Re: OK, who's the idiot using tcwireless.us?

[Christopher LILJENSTOLPE <cdl () asgaard org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings,

	I agree with Howard here, I don't think this is a mis-configuration,  
but a harvest attempt.  The "mailserver" is in different messages, and  
I can't see how that could get misconfigured in a honest validation  
server.  My guess is that someone is trolling the archives, and  
sending this back?  Why, I have no idea, given they already can see  
the sending address.

        Chris

On 07 Oct 2008, at 13.14, Valdis.Kletnieks () vt edu wrote:

> Somebody on the NANOG mailing list has their mail pointing to  
> tcwireless.us,
> which is throwing challenge/response mail like the following:
>
>
> Your message
>
> From: Valdis.Kletnieks () vt edu
> To: n3td3v <xploitable () gmail com>
> Subject: Re: Fwd: cnn.com - Homeland Security seeks cyber  
> counterattack system (
> Einstein 3.0)
> Date: 10/6/2008
>
> has been just received by gmail.com mailserver.
>
> To prove that your message was sent by a human and not a computer,  
> please
> visit the URL below and type in the alphanumeric text you will see  
> in the
> image. You will be asked to do this only once for this recipient.
>
> http://mail.tcwireless.us/challenge/?folder=2008100614384085099427
>
> Your message will be automatically deleted in a few days if you do not
> confirm this request.
>
> =====================================================
> DO NOT REPLY TO THIS MESSAGE. NO ONE WILL RECEIVE IT.
> =====================================================
>
> Note it says 'gmail.com mailserver'.  Paul Ferguson reported to me  
> that the one
> he saw said 'received by vt.edu mailserver'.  Also note that the  
> From/To
> has lost nanog () nanog org - for both my note and Paul's (in fact,  
> looking at
> Paul's actual posting and mine show nanog () nanog org as being the  
> only common
> link, thus the "must be a nanog subscriber" conclusion).
>
> Please, if you're going to use a C/R, at least learn how to  
> whitelist the
> mailing lists you're on.  And if you can't figure out how to do  
> that, please
> do us all a favor and not try to run an operational network...

- ---
李柯睿
Check my PGP key here:
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xCB67593B




-----BEGIN PGP SIGNATURE-----

iQEcBAEBAgAGBQJI690kAAoJEGmx2Mt/+Iw/awkH/j/goIY2MuQYfMkGVCmBVlMx
vrFACJFUdM3kFSw1KuB5l0s7U62JIuxoCMkIFuEU1xtXQzNMbmYytlkIq/oNY31q
VEaEcG6khM7oxDrbbc4TgFVHm195o1mKYhK8TMPr5WBq9RIgY+n2iWFYfi/kIR0x
R5VgKG2LUFOJr2i/400X8UGbq5DJAbStJf7FrqIWAQCsgtEVPSSp/cMrjujG4iPD
1mH4x76q3RrrMfUpcELs/LAE55eBPMFXAUx4lk13QKVhp7xkK5lkQWlUvEOUQKmQ
zDCsj0Lu2sOPldZFszcKUQNuHQE3Bp8j3MNJ1vMBqSH2m+Gdh+Wwu3TRq8F1QaM=
=flGu
-----END PGP SIGNATURE-----