Security Incidents mailing list archives

Re: sending out spam through IRC server ?

From: R Andersson <listbox () pole-position org>
Date: Tue, 04 Mar 2003 22:33:26 +0100

Bronek Kozicki wrote:

Recently I received some complains on spam apparently sent from one of
my servers (Win2K + SP3 + recent hotfixes). The problem is that:


[snip]

So here I'm, with spam holding my IP in lowest "Received:" header and no
traces. There are only two things I can think of:
1. some leaky web form NOT using CDO/CDONT to send out messages (and
something else instead)
2. Faerion IRC daemon ver. 1.17.6 . I installed it and configured for
handling only local chat sessions (not connected to any IRC network)

If I don't misunderstand what you're writing, it could be as simple as aforged header, manually put there by the spammer. Are there manyReceived-headers? You can't trust any of them except maybe the topmost.

By looking at more copies of the same spam, received by different users(at different places) you may be able to rule out some of the headers asforged. There are lots of info on this on the web.


/R


----------------------------------------------------------------------------

<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure";> http://www.securityfocus.com/stillsecure </A>

Current thread:

sending out spam through IRC server ? Bronek Kozicki (Mar 04)
- Re: sending out spam through IRC server ? R Andersson (Mar 05)
- RE: sending out spam through IRC server ? Bill Lavalette (Mar 05)
- Re: sending out spam through IRC server ? Alex Lambert (Mar 05)
  - RE: sending out spam through IRC server ? Robert (Mar 05)
- Re: sending out spam through IRC server ? Bronek Kozicki (Mar 06)