nanog mailing list archives
Re: Tracing packets (was Re: Spamhaus Exposed)
From: "Andrew - Supernews" <andrew () supernews net>
Date: Thu, 18 Mar 2004 01:16:15 +0000
"Sean" == Sean Donelan <sean () donelan com> writes:
Not just a load of BS, but posted to NANOG anonymously, through a hijacked machine at 198.26.130.36 (The Pentagon) no less.
Sean> Has that actually been confirmed. Any machine associated with Sean> the path could have been compromised including systems with Sean> transitive trust which may not appear in the e-mail headers. Sean> Occam's Razor would say the message most likely did originated Sean> where it says it originated. Occam's Razor says that the .mil host is an open web proxy. What, you thought that .mil systems would be secure? Sean> But when I just checked it wasn't listed in any of the major Sean> block lists of compromised hosts (spamcop does list it as a Sean> spam source), The spamcop listing is very recent, and I'd bet a large sum it is based on nothing more than reports of that specific message. Other lists like DSBL and CBL would not list the proxy unless it is capable of being abused for CONNECT or POST to port 25. Many proxies are wide open for normal web access (which is sufficient to send email via Hotmail) but not abusable for direct SMTP use, and these proxies are not found by email-centered detection methods. -- Andrew, Supernews http://www.supernews.com
Current thread:
- Re: Spamhaus Exposed, (continued)
- Re: Spamhaus Exposed Peter Galbavy (Mar 18)
- Re: Spamhaus Exposed Bill Woodcock (Mar 18)
- Re: Spamhaus Exposed John Payne (Mar 18)
- Re: Spamhaus Exposed Peter Galbavy (Mar 18)
- Re: Spamhaus Exposed Sam Stickland (Mar 18)
- Re: Spamhaus Exposed Paul Jakma (Mar 18)
- Re: Spamhaus Exposed Jim Popovitch (Mar 18)
- Re: Spamhaus Exposed Paul Jakma (Mar 18)
- Re: Spamhaus Exposed Laurence F. Sheldon, Jr. (Mar 18)
- Re: Tracing packets (was Re: Spamhaus Exposed) Andrew - Supernews (Mar 17)