nanog mailing list archives
Re: 25,000 ton amphibious spam relay
From: Suresh Ramasubramanian <suresh () outblaze com>
Date: Tue, 16 Dec 2003 17:36:01 -0500
Swaar, Matthew L. writes on 12/16/2003 3:52 PM:
E-mailing the DOD-CERT is also another way to try to get these things fixed. (...I'm not 100% certain that getting this fixed was the point of this, but I figured I'd point that out on the off chance.) I'm forwarding the header information of this spam to the appropriate folks.
Yup - and this was behind a Raptor firewall, which seems to have added to rather than subtracted from the general insecurity of an old exchange server, in this case.
> H: Received: from no.name.available by avnavfw.lpd17.navsea.navy.mil> H: via smtpd (for [209.181.16.1]) with SMTP; 16 Dec 2003 05:53:08 UT
The no.name.available and via smtpd in the top header say it all - and so much for smtp proxies trying to munge every single piece of version information in sight including the smtp banner, to ensure "security by obscurity" :)
> H: Received: from avnavfw.AVONDALE (205.67.231.5 [205.67.231.5]) by> H: swn-email.lpd17.navy.mil with SMTP (Microsoft Exchange Internet Mail> H: Service Version 5.5.2653.13)
Not that just plain old exchange of such an antique vintage would have been anything but secure, nosirree ...
-- srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9 manager, outblaze.com security and antispam operations
Current thread:
- 25,000 ton amphibious spam relay Eric Kuhnke (Dec 16)
- Re: 25,000 ton amphibious spam relay Tom (UnitedLayer) (Dec 16)
- <Possible follow-ups>
- RE: 25,000 ton amphibious spam relay Swaar, Matthew L. (Dec 16)
- Re: 25,000 ton amphibious spam relay Suresh Ramasubramanian (Dec 16)