|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: tcsender email bombing
Dennis Simpson wrote: # Is anyone else seeing concerted bombing from [email protected]<a # couple of addresses> where the relayhost covers many hosts? We saw 26 of them today. A mis-configured spoofer showed what may be the true sender: from=<[email protected]> [email protected] [207.17.162.28] At least one of the messages contained this USPS address: EVA, Inc. 43 Riverside Ave. Suite 72 Medford, MA 02155 USA Here's what we received (US/Central time): 02:10:37 [email protected] [209.60.65.3] 02:14:18 relay=[204.101.235.67] (may be forged) 02:17:16 relay=gost3.indirect.com [165.247.198.3] 02:24:06 relay=www.unitedmedia.com [207.121.184.84] 02:33:10 relay=fivepoints.com [38.229.187.2] 02:34:14 relay=[206.10.45.200] (may be forged) 02:37:30 relay=fujipub.com [192.41.4.169] 02:39:53 [email protected] [205.139.15.34] 02:46:02 [email protected] [206.54.252.1] 02:54:42 relay=100t.lauderdale.net [207.141.140.10] 03:12:57 relay=ns1.vie.com [205.214.55.3] 03:15:57 relay=[207.213.148.64] (may be forged) 03:18:07 relay=gateway.foliage.com [209.61.70.2] 03:18:43 [email protected] [204.152.97.15] 03:35:53 relay=boulevards.boulevards.com [204.162.28.70] 03:36:57 relay=amyda.foe.co.uk [193.114.240.82] 03:37:46 [email protected] [199.238.226.62] 03:37:49 relay=france-travel.com [192.41.4.181] 03:38:08 [email protected] [209.24.1.201] 03:38:38 relay=money.fsonline.com [199.171.21.101] 03:39:49 [email protected] [209.24.1.201] 03:40:48 relay=cyberhost3.com [192.41.31.40] 03:45:00 [email protected] [207.17.162.28] 03:48:58 [email protected] [206.246.132.10] 03:49:43 [email protected] [207.173.184.8] 03:52:23 relay=mail.devontax.com [204.57.91.69] Bob -- ====================================================================== bob izenberg signet network operations +1 (512) 306-0700 [email protected] ======================================================================
|