North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
RE: OK, who's the idiot using tcwireless.us?
The person responsible already posted about this about 4 hours ago, BTW; further speculation is obsolete. :) - S -----Original Message----- From: Owen DeLong [mailto:[email protected]] Sent: Tuesday, October 07, 2008 9:11 PM To: Christopher LILJENSTOLPE Cc: [email protected] Subject: Re: OK, who's the idiot using tcwireless.us? Active address validation, perhaps? Owen On Oct 7, 2008, at 3:05 PM, Christopher LILJENSTOLPE wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Greetings, > > I agree with Howard here, I don't think this is a mis- > configuration, but a harvest attempt. The "mailserver" is in > different messages, and I can't see how that could get misconfigured > in a honest validation server. My guess is that someone is trolling > the archives, and sending this back? Why, I have no idea, given > they already can see the sending address. > > Chris > > On 07 Oct 2008, at 13.14, [email protected] wrote: > >> Somebody on the NANOG mailing list has their mail pointing to >> tcwireless.us, >> which is throwing challenge/response mail like the following: >> >> >> Your message >> >> From: [email protected] >> To: n3td3v <xploitabl[email protected]> >> Subject: Re: Fwd: cnn.com - Homeland Security seeks cyber >> counterattack system ( >> Einstein 3.0) >> Date: 10/6/2008 >> >> has been just received by gmail.com mailserver. >> >> To prove that your message was sent by a human and not a computer, >> please >> visit the URL below and type in the alphanumeric text you will see >> in the >> image. You will be asked to do this only once for this recipient. >> >> http://mail.tcwireless.us/challenge/?folder=2008100614384085099427 >> >> Your message will be automatically deleted in a few days if you do >> not >> confirm this request. >> >> ===================================================== >> DO NOT REPLY TO THIS MESSAGE. NO ONE WILL RECEIVE IT. >> ===================================================== >> >> Note it says 'gmail.com mailserver'. Paul Ferguson reported to me >> that the one >> he saw said 'received by vt.edu mailserver'. Also note that the >> From/To >> has lost [email protected] - for both my note and Paul's (in fact, >> looking at >> Paul's actual posting and mine show [email protected] as being the >> only common >> link, thus the "must be a nanog subscriber" conclusion). >> >> Please, if you're going to use a C/R, at least learn how to >> whitelist the >> mailing lists you're on. And if you can't figure out how to do >> that, please >> do us all a favor and not try to run an operational network... > > - --- > ææç > Check my PGP key here: > http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xCB67593B > > > > > -----BEGIN PGP SIGNATURE----- > > iQEcBAEBAgAGBQJI690kAAoJEGmx2Mt/+Iw/awkH/j/goIY2MuQYfMkGVCmBVlMx > vrFACJFUdM3kFSw1KuB5l0s7U62JIuxoCMkIFuEU1xtXQzNMbmYytlkIq/oNY31q > VEaEcG6khM7oxDrbbc4TgFVHm195o1mKYhK8TMPr5WBq9RIgY+n2iWFYfi/kIR0x > R5VgKG2LUFOJr2i/400X8UGbq5DJAbStJf7FrqIWAQCsgtEVPSSp/cMrjujG4iPD > 1mH4x76q3RrrMfUpcELs/LAE55eBPMFXAUx4lk13QKVhp7xkK5lkQWlUvEOUQKmQ > zDCsj0Lu2sOPldZFszcKUQNuHQE3Bp8j3MNJ1vMBqSH2m+Gdh+Wwu3TRq8F1QaM= > =flGu > -----END PGP SIGNATURE-----