>Terry Allen <[EMAIL PROTECTED]> wrote:
>
>>Hi Darrin,
>> I wonder if someone has misconfigured a DNS somewhere & your server
>>is on the receiving end of a mailing list that's hosted by the domain
>>(macgroup.com). I had that misfortune of my server being accidentally
>>targetted to have someone point their DNS for a major website at my server
>>for a couple of hours before they realised their mistake. The logs you sent
>>to the list might indicate mail consistent with a mailing list.
>
>While it's possible, I don't think that's the problem, given that I
>see this type of attack about once per month from different places
>(usually China). Also, how would a single messed up DNS entry cause
>servers all over the globe to send these messages through my server,
>and in alphabetical order? It really looks suspicious to me. Am I
>just being stupid, or do others think this is a spam attack, too?
>
>I got to thinking about this, and realized, it probably wouldn't be
>too hard to have a Code Red like virus that started up an SMTP server
>on people's machines without them realizing it. I wonder if someone
>has tried something like that? Of course, you could even just keep a
>list of open relays and send each message through a different one to
>be less obvious, too. Are these known techniques?
>
>Thanks,
>Darrin
Hi again,
I don't know - I thought perhaps it was different people sending
messages to the list server & then the server would be sending those out to
list members, most likely in alphabetical order. The misconfigured DNS
would only need to be the one overseeing the list server itself, so anyone
sending messages (they think) to that server are actually ending up at your
server.
Of course, you could also be 100% right & it is a spam attack -
just a few thoughts to consider though. Could you capture one of these
messages to view it's contents? That might tell you exactly what they are.
Bye for now, Terry Allen
___________________________________________________________________
hEARd
Postal Address:
hEARd
c/o 128 The Entrance Rd
The Entrance
NSW 2261
Australia
Internet -
WWW:
http://heard.com.au or http://www.ozemail.com.au/~hmag
http://hosting.heard.com.au
Interactive Message Board - http://heard.com.au/wwwboard/
EMAIL: (checked every Thursday & Sunday, sometimes more often)
[EMAIL PROTECTED]
-----------------------------------------------
Non profit promotion for new music - since 1994
-----------------------------------------------
Also, check out the Educate site - http://www.educate.net.au
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
