Re: email address probes

From: Dave Laird (dlairdat_private)
Date: Wed Feb 05 2003 - 23:57:41 PST

Next message: Ned Fleming: "Re: email address probes"

Previous message: Johann Kruse: "RE: email address probes"
In reply to: Andy Bastien: "email address probes"
Next in thread: Ned Fleming: "Re: email address probes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Good evening, Andy... everyone...

On Wednesday 05 February 2003 12:54 pm, Andy Bastien wrote:
> Where I work, we've getting lots of attempts to send email to random
> addresses at our domain.  All of these attempts have been coming from
> valid servers operated by AOL, MSN, and Hotmail.  I'm guessing that
> this is an attempt to find some spam targets, although I suppose that
> there could be something worse in store.

You haven't said if you are able to detect whether these are clever forgeries
attempting to spoof your mailer into believing they are from AOL, MSN or
Hotmail. I see a *lot* of these, coming from domains in South America and
Pacific Rim Countries. When I get too many of these from the same IP range in
a short period of time, I drop them from within the IPTables firewall script
and they never bother me again. 8-) Yes, I know it's crude, but it's also
extremely effective. 

> Does anyone have any suggestions as to how we could handle this
> problem?

You said these were coming from domains you cannot block. Can I ask why? If
they are consistently sending you spam, and if their ISP is not responsive to
your complaints, I'd drop them via the firewall method. 

Dave
- -- 
Dave Laird (Daveat_private)
The Used Kharma Lot / The Phoenix Project 
Web Page:   http://www.kharma.net updated 01/20/2003
Usenet News server: news.kharma.net
Musicians Calendar and Database access: http://www.kharma.net/calendar.html

An automatic & random thought For the Minute:    
System going down in 5 minutes.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE+QhV1aE1ENZP1A28RAvo/AJsHsOIWlNRARZfxHFTHvMNkYAFJ6ACeNBX1
1wlYPq2TQ/RFmxa155qPH98=
=isgN
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Ned Fleming: "Re: email address probes"
Previous message: Johann Kruse: "RE: email address probes"
In reply to: Andy Bastien: "email address probes"
Next in thread: Ned Fleming: "Re: email address probes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Feb 06 2003 - 09:18:47 PST