RE: [Full-disclosure] Spam from SecurityFocus outgoing email servers!

From: Aditya Deshmukh (aditya.deshmukh_at_online.gateway.expertworks.net)
Date: 03/08/05

  • Next message: Aditya Deshmukh: "[Full-disclosure] Possible Norton Firewall / Internet Security Bug...." 
    To: "'Paul Kurczaba'" <seclists@securinews.com>, <full-disclosure@lists.grok.org.uk>
Date: Tue, 8 Mar 2005 16:06:45 +0530

    >
    >Hello list members,
    > Here is an interesting piece of spam I received that originated
    >from "205.206.231.27" which resolves to "outgoing.securityfocus.com".
    >Doing a DNS lookup for "outgoing.securityfocus.com" returns the IP
    >addresses "205.206.231.27, 205.206.231.26". Has anyone else received
    >this? Note the IP Address "63.242.122.41" belongs to my email server.

    Which dns server are u using can u try a different server and do the same
    queries ?

    I think a this is DNS cache poisoning

    -aditya

    ________________________________________________________________________
    Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://www.secunia.com/

  • Next message: Aditya Deshmukh: "[Full-disclosure] Possible Norton Firewall / Internet Security Bug...."

    Relevant Pages

    • Re: simple bare bones email server
      ... That innocent third party, in addition to getting his own spam, gets all ... The only consequence was wear and tear on a DNS server. ...
      (comp.mail.misc)
    • Re: simple bare bones email server
      ... There are far more negative consequences than "the welfare of a DNS server" when you use a fake email address to redirect spam to an innocent third party. ...
      (comp.mail.misc)
    • Re: [Full-disclosure] New DDoS attack vector
      ... The attacker updates the NS records of the pre-​registered domain foo ... Now the attacker pre­pares a spam cam­paign. ... White horse sys­tems are the SMTP incom­ing mail servers ... DNS requests will be per­formed to the tar­get DNS server. ...
      (Full-Disclosure)
    • [Full-disclosure] New DDoS attack vector
      ... The attacker updates the NS records of the pre-​registered domain foo ... Now the attacker pre­pares a spam cam­paign. ... White horse sys­tems are the SMTP incom­ing mail servers ... DNS requests will be per­formed to the tar­get DNS server. ...
      (Full-Disclosure)
    • Re: [Full-disclosure] Spam from SecurityFocus outgoing email servers!
      ... >>Hello list members, ... >> Here is an interesting piece of spam I received that originated ... > Which dns server are u using can u try a different server and do the same ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ...
      (Full-Disclosure)