Yeah. This is just the way snowshoe spammers operate - GRE or VPN tunnels back to a master server, and a /24 full of output points with throwaway hostnames / reverse dns
On Tue, Sep 7, 2010 at 8:05 PM, Jon Lewis <jle...@lewis.org> wrote: > I haven't seen that excuse/justification from customers. What I did see > recently that I have to admit was very slick was a customer who claimed they > were going to be doing a bunch of remote "terminals" in stores VPN'd into > their dedi servers and would be streaming video from the servers to the > clients. This was of course 99% BS. There was VPN involved....they used > the dedi servers as VPN endpoints for their spam servers that were hosted > elsewhere. When we shut them down, there was absolutely nothing > incriminating of spam operations on their servers...and all they had to do > was sign up for service at another hosting company, setup the VPN server, > change the IPs their spam servers VPN to, and they're back in business. > When sales brought me their initial request, I really didn't believe it, but > I didn't have good enough cause to reject it. -- Suresh Ramasubramanian (ops.li...@gmail.com)