Security Incidents mailing list archives

MX RR for China CERT invalid :-(

From: "Ralf G. R. Bergs" <rabe () RWTH-Aachen DE>
Date: Mon, 19 Mar 2001 10:34:29 +0100

Hi there,

I usually cc the Korea CERT when I need to file network abuse incidents that
originate from Korean IPs.

Now that scans and such from China become more popular I started cc'ing the
China CERT (http://www.ccert.edu.cn/index.en.html, e-mail according to
website: report () ccert edu cn).

Guess what? E-Mail to them bounces. :-(((

  report () ccert edu cn:
    all relevant MX records point to non-existent hosts:
    it appears that the DNS operator for this domain has installed an invalid
MX record with an IP address instead of a domain name on the right hand side

I tried to be creative and contact them anyway:

  postmaster () edu cn:
    SMTP error from remote mailer after RCPT TO:<postmaster () edu cn>:
    host edu.cn [202.112.0.36]:
    550 <postmaster () edu cn>... Relaying denied
  postmaster@[202.112.57.18]:
    SMTP error from remote mailer after RCPT TO:<postmaster@[202.112.57.18]>:
    host [202.112.57.18] [202.112.57.18]:
    550 5.7.1 <postmaster@[202.112.57.18]>... Relaying denied
  postmaster@cn:
    unrouteable mail domain "cn"

Great. :-/

Any other ideas? Other than blackholing *.cn?

Thanks,

Ralf


--
Sign the EU petition against SPAM:          L I N U X       .~.
http://www.politik-digital.de/spam/        The  Choice      /V\
                                            of a  GNU      /( )\
                                           Generation      ^^-^^

Current thread:

MX RR for China CERT invalid :-( Ralf G. R. Bergs (Mar 19)
- Re: MX RR for China CERT invalid :-( Russell Fulton (Mar 19)