nanog mailing list archives

Re: any known users of NetRange 172.16.0.0 - 172.31.255.255

From: "David Howe" <DaveHowe () gmx co uk>
Date: Fri, 27 Sep 2002 09:39:07 +0100


at Friday, September 27, 2002 1:42 AM, hostmaster <hostmaster () nso org>
was seen to say:

<hidden_user@172.17.0.1>

Its a pretty common "leak" format.
what usually happens is this. An internal mail server is running on a
network using 1918 addressing, and is addressed by smtp by a user. The
user identifies as a bare name (no @ sign) - using "MAIL FROM:
hidden_user" and the mailler Reverse DNS looksup the IP address of the
client, and appends that dns name (or the ip address if the rdns fails)
your best bet is to look for the first recognisable mailserver in the
chain, and forward a query to the postmaster of that mailserver - either
it is one of his own internal systems doing this, or he is being used as
a relay by a spammer. either way, he will probably want to know about it
:)

Current thread:

any known users of NetRange 172.16.0.0 - 172.31.255.255 hostmaster (Sep 26)
- Re: any known users of NetRange 172.16.0.0 - 172.31.255.255 David Howe (Sep 27)
- <Possible follow-ups>
- Re: any known users of NetRange 172.16.0.0 - 172.31.255.255 Tony Rall (Sep 26)
  - Re: any known users of NetRange 172.16.0.0 - 172.31.255.255 E.B. Dreger (Sep 26)
- Re: any known users of NetRange 172.16.0.0 - 172.31.255.255 Tony Rall (Sep 26)
  - Re: any known users of NetRange 172.16.0.0 - 172.31.255.255 E.B. Dreger (Sep 26)
  - Re: any known users of NetRange 172.16.0.0 - 172.31.255.255 Joe (Sep 26)