RE: OK, who's the idiot using tcwireless.us?

[Skywing <Skywing () valhallalegends com>]

The person responsible already posted about this about 4 hours ago, BTW; further speculation is obsolete. :)

- S

-----Original Message-----
From: Owen DeLong [mailto:owen () delong com]
Sent: Tuesday, October 07, 2008 9:11 PM
To: Christopher LILJENSTOLPE
Cc: nanog () nanog org
Subject: Re: OK, who's the idiot using tcwireless.us?

Active address validation, perhaps?

Owen

On Oct 7, 2008, at 3:05 PM, Christopher LILJENSTOLPE wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Greetings,
>
>       I agree with Howard here, I don't think this is a mis-
> configuration, but a harvest attempt.  The "mailserver" is in
> different messages, and I can't see how that could get misconfigured
> in a honest validation server.  My guess is that someone is trolling
> the archives, and sending this back?  Why, I have no idea, given
> they already can see the sending address.
>
>       Chris
>
> On 07 Oct 2008, at 13.14, Valdis.Kletnieks () vt edu wrote:
>
> > Somebody on the NANOG mailing list has their mail pointing to
> > tcwireless.us,
> > which is throwing challenge/response mail like the following:
> >
> >
> > Your message
> >
> > From: Valdis.Kletnieks () vt edu
> > To: n3td3v <xploitable () gmail com>
> > Subject: Re: Fwd: cnn.com - Homeland Security seeks cyber
> > counterattack system (
> > Einstein 3.0)
> > Date: 10/6/2008
> >
> > has been just received by gmail.com mailserver.
> >
> > To prove that your message was sent by a human and not a computer,
> > please
> > visit the URL below and type in the alphanumeric text you will see
> > in the
> > image. You will be asked to do this only once for this recipient.
> >
> > http://mail.tcwireless.us/challenge/?folder=2008100614384085099427
> >
> > Your message will be automatically deleted in a few days if you do
> > not
> > confirm this request.
> >
> > =====================================================
> > DO NOT REPLY TO THIS MESSAGE. NO ONE WILL RECEIVE IT.
> > =====================================================
> >
> > Note it says 'gmail.com mailserver'.  Paul Ferguson reported to me
> > that the one
> > he saw said 'received by vt.edu mailserver'.  Also note that the
> > From/To
> > has lost nanog () nanog org - for both my note and Paul's (in fact,
> > looking at
> > Paul's actual posting and mine show nanog () nanog org as being the
> > only common
> > link, thus the "must be a nanog subscriber" conclusion).
> >
> > Please, if you're going to use a C/R, at least learn how to
> > whitelist the
> > mailing lists you're on.  And if you can't figure out how to do
> > that, please
> > do us all a favor and not try to run an operational network...
>
> - ---
> 李柯睿
> Check my PGP key here:
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xCB67593B
>
>
>
>
> -----BEGIN PGP SIGNATURE-----
>
> iQEcBAEBAgAGBQJI690kAAoJEGmx2Mt/+Iw/awkH/j/goIY2MuQYfMkGVCmBVlMx
> vrFACJFUdM3kFSw1KuB5l0s7U62JIuxoCMkIFuEU1xtXQzNMbmYytlkIq/oNY31q
> VEaEcG6khM7oxDrbbc4TgFVHm195o1mKYhK8TMPr5WBq9RIgY+n2iWFYfi/kIR0x
> R5VgKG2LUFOJr2i/400X8UGbq5DJAbStJf7FrqIWAQCsgtEVPSSp/cMrjujG4iPD
> 1mH4x76q3RrrMfUpcELs/LAE55eBPMFXAUx4lk13QKVhp7xkK5lkQWlUvEOUQKmQ
> zDCsj0Lu2sOPldZFszcKUQNuHQE3Bp8j3MNJ1vMBqSH2m+Gdh+Wwu3TRq8F1QaM=
> =flGu
> -----END PGP SIGNATURE-----