I turned on the nobody alias for a few minutes, and the messages are actual
bounce messages from postmasters who are getting spam from someone forging
our return address. Very active spammer. Anything we can do?
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
Sent: Wednesday, September 22, 2004 8:38 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] Attack?
I turned on the nobody alias for a few minutes, and the
messages are actual
bounce messages from postmasters who are getting spam from
someone forging
our return address. Very active
]
To: [EMAIL PROTECTED]
Sent: Wednesday, September 22, 2004 9:55 AM
Subject: RE: [Declude.Virus] Attack?
If the bounce messages give you enough header information to track the
orignating IP you can complain to the guy's upstream, but my experience is
that most of these guys these days are using
: Wednesday, September 22, 2004 9:55 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] Attack?
If the bounce messages give you enough header information to
track the orignating IP you can complain to the guy's
upstream, but my experience is that most of these guys these
days are using
Oh wow. I've seen this before.
I can't remember the name, something like an 'inadvertent reflective
DDOS attack'.
Here's whats happening. A spammer is sending you emails to known bad
addresses at your domain, with the real intended address forged as the
return address. Your machine will
Look in the archives for info on dictionary attacks. They're very common
these days.
Darin.
- Original Message -
From: Stan Buck [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, September 21, 2004 11:49 AM
Subject: [Declude.Virus] Attack?
For three days now we've been getting
I've seen this happening with us for a while now.. I started tracking the IP
addresses to try and have iMail block them, but I would have to enter them
manually and wasn't going to do that.. Way too many.. Hahaha
I think the only way to really fix this (what I've been looking at and
trying to
]
[mailto:[EMAIL PROTECTED] Behalf Of IS - Systems Eng.
(Karl Drugge)
Sent: Tuesday, September 21, 2004 11:29 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] Attack?
Oh wow. I've seen this before.
I can't remember the name, something like an 'inadvertent reflective
DDOS attack
, INC.
www.duracom.net
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jeff Maze
Sent: Tuesday, September 21, 2004 11:34 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] Attack?
I've seen this happening with us for a while now.. I started tracking
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kris McElroy
Sent: Tuesday, September 21, 2004 1:17 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] Attack?
I had two gateways running declude, both boxes were Dual Xeon 2.8Ghz, 2GB
Ram, 3x36Gb 15K scsi, 128MB Raid
, 2004 11:34 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] Attack?
I've seen this happening with us for a while now.. I started tracking the IP
addresses to try and have iMail block them, but I would have to enter them
manually and wasn't going to do that.. Way too many.. Hahaha
I think
: Tuesday, September 21, 2004 12:34 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] Attack?
Was there a how-to that you followed to set this up, or did you just do a
search and take a little here, and a little there to finally get your setup?
Also, do you manually enter legit e-mail
Message -
From: Donn Bly [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, September 21, 2004 12:37 PM
Subject: RE: [Declude.Virus] Attack?
Since these all look like they have null originating addresses, to me they
look a lot more like virus bounce messages.
In order
13 matches
Mail list logo
