[GTER] Fw: Weird distributed spam attack

Rubens Kuhl Jr. rubens em email.com
Sexta Novembro 22 18:21:00 BRST 2002


Não, mas o que ele reporta é coerente com os spam-ware atuais que a partir
de uma lista de open-proxies fazem distribuição de e-mails, harvesting de
endereços...

Rubens


----- Original Message -----
From: "Luiz Eduardo (Doc)" <doc em n3tworkZ.com>
To: <gter em eng.registro.br>
Sent: Friday, November 22, 2002 6:06 PM
Subject: [GTER] Fw: Weird distributed spam attack


| Alguém aí vendo a mesma coisa?
|
| []s
| le
|
| ----- Original Message -----
| From: <dru-nanog em redwoodsoft.com>
| To: <nanog em merit.edu>
| Sent: Tuesday, November 19, 2002 6:42 PM
| Subject: Weird distributed spam attack
|
|
| >
| >
| > Unless, I missed the posts about this,.. I just
| > (and still am experiencing) a distributed spam
| > attack.
| >
| > I have a small machine at a colo. Today I check my
| > inbox and there are 2000+ extra messages to
| > a domain I have 'zbot.net'. The messages are doing
| > 4 letter combinations for the recipient. (abde, abdf, etc.)
| > The from's are all mybestplacetoshop em ainet.us
| > I check my qmail queue -> its at 13405 messages.
| > I shut down mail and remove the email from the queue.
| >
| > Here is the kicker. I check where these are coming from, they
| > are from all over the place. I check for IP address spoofing...
| > not happening. No IP options or TCP options.
| >
| > This came from like about 300 different networks, and yes
| > I don't accept source routing (IP Options).
| >
| >
| > Anyways, it happened to my machine, I stopped accepting mail
| > to that domain from qmail-smtpd, so I'm back to normal.
| > If anyone want's a tcpdump of the connection attempts
| > or the emails. Let me know.
| >
| >
| > Dru Nelson
| > San Carlos, California
| >
| >
| >
| >
|
| --
| GTER list    http://eng.registro.br/mailman/listinfo/gter
|




More information about the gter mailing list