[108535] in North American Network Operators' Group
Re: OK, who's the idiot using tcwireless.us?
daemon@ATHENA.MIT.EDU (Christopher LILJENSTOLPE)
Tue Oct 7 20:58:46 2008
From: Christopher LILJENSTOLPE <cdl@asgaard.org>
To: Valdis.Kletnieks@vt.edu
In-Reply-To: <34803.1223410457@turing-police.cc.vt.edu>
Date: Tue, 7 Oct 2008 15:05:20 -0700
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greetings,
I agree with Howard here, I don't think this is a =
mis-configuration, =20
but a harvest attempt. The "mailserver" is in different messages, and =20=
I can't see how that could get misconfigured in a honest validation =20
server. My guess is that someone is trolling the archives, and =20
sending this back? Why, I have no idea, given they already can see =20
the sending address.
Chris
On 07 Oct 2008, at 13.14, Valdis.Kletnieks@vt.edu wrote:
> Somebody on the NANOG mailing list has their mail pointing to =20
> tcwireless.us,
> which is throwing challenge/response mail like the following:
>
>
> Your message
>
> From: Valdis.Kletnieks@vt.edu
> To: n3td3v <xploitable@gmail.com>
> Subject: Re: Fwd: cnn.com - Homeland Security seeks cyber =20
> counterattack system (
> Einstein 3.0)
> Date: 10/6/2008
>
> has been just received by gmail.com mailserver.
>
> To prove that your message was sent by a human and not a computer, =20
> please
> visit the URL below and type in the alphanumeric text you will see =20
> in the
> image. You will be asked to do this only once for this recipient.
>
> http://mail.tcwireless.us/challenge/?folder=3D2008100614384085099427
>
> Your message will be automatically deleted in a few days if you do not
> confirm this request.
>
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D
> DO NOT REPLY TO THIS MESSAGE. NO ONE WILL RECEIVE IT.
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D
>
> Note it says 'gmail.com mailserver'. Paul Ferguson reported to me =20
> that the one
> he saw said 'received by vt.edu mailserver'. Also note that the =20
> From/To
> has lost nanog@nanog.org - for both my note and Paul's (in fact, =20
> looking at
> Paul's actual posting and mine show nanog@nanog.org as being the =20
> only common
> link, thus the "must be a nanog subscriber" conclusion).
>
> Please, if you're going to use a C/R, at least learn how to =20
> whitelist the
> mailing lists you're on. And if you can't figure out how to do =20
> that, please
> do us all a favor and not try to run an operational network...
- ---
=E6=9D=8E=E6=9F=AF=E7=9D=BF
Check my PGP key here:
http://pgp.mit.edu:11371/pks/lookup?op=3Dget&search=3D0xCB67593B
-----BEGIN PGP SIGNATURE-----
iQEcBAEBAgAGBQJI690kAAoJEGmx2Mt/+Iw/awkH/j/goIY2MuQYfMkGVCmBVlMx
vrFACJFUdM3kFSw1KuB5l0s7U62JIuxoCMkIFuEU1xtXQzNMbmYytlkIq/oNY31q
VEaEcG6khM7oxDrbbc4TgFVHm195o1mKYhK8TMPr5WBq9RIgY+n2iWFYfi/kIR0x
R5VgKG2LUFOJr2i/400X8UGbq5DJAbStJf7FrqIWAQCsgtEVPSSp/cMrjujG4iPD
1mH4x76q3RrrMfUpcELs/LAE55eBPMFXAUx4lk13QKVhp7xkK5lkQWlUvEOUQKmQ
zDCsj0Lu2sOPldZFszcKUQNuHQE3Bp8j3MNJ1vMBqSH2m+Gdh+Wwu3TRq8F1QaM=3D
=3DflGu
-----END PGP SIGNATURE-----
