nanog mailing list archives
Re: tcsender email bombing
From: "Bob Izenberg" <bei () austin aus sig net>
Date: Tue, 4 Nov 1997 22:07:24 -0600 (CST)
Dennis Simpson wrote: # Is anyone else seeing concerted bombing from tcsender@<a # couple of addresses> where the relayhost covers many hosts? We saw 26 of them today. A mis-configured spoofer showed what may be the true sender: from=<tcsender () get-more-hits com online-marketing com> relay=root () mustang detroit usweb com [207.17.162.28] At least one of the messages contained this USPS address: EVA, Inc. 43 Riverside Ave. Suite 72 Medford, MA 02155 USA Here's what we received (US/Central time): 02:10:37 relay=root () zeus total-access net [209.60.65.3] 02:14:18 relay=[204.101.235.67] (may be forged) 02:17:16 relay=gost3.indirect.com [165.247.198.3] 02:24:06 relay=www.unitedmedia.com [207.121.184.84] 02:33:10 relay=fivepoints.com [38.229.187.2] 02:34:14 relay=[206.10.45.200] (may be forged) 02:37:30 relay=fujipub.com [192.41.4.169] 02:39:53 relay=root () astra genghis com [205.139.15.34] 02:46:02 relay=root () enteract com [206.54.252.1] 02:54:42 relay=100t.lauderdale.net [207.141.140.10] 03:12:57 relay=ns1.vie.com [205.214.55.3] 03:15:57 relay=[207.213.148.64] (may be forged) 03:18:07 relay=gateway.foliage.com [209.61.70.2] 03:18:43 relay=root () realbeer com [204.152.97.15] 03:35:53 relay=boulevards.boulevards.com [204.162.28.70] 03:36:57 relay=amyda.foe.co.uk [193.114.240.82] 03:37:46 relay=root () gemini speakeasy org [199.238.226.62] 03:37:49 relay=france-travel.com [192.41.4.181] 03:38:08 relay=root () linked net [209.24.1.201] 03:38:38 relay=money.fsonline.com [199.171.21.101] 03:39:49 relay=root () linked net [209.24.1.201] 03:40:48 relay=cyberhost3.com [192.41.31.40] 03:45:00 relay=root () mustang detroit usweb com [207.17.162.28] 03:48:58 relay=root () ns shelbynet net [206.246.132.10] 03:49:43 relay=mail () gate imall com [207.173.184.8] 03:52:23 relay=mail.devontax.com [204.57.91.69] Bob -- ====================================================================== bob izenberg signet network operations +1 (512) 306-0700 bei () sig net ======================================================================
Current thread:
- tcsender email bombing Dennis Simpson (Nov 04)
- Re: tcsender email bombing Bob Izenberg (Nov 04)
- Re: tcsender email bombing John-David Childs (Nov 04)
- Re: tcsender email bombing Jon Lewis (Nov 04)
- Re: tcsender email bombing Bradley Dunn (Nov 04)
- <Possible follow-ups>
- Re: tcsender email bombing Dennis Simpson (Nov 04)
- Re: tcsender email bombing Dennis Simpson (Nov 04)
- Re: tcsender email bombing Doug Davis (Nov 04)