PaulDotCom mailing list archives
Re: Steady stream of probe email messages.
From: Arch Angel <arch3angel () gmail com>
Date: Mon, 30 Jul 2012 23:37:17 -0400
I also think these are being used to verify active accounts which might be used later for a more targeted attack. I would begin looking at the "no recipient" messages in your email server.
-- Thank you, Robert Miller http://www.armoredpackets.com Twitter: @arch3angel On 7/26/2012 9:27 AM, Jeremy Pommerening wrote:
I think the suggestion that it could be to verify real addresses is probably the most logical. I see these from time to time too.Jeremy Pommerening CISSP,GCFA,GPEN,GAWN,GCFW, MCSE Win2K, MCSE NT4 ------------------------------------------------------------------------ *From:* Dave <d () securi-d com>*To:* PaulDotCom Security Weekly Mailing List <pauldotcom () mail pauldotcom com>*Sent:* Saturday, July 21, 2012 7:29 PM *Subject:* Re: [Pauldotcom] Steady stream of probe email messages.Maybe they are verifying real e-mail addresses? If they get a bounce message e-mail address = bad.Sent from my iPadOn Jul 21, 2012, at 3:59 PM, David Kovar <dkovar () gmail com <mailto:dkovar () gmail com>> wrote:> Aaron, > > Alas, there is no content at all, no text, no HTML, nothing .... > > -David > > On Jul 21, 2012, at 12:57 PM, Aaron Melton wrote: > >> David, >> >> Are these messages in plain text or HTML format? >> >> Could they be imbedding objects in the HTML to do reconnaissance of the >> system/network? >> >> Aaron >> >> On 7/20/12 7:29 PM, David Kovar wrote: >>> Good evening, >>>>>> A mid-sized high tech client got a new CEO a few months ago. Since coming on board, he's received a steady stream of probe email addresses from a wide variety of throw away email address. The addresses are most often Gmail accounts with random letters for the name and for the address. The subject line and message body are often blank, but they occasionally contain "Hello". There is no malicious payload. No other messages arrive from the same address to any employee and the sender's address doesn't show up via any searches I've conducted.>>> >>> Any speculation on the purpose of these messages? >>> Any ideas on how to trace them back to someone? >>> Any ideas on how to stop them? >>> Anyone else seeing this? >>> >>> -David >>> _______________________________________________ >>> Pauldotcom mailing list >>> Pauldotcom () mail pauldotcom com <mailto:Pauldotcom () mail pauldotcom com> >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >>> >> >> -->> "In the beginning of a change, the patriot is a scarce man, brave, hated>> and scorned. When his cause succeeds however, the timid join him, for >> then it costs nothing to be a patriot." -Mark Twain >> _______________________________________________ >> Pauldotcom mailing list >> Pauldotcom () mail pauldotcom com <mailto:Pauldotcom () mail pauldotcom com> >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com <http://pauldotcom.com/> > > _______________________________________________ > Pauldotcom mailing list > Pauldotcom () mail pauldotcom com <mailto:Pauldotcom () mail pauldotcom com> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com <http://pauldotcom.com/> _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com <mailto:Pauldotcom () mail pauldotcom com> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com <http://pauldotcom.com/> _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Steady stream of probe email messages. David Kovar (Jul 21)
- Re: Steady stream of probe email messages. Robert Wesley McGrew (Jul 21)
- Re: Steady stream of probe email messages. Aaron Melton (Jul 21)
- Re: Steady stream of probe email messages. David Kovar (Jul 21)
- Re: Steady stream of probe email messages. Dave (Jul 21)
- Re: Steady stream of probe email messages. Jeremy Pommerening (Jul 26)
- Re: Steady stream of probe email messages. Arch Angel (Jul 31)
- Re: Steady stream of probe email messages. David Kovar (Jul 21)
- Re: Steady stream of probe email messages. Ken Pryor (Jul 21)