Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: To spoof or not to spoof???? That is the question....

From: ant () notatla org uk (Antonomasia)
Date: Fri, 30 Jul 2004 18:00:18 -0400 (EDT)


Now, right now it happened again like I received an
email with attachment coming from myself and sent to
my address also which is infected with this worm
variant.


I've had 9 emails today of this form.
There's an obvious forgery where the Received:
line shows the sender saying he's on my host.

: From AAAAAAAAAA  Fri Jul 30 16:20:45 2004
: Return-Path: <AAAAAAAAAA>
: Delivered-To: slrnc92ute.p4i.elvis () notatla org uk
: Received: from notatla.org.uk (BBBBBBB [BB.BB.BBB.BB])
:         by notatla.org.uk (Postfix) with ESMTP id DF2B78ED
:         for <slrnc92ute.p4i.elvis () notatla org uk>; Fri, 30 Jul 2004 11:20:41 -0400 (EDT)
: From: AAAAAAAAAA

I have my luser_relay to concentrate mis-addressed mail
on a single account where such forgeries are picked out.
Mail like this is easy to detect and clearly misconduct.

What do people think about getting this reported automatically
(in a rate-limited way!) to ISPs known to accept abuse reports ?


-- 
##############################################################
# Antonomasia   ant notatla.org.uk                           #
# See http://www.notatla.org.uk/                             #
##############################################################
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: