25,000 ton amphibious spam relay

Swaar, Matthew L. Matthew.Swaar at cert.mil
Tue Dec 16 20:52:33 UTC 2003


E-mailing the DOD-CERT is also another way to try to get these things fixed.

(...I'm not 100% certain that getting this fixed was the point of this, but
I
figured I'd point that out on the off chance.)

I'm forwarding the header information of this spam to the appropriate folks.

V/R,
Matthew Swaar
ASN568 Analyst
matthew.swaar at cert.mil

-----Original Message-----
From: Eric Kuhnke [mailto:eric at fnordsystems.com]
Sent: Tuesday, December 16, 2003 2:46 PM
To: nanog at merit.edu
Subject: 25,000 ton amphibious spam relay



http://www.interesting-people.org/archives/interesting-people/200312/msg0007
0.html

=================================

At 09:59 AM 12/16/2003, Rich Kulawiec wrote:
[ Doesn't it just make you feel all safe and cozy when the people
responsible for our defense are allowing military hardware to be
hijacked to relay spam?

---Rsk ]

----- Forwarded message from Bruce Gingery <bg7341 at GTCS.COM> -----

  > Date:         Tue, 16 Dec 2003 00:48:14 -0700
  > From: Bruce Gingery <bg7341 at GTCS.COM>
  > Subject: Spam, Block: 25,000 ton spam relay, with photos of it!
  > To: SPAM-L at PEACH.EASE.LSOFT.COM
  >
  > ANNOUNCING:  The amphibious transport dock and spam relay
  >
  > http://www.news.navy.mil/list_all.asp?id=8488
  > Zoom-in
  > http://www.news.navy.mil/view_single.asp?id=4553
  > http://www.news.navy.mil/view_single.asp?id=2746
  >
  > > The ship supports the Marine Corps "mobility triad," the LCAC
  > >(Landing Craft Air Cushion vehicle), the "Triple A-V" (AAAV -
  > > Advanced Amphibious Assault Vehicle) and the MV-22 (Osprey
  > > tiltrotor aircraft),
  >
  >         and (apparently) spammers in Guandong. Red China.
  >
  > > Furthermore, San Antonio incorporates the latest quality of life
  > > standards for the embarked Marines and sailors, including the sit-up
  > > berth, ship services mall, a fitness center and learning resource
  > > center/electronic classroom
  >
  >                               and Unsolicited Bulk E-Mail.
  >
  > Of course, it's possible that one of the OTHER eleven ships, still under
  > construction, is the Avondale, LA dot-MIL spam relay, or trojaned boat,
  > or some nice-and-secure Windows box in the construction drydocks, 
running
  > Microsoft Exchange Internet Mail Service Version 5.5.2653.13
  >
  > But doesn't it make all Americans feel all fuzzy and secure that a
  > Red Chinese spammer can abuse a US Naval Vessel of one of the newest
  > designs, to relay his "business proposition"?
  >
  > Perhaps it's tied to the USS Green Bay, instead? or USS New Orleans?
  > 
http://www.navsea.navy.mil/newswire_content.asp?txtDataID=8963&txtTypeID=2
  >
  > The USS Mesa Verde, seems to be in Mississippi, instead
  > 
http://www.navsea.navy.mil/newswire_content.asp?txtDataID=8663&txtTypeID=2
  >
  > But the E-Mail headers finger the USS San Antonio, LPD 17, already
  > christened, and due for commissioning some time this coming year.
  >
  > > LPD 17 Looks Like a "Gator"
  >
  > 
http://www.navsea.navy.mil/newswire_content.asp?txtDataID=8596&txtTypeID=2
  >
  >              but from here, it just looks like another spammer.
  >
  > [SPECIMEN]
  > H: Return-Path: <lugbkbgkd at ms13.hinet.net>
  > H: Received: from avnavfw.lpd17.navsea.navy.mil
  > H:      (avnavfw.pms317.navy.mil [205.67.231.235])
  > H:      by mail.gtcs.com (8.12.10/8.11.3/gtcs-6.3.8) with SMTP
  > H:      id hBG65HO8091853
  > H:      for <[victim]>; Mon, 15 Dec 2003 23:06:39 -0700 (MST)
  > H:      (envelope-from: <lugbkbgkd at ms13.hinet.net>)
  > H: X-Authentication-Warning: serv.gtcs.com: Host
  > H:      avnavfw.pms317.navy.mil [205.67.231.235]
  > H:      claimed to be avnavfw.lpd17.navsea.navy.mil
  > H: Received: from no.name.available by avnavfw.lpd17.navsea.navy.mil
  > H:        via smtpd (for [209.181.16.1]) with SMTP; 16 Dec 2003 
05:53:08 UT
  > H: Received: from avnavfw.AVONDALE (205.67.231.5 [205.67.231.5]) by
  > H:     swn-email.lpd17.navy.mil with SMTP (Microsoft Exchange 
Internet Mail
  > H:     Service Version 5.5.2653.13)
  > H:      id YY2BDP4P; Tue, 16 Dec 2003 00:07:28 -0600
  > H: From: "HuatonE-ScooterCo.,Ltd" <1232312fs21d at ms13.hinet.net>
  > H: Received: from [61.145.234.62] by avnavfw.AVONDALE
  > H:        via smtpd (for [205.66.99.30]) with SMTP; 16 Dec 2003 
05:51:47 UT
  > H: Subject: Re.About our new product
  > H: Content-Type: text/html
  > H: Date: Tue, 16 Dec 2003 13:57:41 +0800
  > H: X-Priority: 3
  >
  > [extract from HTML body]
  > B: Our company specializes in exporting electric & gas scooters, which
  > B: are most popular with our customers at home and abroad. Now we are
  > B: writing to offer you an opportunity to develop a mutual trade. If
  > B: you are interested in establishing business relations with us, please
  > B: let us know your requirements. Then we would like to forward 
catalogues
  > B: as well as detailed information to you, and offer the best price to
  > B: you. We assure you of our best attention to your any inquiries.
  > B: We anticipate your early response in respect.
  >
  > B: Huaton E-scooter Co., Ltd.
  > B: Room.B-202,Building Si-Hai-Ming-Yuan
  > B: Burg Weiji,Zone Gongbei
  > B: City Zhuhai 519020
  > B: Province Kwangtung,China
  > B: Tel:86-756-821-6922
  > B: Fax:86-756-888-3037
  >  ...
  >
  > Spam support by:
  > The US Navy, Avondale Lousiana Shipyard, Firewall, and hosts behind it
  >
  >   OrgName:    DoD Network Information Center
  >   OrgID:      DNIC
  >   Address:    7990 Science Applications Ct
  >   Address:    M/S CV 50
  >   City:       Vienna
  >   StateProv:  VA
  >   NetRange:   205.0.0.0 - 205.117.255.255
  >   Comment:    DOD Network Information Center
  >   Comment:    Space and Naval Warfare Systems
  >   Comment:    Washington, DC 20363-5100 US
  >
  > Responsible for these not-yet-commissioned ships ...
  >    Naval Sea Systems Command
  >    1333 Isaac Hull Avenue S. E.
  >    Washington Navy Yard, D.C. 20376
  >    Congressional/Press Inquiries: (202) 781-4124
  >
  > Link in spam hosted at
  > B: http://dateu.to/
  >   inetnum:      202.181.192.0 - 202.181.223.255
  >   netname:      HKCIX
  >
  > Link in spam hosted at
  > B: http://i19.ac.tpe.yahoo.com/
  >   inetnum:      202.1.232.0 - 202.1.239.255
  >   netname:      YAHOO-ASIA
  >   descr:        streaming media, e-mail, instant messenger, www,  etc
  >   country:      HK
  >
  > Spammer at:
  >   inetnum:      61.145.0.0 - 61.145.255.255
  >   netname:      CHINANET-GD
  >   descr:        CHINANET Guangdong province network

----- End forwarded message -----

-------------------------------------
You are subscribed as interesting-people at lists.elistx.com
To manage your subscription, go to
   http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/



More information about the NANOG mailing list