote:
>On Mon, 30 Dec 2002 09:27:28 +0000, Jonathan Rynd wrote:
>
>> On 28 Dec 2002, "Joe Schmoe" <nomail@forme.com> posted to
>> news.admin.net-abuse.email using message-ID
>> news:pan.2002.12.28.19.00.01.527757@forme.com :
>>
>>> Since the originator of the message
>>> does not require a response, they do not need to supply a valid
>>> IP, they just spoof it and become untraceable...
>>
>> So again, we have to hope that ISPs start doing egress filtering...
>
>It would certainly help, but then someone could always find a host that is
>up on their subnet whenever they went to do a spam run and spoof that IP.

It doesn't matter whether the host itself is up. The tracing is done by
looking up the containing address block, to see what organization it's
routed to. You don't need to trace it back to a running host.

Since egress filtering forces organizations to use source addresses that
are assigned to them, you can use the source address to determine what
organization sent it. 

-- 
Barry Margolin, barmar@genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

Relevant Pages