[13392] in North American Network Operators' Group
Re: tcsender email bombing
daemon@ATHENA.MIT.EDU (Bob Izenberg)
Tue Nov 4 23:20:55 1997
To: dennis@bconnex.net (Dennis Simpson)
Date: Tue, 4 Nov 1997 22:07:24 -0600 (CST)
From: "Bob Izenberg" <bei@austin.aus.sig.net>
Cc: it@bconnex.net, nanog@merit.edu
Reply-To: bei@sig.net
In-Reply-To: <199711050214.VAA23623@bconnex.net> from "Dennis Simpson" at Nov 4, 97 09:14:18 pm
Dennis Simpson wrote:
# Is anyone else seeing concerted bombing from tcsender@<a
# couple of addresses> where the relayhost covers many hosts?
We saw 26 of them today. A mis-configured spoofer showed
what may be the true sender:
from=<tcsender@get-more-hits.com.online-marketing.com> relay=root@mustang.detroit.usweb.com [207.17.162.28]
At least one of the messages contained this USPS address:
EVA, Inc.
43 Riverside Ave.
Suite 72
Medford, MA 02155
USA
Here's what we received (US/Central time):
02:10:37 relay=root@zeus.total-access.net [209.60.65.3]
02:14:18 relay=[204.101.235.67] (may be forged)
02:17:16 relay=gost3.indirect.com [165.247.198.3]
02:24:06 relay=www.unitedmedia.com [207.121.184.84]
02:33:10 relay=fivepoints.com [38.229.187.2]
02:34:14 relay=[206.10.45.200] (may be forged)
02:37:30 relay=fujipub.com [192.41.4.169]
02:39:53 relay=root@astra.genghis.com [205.139.15.34]
02:46:02 relay=root@enteract.com [206.54.252.1]
02:54:42 relay=100t.lauderdale.net [207.141.140.10]
03:12:57 relay=ns1.vie.com [205.214.55.3]
03:15:57 relay=[207.213.148.64] (may be forged)
03:18:07 relay=gateway.foliage.com [209.61.70.2]
03:18:43 relay=root@realbeer.com [204.152.97.15]
03:35:53 relay=boulevards.boulevards.com [204.162.28.70]
03:36:57 relay=amyda.foe.co.uk [193.114.240.82]
03:37:46 relay=root@gemini.speakeasy.org [199.238.226.62]
03:37:49 relay=france-travel.com [192.41.4.181]
03:38:08 relay=root@linked.net [209.24.1.201]
03:38:38 relay=money.fsonline.com [199.171.21.101]
03:39:49 relay=root@linked.net [209.24.1.201]
03:40:48 relay=cyberhost3.com [192.41.31.40]
03:45:00 relay=root@mustang.detroit.usweb.com [207.17.162.28]
03:48:58 relay=root@ns.shelbynet.net [206.246.132.10]
03:49:43 relay=mail@gate.imall.com [207.173.184.8]
03:52:23 relay=mail.devontax.com [204.57.91.69]
Bob
--
======================================================================
bob izenberg signet network operations
+1 (512) 306-0700 bei@sig.net
======================================================================
