[plug] Is this a spam attack?

Luke Dudney dex at wn.com.au
Tue May 13 17:14:36 WST 2003


On 13/05/03 17:17, Bret Busby wrote:

>On Tue, 13 May 2003, Luke Dudney wrote:
>
>  
>
>>They do appear spam related.
>>You'll need to look further back into the logs to see where these 
>>messages are coming from - do greps for those queue ids:
>>
>>5686D14AB8A
>>C945814ABD9
>>5BBB314AC14
>>
>>etc
>>
>>Cheers
>>Luke
>>
>>
>>    
>>
>
>A while ago, when I contacted the computer crimes part of the Singapore 
>police, about repeated attempts to breach our server for relaying, as 
>the originating addresses showed to be Singapore domains, the response 
>from them, was that the addresses were spoofed.
>
>So, I believe that trying to trace the originating addresses for the 
>problem, would, I believe, likely be futile.
>  
>

It's very doubtful that the addresses are 'spoofed' in the classical 
sense. It's practically impossible to spoof a TCP connection to a modern 
Linux box as their TCP sequence numbers are near-impossible to predict. 
What they may have been talking about is proxy hijacking, where the 
connection is bounced off an unwilling 3rd-party, but it sound more like 
a fob-off to me.

Cheers
Luke



More information about the plug mailing list