Security Incidents mailing list archives
Re: email address probes
From: Dave Laird <dlaird () kharma net>
Date: Wed, 5 Feb 2003 23:57:41 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Good evening, Andy... everyone... On Wednesday 05 February 2003 12:54 pm, Andy Bastien wrote:
Where I work, we've getting lots of attempts to send email to random addresses at our domain. All of these attempts have been coming from valid servers operated by AOL, MSN, and Hotmail. I'm guessing that this is an attempt to find some spam targets, although I suppose that there could be something worse in store.
You haven't said if you are able to detect whether these are clever forgeries attempting to spoof your mailer into believing they are from AOL, MSN or Hotmail. I see a *lot* of these, coming from domains in South America and Pacific Rim Countries. When I get too many of these from the same IP range in a short period of time, I drop them from within the IPTables firewall script and they never bother me again. 8-) Yes, I know it's crude, but it's also extremely effective.
Does anyone have any suggestions as to how we could handle this problem?
You said these were coming from domains you cannot block. Can I ask why? If they are consistently sending you spam, and if their ISP is not responsive to your complaints, I'd drop them via the firewall method. Dave - -- Dave Laird (Dave () kharma net) The Used Kharma Lot / The Phoenix Project Web Page: http://www.kharma.net updated 01/20/2003 Usenet News server: news.kharma.net Musicians Calendar and Database access: http://www.kharma.net/calendar.html An automatic & random thought For the Minute: System going down in 5 minutes. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+QhV1aE1ENZP1A28RAvo/AJsHsOIWlNRARZfxHFTHvMNkYAFJ6ACeNBX1 1wlYPq2TQ/RFmxa155qPH98= =isgN -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- email address probes Andy Bastien (Feb 05)
- Re: email address probes Kee Hinckley (Feb 06)
- Re: email address probes Brad Arlt (Feb 06)
- Re: email address probes james (Feb 06)
- Re: email address probes Brad Arlt (Feb 07)
- Re: email address probes Greg A. Woods (Feb 06)
- Re: email address probes Axel Beckert - ecos gmbh (Feb 06)
- RE: email address probes Rob Shein (Feb 07)
- Re: email address probes Axel Beckert - ecos gmbh (Feb 06)
- Re: email address probes Dave Laird (Feb 06)
- Re: email address probes Ned Fleming (Feb 06)
- Re: email address probes Andy Bastien (Feb 07)
- <Possible follow-ups>
- RE: email address probes Johann Kruse (Feb 06)