nanog mailing list archives
Re: any known users of NetRange 172.16.0.0 - 172.31.255.255
From: "David Howe" <DaveHowe () gmx co uk>
Date: Fri, 27 Sep 2002 09:39:07 +0100
at Friday, September 27, 2002 1:42 AM, hostmaster <hostmaster () nso org> was seen to say:
<hidden_user@172.17.0.1>
Its a pretty common "leak" format. what usually happens is this. An internal mail server is running on a network using 1918 addressing, and is addressed by smtp by a user. The user identifies as a bare name (no @ sign) - using "MAIL FROM: hidden_user" and the mailler Reverse DNS looksup the IP address of the client, and appends that dns name (or the ip address if the rdns fails) your best bet is to look for the first recognisable mailserver in the chain, and forward a query to the postmaster of that mailserver - either it is one of his own internal systems doing this, or he is being used as a relay by a spammer. either way, he will probably want to know about it :)
Current thread:
- any known users of NetRange 172.16.0.0 - 172.31.255.255 hostmaster (Sep 26)
- Re: any known users of NetRange 172.16.0.0 - 172.31.255.255 David Howe (Sep 27)
- <Possible follow-ups>
- Re: any known users of NetRange 172.16.0.0 - 172.31.255.255 Tony Rall (Sep 26)
- Re: any known users of NetRange 172.16.0.0 - 172.31.255.255 E.B. Dreger (Sep 26)
- Re: any known users of NetRange 172.16.0.0 - 172.31.255.255 Tony Rall (Sep 26)
- Re: any known users of NetRange 172.16.0.0 - 172.31.255.255 E.B. Dreger (Sep 26)
- Re: any known users of NetRange 172.16.0.0 - 172.31.255.255 Joe (Sep 26)