Security Basics mailing list archives

Re: deny access

From: Sean Earp <smearp () gmail com>
Date: Thu, 25 Nov 2004 20:53:25 -0600

If you pull up this IP in a web browser, it is an OWA 2003 server, and
according to SamSpade, the IP address belongs to a company called
"Cummings Oberkfell and Ristau", which appears to be an auditing/CPA
company.  <http://www.samspade.org/t/lookat?a=216.212.33.185>

The certificate provided by the site is for mail.cummingscpa.com,
which also happens to resolve to this IP address.  In other words, it
appears to be a legitimate Exchange Server for a legitimate company.  
If you look up the company name on Google, the first several results
list a phone number for the company.  I would call and explain the
situation, and see if you can get in touch with a System
Administrator.  It may be an honest mistake on their end, or they may
have a compromised server.  In either case, a friendly phone call
could probably go a long way.  Just my 2 cents...

-Sean


On Wed, 24 Nov 2004 16:27:40 -0700, Carlos Garcia
<carlosg () cabonet net mx> wrote:

newbie question how can i block this ip 216.212.33.185 i have a cisco 7200
this ip is trying to send mail with my server, i did not configure the
router so i dont know how to do this any help?

Atte.
Carlos A. Garcia G.
Cabonet Staff
Tel (624) 14 30120

Current thread:

deny access Carlos Garcia (Nov 26)
- Re: deny access Sean Earp (Nov 27)
- Re: deny access John R. Morris (Nov 27)
- Re: deny access GuidoZ (Nov 27)
- RE: deny access dave kleiman (Nov 27)
- RE: deny access David Gillett (Nov 29)
- <Possible follow-ups>
- Re: deny access Carlos Garcia (Nov 27)
  - Re: deny access GuidoZ (Nov 29)
    - Message not available
    - Re: deny access GuidoZ (Nov 30)
    - Re: deny access GuidoZ (Nov 30)
  - RE: deny access David Gillett (Nov 30)
    - RE: deny access James McGee (Nov 30)

(Thread continues...)