Security Incidents mailing list archives
Re: sending out spam through IRC server ?
From: R Andersson <listbox () pole-position org>
Date: Tue, 04 Mar 2003 22:33:26 +0100
Bronek Kozicki wrote:
Recently I received some complains on spam apparently sent from one of my servers (Win2K + SP3 + recent hotfixes). The problem is that:
[snip]
So here I'm, with spam holding my IP in lowest "Received:" header and no traces. There are only two things I can think of: 1. some leaky web form NOT using CDO/CDONT to send out messages (and something else instead) 2. Faerion IRC daemon ver. 1.17.6 . I installed it and configured for handling only local chat sessions (not connected to any IRC network)
If I don't misunderstand what you're writing, it could be as simple as a forged header, manually put there by the spammer. Are there many Received-headers? You can't trust any of them except maybe the topmost.
By looking at more copies of the same spam, received by different users (at different places) you may be able to rule out some of the headers as forged. There are lots of info on this on the web.
/R ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
Current thread:
- sending out spam through IRC server ? Bronek Kozicki (Mar 04)
- Re: sending out spam through IRC server ? R Andersson (Mar 05)
- RE: sending out spam through IRC server ? Bill Lavalette (Mar 05)
- Re: sending out spam through IRC server ? Alex Lambert (Mar 05)
- RE: sending out spam through IRC server ? Robert (Mar 05)
- Re: sending out spam through IRC server ? Bronek Kozicki (Mar 06)