tcsender email bombing
Bob Izenberg
bei at austin.aus.sig.net
Wed Nov 5 04:07:24 UTC 1997
Dennis Simpson wrote:
# Is anyone else seeing concerted bombing from tcsender@<a
# couple of addresses> where the relayhost covers many hosts?
We saw 26 of them today. A mis-configured spoofer showed
what may be the true sender:
from=<tcsender at get-more-hits.com.online-marketing.com> relay=root at mustang.detroit.usweb.com [207.17.162.28]
At least one of the messages contained this USPS address:
EVA, Inc.
43 Riverside Ave.
Suite 72
Medford, MA 02155
USA
Here's what we received (US/Central time):
02:10:37 relay=root at zeus.total-access.net [209.60.65.3]
02:14:18 relay=[204.101.235.67] (may be forged)
02:17:16 relay=gost3.indirect.com [165.247.198.3]
02:24:06 relay=www.unitedmedia.com [207.121.184.84]
02:33:10 relay=fivepoints.com [38.229.187.2]
02:34:14 relay=[206.10.45.200] (may be forged)
02:37:30 relay=fujipub.com [192.41.4.169]
02:39:53 relay=root at astra.genghis.com [205.139.15.34]
02:46:02 relay=root at enteract.com [206.54.252.1]
02:54:42 relay=100t.lauderdale.net [207.141.140.10]
03:12:57 relay=ns1.vie.com [205.214.55.3]
03:15:57 relay=[207.213.148.64] (may be forged)
03:18:07 relay=gateway.foliage.com [209.61.70.2]
03:18:43 relay=root at realbeer.com [204.152.97.15]
03:35:53 relay=boulevards.boulevards.com [204.162.28.70]
03:36:57 relay=amyda.foe.co.uk [193.114.240.82]
03:37:46 relay=root at gemini.speakeasy.org [199.238.226.62]
03:37:49 relay=france-travel.com [192.41.4.181]
03:38:08 relay=root at linked.net [209.24.1.201]
03:38:38 relay=money.fsonline.com [199.171.21.101]
03:39:49 relay=root at linked.net [209.24.1.201]
03:40:48 relay=cyberhost3.com [192.41.31.40]
03:45:00 relay=root at mustang.detroit.usweb.com [207.17.162.28]
03:48:58 relay=root at ns.shelbynet.net [206.246.132.10]
03:49:43 relay=mail at gate.imall.com [207.173.184.8]
03:52:23 relay=mail.devontax.com [204.57.91.69]
Bob
--
======================================================================
bob izenberg signet network operations
+1 (512) 306-0700 bei at sig.net
======================================================================
More information about the NANOG
mailing list