[plug] Is this a spam attack?
Bret Busby
bret at busby.net
Tue May 13 18:11:20 WST 2003
On Tue, 13 May 2003, Bret Busby wrote:
>
> On Tue, 13 May 2003, Luke Dudney wrote:
>
> >
> >
> > On 13/05/03 17:17, Bret Busby wrote:
> >
> > >On Tue, 13 May 2003, Luke Dudney wrote:
> > >
> > >
> > >
> > >>They do appear spam related.
> > >>You'll need to look further back into the logs to see where these
> > >>messages are coming from - do greps for those queue ids:
> > >>
> > >>5686D14AB8A
> > >>C945814ABD9
> > >>5BBB314AC14
> > >>
> > >>etc
> > >>
> > >>Cheers
> > >>Luke
> > >>
> > >>
> > >>
> > >>
> > >
> > >A while ago, when I contacted the computer crimes part of the Singapore
> > >police, about repeated attempts to breach our server for relaying, as
> > >the originating addresses showed to be Singapore domains, the response
> > >from them, was that the addresses were spoofed.
> > >
> > >So, I believe that trying to trace the originating addresses for the
> > >problem, would, I believe, likely be futile.
> > >
> > >
> >
> > It's very doubtful that the addresses are 'spoofed' in the classical
> > sense. It's practically impossible to spoof a TCP connection to a modern
> > Linux box as their TCP sequence numbers are near-impossible to predict.
> > What they may have been talking about is proxy hijacking, where the
> > connection is bounced off an unwilling 3rd-party, but it sound more like
> > a fob-off to me.
> >
> > Cheers
> > Luke
> >
> >
> >
>
> Here is an example of what appears to include a spoofed email address.
>
> ..........
> On Sun, 2 Mar 2003, Mail Delivery System wrote:
> >
> > Date: Sun, 2 Mar 2003 08:55:29 +0800 (WST)
> > From: Mail Delivery System <MAILER-DAEMON at busby.net>
> > To: Postmaster <postmaster at busby.net>
> > Subject: Postfix SMTP server: errors from unknown[218.70.153.112]
> >
> > Transcript of session follows.
> >
> > Out: 220 ****.*** ESMTP Postfix
> > In: HELO fdsfdsf
> > Out: 250 *****.***
> > In: MAIL From: <ydfkcbi at msn.com>
> > Out: 250 Ok
> > In: RCPT To:<ameill at 19.com.cn>
> > Out: 554 <ameill at 19.com.cn>: Recipient address rejected: Relay access denied
> > In: RCPT To:<ameill at xinhuanet.com>
> > Out: 554 <ameill at xinhuanet.com>: Recipient address rejected: Relay access
> > denied
> > In: QUIT
> > Out: 221 Bye
> >
> > No message was collected successfully.
> >
> ..........
>
> Now, Luke, Are you seriously saying that someone at Microsoft is
> attempting security breaches across the Internet, to set up unauthorised
> relaying?
>
> Oh, and, email address spoofing is commonplace, especially with some
> viruses; recently, a virus spoofed people's email addresses as the
> sender of the viral messages.
>
>
The message that I meant to include, is the one below. The one above
refers to msn.com; the one below refers to microsoft.com.
I would like to see anyone publicly accuse Microsoft of attempted
breaching of security of our computers with the intention of the
unauthorised use any of our computers for relaying. Whoever would accuse
Microsoft of such an action, would, I expect, require a few million
dollars to pay for the lawsuit.
..............
On Fri, 6 Sep 2002, Mail Delivery System wrote:
>
> Date: Fri, 6 Sep 2002 15:18:55 +0800 (WST)
> From: Mail Delivery System <MAILER-DAEMON at busby.net>
> To: Postmaster <postmaster at busby.net>
> Subject: Postfix SMTP server: errors from server2.bet24.com[212.100.224.104]
>
> Transcript of session follows.
>
> Out: 220 ****.*** ESMTP Postfix
> In: HELO microsoft.com
> Out: 250 ****.***
> In: MAIL FROM: <smtpscanner at microsoft.com>
> Out: 250 Ok
> In: RCPT TO: indyblues9 at aol.com
> Out: 554 <indyblues9 at aol.com>: Recipient address rejected: Relay access denied
>
> Session aborted, reason: lost connection
>
..............
--
Bret Busby
Armadale
West Australia
..............
"So once you do know what the question actually is,
you'll know what the answer means."
- Deep Thought,
Chapter 28 of
"The Hitchhiker's Guide to the Galaxy:
A Trilogy In Four Parts",
written by Douglas Adams,
published by Pan Books, 1992
....................................................
More information about the plug
mailing list