26 Oct
2015
26 Oct
'15
6:30 a.m.
I sent a message to the NANOG mail adminstration team asking them to throw the "emergency moderation" flag. This is a switch inside Mailman (the piece of software that runs the NANOG lists) which causes all incoming list traffic to be held for manual approval. When stuff like this happens, it's a fast way to stop the bleeding. I've had no response to that and am also still (8:30 AM EDT) observing a steady flow of outbound spam via NANOG. Note that this is part of a much larger attack: so far, I've seen the same thing on about 15 other mailing lists. Whether all of these were launched by the same entity is unknown, but the patterns match quite closely, so that's certainly a possibility. ---rsk