[plug] Is this a spam attack?
James Devenish
devenish at guild.uwa.edu.au
Tue May 13 18:00:33 WST 2003
In message <Pine.LNX.4.44.0305131746360.2259-100000 at BBRH73.busby.net>
on Tue, May 13, 2003 at 05:58:26PM +0800, Bret Busby wrote:
> > >A while ago, when I contacted the computer crimes part of the Singapore
> > >police, about repeated attempts to breach our server for relaying, as
> > >the originating addresses showed to be Singapore domains, the response
> > >from them, was that the addresses were spoofed.
> > >
> > >So, I believe that trying to trace the originating addresses for the
> > >problem, would, I believe, likely be futile.
[...]
> > It's very doubtful that the addresses are 'spoofed' in the classical
> > sense. It's practically impossible to spoof a TCP connection to a modern
> > Linux box as their TCP sequence numbers are near-impossible to predict.
> > What they may have been talking about is proxy hijacking, where the
> > connection is bounced off an unwilling 3rd-party, but it sound more like
> > a fob-off to me.
It looks like Bret was talking about spoofing e-mail addresses while
Luke was talking about spoofing IP addresses. Both people were correct
in those individual context. Earlier, Luke had also written about
verifying that the two lots of addresses are in agreement with each
other. Note that SMTP e-mail addresses are highly spoofable by design
(by analogy to the postal mail system).
More information about the plug
mailing list