North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: OK, who's the idiot using tcwireless.us?
- From: Christopher LILJENSTOLPE
- Date: Tue Oct 07 20:58:32 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greetings,
I agree with Howard here, I don't think this is a mis-configuration,
but a harvest attempt. The "mailserver" is in different messages, and
I can't see how that could get misconfigured in a honest validation
server. My guess is that someone is trolling the archives, and
sending this back? Why, I have no idea, given they already can see
the sending address.
Chris
On 07 Oct 2008, at 13.14, [email protected] wrote:
Somebody on the NANOG mailing list has their mail pointing to
tcwireless.us,
which is throwing challenge/response mail like the following:
Your message
From: [email protected]
To: n3td3v <[email protected]>
Subject: Re: Fwd: cnn.com - Homeland Security seeks cyber
counterattack system (
Einstein 3.0)
Date: 10/6/2008
has been just received by gmail.com mailserver.
To prove that your message was sent by a human and not a computer,
please
visit the URL below and type in the alphanumeric text you will see
in the
image. You will be asked to do this only once for this recipient.
http://mail.tcwireless.us/challenge/?folder=2008100614384085099427
Your message will be automatically deleted in a few days if you do not
confirm this request.
=====================================================
DO NOT REPLY TO THIS MESSAGE. NO ONE WILL RECEIVE IT.
=====================================================
Note it says 'gmail.com mailserver'. Paul Ferguson reported to me
that the one
he saw said 'received by vt.edu mailserver'. Also note that the
From/To
has lost [email protected] - for both my note and Paul's (in fact,
looking at
Paul's actual posting and mine show [email protected] as being the
only common
link, thus the "must be a nanog subscriber" conclusion).
Please, if you're going to use a C/R, at least learn how to
whitelist the
mailing lists you're on. And if you can't figure out how to do
that, please
do us all a favor and not try to run an operational network...
- ---
ææç
Check my PGP key here:
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xCB67593B
-----BEGIN PGP SIGNATURE-----
iQEcBAEBAgAGBQJI690kAAoJEGmx2Mt/+Iw/awkH/j/goIY2MuQYfMkGVCmBVlMx
vrFACJFUdM3kFSw1KuB5l0s7U62JIuxoCMkIFuEU1xtXQzNMbmYytlkIq/oNY31q
VEaEcG6khM7oxDrbbc4TgFVHm195o1mKYhK8TMPr5WBq9RIgY+n2iWFYfi/kIR0x
R5VgKG2LUFOJr2i/400X8UGbq5DJAbStJf7FrqIWAQCsgtEVPSSp/cMrjujG4iPD
1mH4x76q3RrrMfUpcELs/LAE55eBPMFXAUx4lk13QKVhp7xkK5lkQWlUvEOUQKmQ
zDCsj0Lu2sOPldZFszcKUQNuHQE3Bp8j3MNJ1vMBqSH2m+Gdh+Wwu3TRq8F1QaM=
=flGu
-----END PGP SIGNATURE-----
|