[plug] Is this a spam attack?
Luke Dudney
dex at wn.com.au
Tue May 13 17:14:36 WST 2003
On 13/05/03 17:17, Bret Busby wrote:
>On Tue, 13 May 2003, Luke Dudney wrote:
>
>
>
>>They do appear spam related.
>>You'll need to look further back into the logs to see where these
>>messages are coming from - do greps for those queue ids:
>>
>>5686D14AB8A
>>C945814ABD9
>>5BBB314AC14
>>
>>etc
>>
>>Cheers
>>Luke
>>
>>
>>
>>
>
>A while ago, when I contacted the computer crimes part of the Singapore
>police, about repeated attempts to breach our server for relaying, as
>the originating addresses showed to be Singapore domains, the response
>from them, was that the addresses were spoofed.
>
>So, I believe that trying to trace the originating addresses for the
>problem, would, I believe, likely be futile.
>
>
It's very doubtful that the addresses are 'spoofed' in the classical
sense. It's practically impossible to spoof a TCP connection to a modern
Linux box as their TCP sequence numbers are near-impossible to predict.
What they may have been talking about is proxy hijacking, where the
connection is bounced off an unwilling 3rd-party, but it sound more like
a fob-off to me.
Cheers
Luke
More information about the plug
mailing list