[GTER] Fw: Weird distributed spam attack
Enomoto
senomoto at estadao.com.br
Sat Nov 23 00:58:00 -02 2002
O que temos visto aqui no estadao.com.br é a utilização por parte dos
sites pornos de open proxies, para despachar os emails. É comum ver um
mesmo email de "spam" vindo de IPs que são de maquinas utilizando
conexão broadband e do bloco 211/8 ao mesmo tempo.
[]s
[Sandro]
-------- Mensagem Original --------
>Assunto: Re: [GTER] Fw: Weird distributed spam attack
>Remetente: "Rubens Kuhl Jr." <rubens at email.com>
>Data: Sex, 22 de Novembro de 2002, 18:20
>
>
>
> Não, mas o que ele reporta é coerente com os spam-ware atuais que a
> partir de uma lista de open-proxies fazem distribuição de e-mails,
> harvesting de endereços...
>
> Rubens
>
>
> ----- Original Message -----
> From: "Luiz Eduardo (Doc)" <doc at n3tworkZ.com>
> To: <gter at eng.registro.br>
> Sent: Friday, November 22, 2002 6:06 PM
> Subject: [GTER] Fw: Weird distributed spam attack
>
>
> | Alguém aí vendo a mesma coisa?
> |
> | []s
> | le
> |
> | ----- Original Message -----
> | From: <dru-nanog at redwoodsoft.com>
> | To: <nanog at merit.edu>
> | Sent: Tuesday, November 19, 2002 6:42 PM
> | Subject: Weird distributed spam attack
> |
> |
> | >
> | >
> | > Unless, I missed the posts about this,.. I just
> | > (and still am experiencing) a distributed spam
> | > attack.
> | >
> | > I have a small machine at a colo. Today I check my
> | > inbox and there are 2000+ extra messages to
> | > a domain I have 'zbot.net'. The messages are doing
> | > 4 letter combinations for the recipient. (abde, abdf, etc.)
> | > The from's are all mybestplacetoshop at ainet.us
> | > I check my qmail queue -> its at 13405 messages.
> | > I shut down mail and remove the email from the queue.
> | >
> | > Here is the kicker. I check where these are coming from, they
> | > are from all over the place. I check for IP address spoofing... | >
> not happening. No IP options or TCP options.
> | >
> | > This came from like about 300 different networks, and yes
> | > I don't accept source routing (IP Options).
> | >
> | >
> | > Anyways, it happened to my machine, I stopped accepting mail
> | > to that domain from qmail-smtpd, so I'm back to normal.
> | > If anyone want's a tcpdump of the connection attempts
> | > or the emails. Let me know.
> | >
> | >
> | > Dru Nelson
> | > San Carlos, California
> | >
> | >
> | >
> | >
> |
> | --
> | GTER list http://eng.registro.br/mailman/listinfo/gter
> |
>
> --
> GTER list http://eng.registro.br/mailman/listinfo/gter
------------------------------------------------------------------
ESTADAO.COM.BR - INTERNET E E-MAIL GRÁTIS COM A QUALIDADE ESTADÃO!
Acesse agora e crie sua conta: http://www.estadao.com.br
------------------------------------------------------------------
More information about the gter
mailing list