[plug] Is this a spam attack?

Bret Busby bret at busby.net
Tue May 13 17:58:26 WST 2003


On Tue, 13 May 2003, Luke Dudney wrote:

> 
> 
> On 13/05/03 17:17, Bret Busby wrote:
> 
> >On Tue, 13 May 2003, Luke Dudney wrote:
> >
> >  
> >
> >>They do appear spam related.
> >>You'll need to look further back into the logs to see where these 
> >>messages are coming from - do greps for those queue ids:
> >>
> >>5686D14AB8A
> >>C945814ABD9
> >>5BBB314AC14
> >>
> >>etc
> >>
> >>Cheers
> >>Luke
> >>
> >>
> >>    
> >>
> >
> >A while ago, when I contacted the computer crimes part of the Singapore 
> >police, about repeated attempts to breach our server for relaying, as 
> >the originating addresses showed to be Singapore domains, the response 
> >from them, was that the addresses were spoofed.
> >
> >So, I believe that trying to trace the originating addresses for the 
> >problem, would, I believe, likely be futile.
> >  
> >
> 
> It's very doubtful that the addresses are 'spoofed' in the classical 
> sense. It's practically impossible to spoof a TCP connection to a modern 
> Linux box as their TCP sequence numbers are near-impossible to predict. 
> What they may have been talking about is proxy hijacking, where the 
> connection is bounced off an unwilling 3rd-party, but it sound more like 
> a fob-off to me.
> 
> Cheers
> Luke
> 
> 
> 

Here is an example of what appears to include a spoofed email address.

..........
On Sun, 2 Mar 2003, Mail Delivery System wrote:
> 
> Date: Sun,  2 Mar 2003 08:55:29 +0800 (WST)
> From: Mail Delivery System <MAILER-DAEMON at busby.net>
> To: Postmaster <postmaster at busby.net>
> Subject: Postfix SMTP server: errors from unknown[218.70.153.112]
> 
> Transcript of session follows.
> 
>  Out: 220 ****.*** ESMTP Postfix
>  In:  HELO fdsfdsf
>  Out: 250 *****.***
>  In:  MAIL From: <ydfkcbi at msn.com>
>  Out: 250 Ok
>  In:  RCPT To:<ameill at 19.com.cn>
>  Out: 554 <ameill at 19.com.cn>: Recipient address rejected: Relay access denied
>  In:  RCPT To:<ameill at xinhuanet.com>
>  Out: 554 <ameill at xinhuanet.com>: Recipient address rejected: Relay access
>      denied
>  In:  QUIT
>  Out: 221 Bye
> 
> No message was collected successfully.
> 
..........

Now, Luke, Are you seriously saying that someone at Microsoft is 
attempting security breaches across the Internet, to set up unauthorised 
relaying?

Oh, and, email address spoofing is commonplace, especially with some 
viruses; recently, a virus spoofed people's email addresses as the 
sender of the viral messages.

-- 
Bret Busby
Armadale
West Australia
..............

"So once you do know what the question actually is,
 you'll know what the answer means."
- Deep Thought,
  Chapter 28 of 
  "The Hitchhiker's Guide to the Galaxy:
  A Trilogy In Four Parts",
  written by Douglas Adams, 
  published by Pan Books, 1992 
....................................................





More information about the plug mailing list