PaulDotCom mailing list archives
Re: Steady stream of probe email messages.
From: Jeremy Pommerening <theaudioman () yahoo com>
Date: Thu, 26 Jul 2012 06:27:50 -0700 (PDT)
I think the suggestion that it could be to verify real addresses is probably the most logical. I see these from time to time too. Jeremy Pommerening CISSP,GCFA,GPEN,GAWN,GCFW, MCSE Win2K, MCSE NT4 ________________________________ From: Dave <d () securi-d com> To: PaulDotCom Security Weekly Mailing List <pauldotcom () mail pauldotcom com> Sent: Saturday, July 21, 2012 7:29 PM Subject: Re: [Pauldotcom] Steady stream of probe email messages. Maybe they are verifying real e-mail addresses? If they get a bounce message e-mail address = bad. Sent from my iPad On Jul 21, 2012, at 3:59 PM, David Kovar <dkovar () gmail com> wrote:
Aaron, Alas, there is no content at all, no text, no HTML, nothing .... -David On Jul 21, 2012, at 12:57 PM, Aaron Melton wrote:David, Are these messages in plain text or HTML format? Could they be imbedding objects in the HTML to do reconnaissance of the system/network? Aaron On 7/20/12 7:29 PM, David Kovar wrote:Good evening, A mid-sized high tech client got a new CEO a few months ago. Since coming on board, he's received a steady stream of probe email addresses from a wide variety of throw away email address. The addresses are most often Gmail accounts with random letters for the name and for the address. The subject line and message body are often blank, but they occasionally contain "Hello". There is no malicious payload. No other messages arrive from the same address to any employee and the sender's address doesn't show up via any searches I've conducted. Any speculation on the purpose of these messages? Any ideas on how to trace them back to someone? Any ideas on how to stop them? Anyone else seeing this? -David _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com-- "In the beginning of a change, the patriot is a scarce man, brave, hated and scorned. When his cause succeeds however, the timid join him, for then it costs nothing to be a patriot." -Mark Twain _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Steady stream of probe email messages. David Kovar (Jul 21)
- Re: Steady stream of probe email messages. Robert Wesley McGrew (Jul 21)
- Re: Steady stream of probe email messages. Aaron Melton (Jul 21)
- Re: Steady stream of probe email messages. David Kovar (Jul 21)
- Re: Steady stream of probe email messages. Dave (Jul 21)
- Re: Steady stream of probe email messages. Jeremy Pommerening (Jul 26)
- Re: Steady stream of probe email messages. Arch Angel (Jul 31)
- Re: Steady stream of probe email messages. David Kovar (Jul 21)
- Re: Steady stream of probe email messages. Ken Pryor (Jul 21)