Re: Domain HiJacking by SPAMMERS
From: Ho Chaw Ming (chawming_at_pacific.net.sg)
Date: 01/30/04
- Previous message: Fernando Gont: "RE: FTP Proxy"
- Maybe in reply to: saliskor_at_cyberus.ca: "Domain HiJacking by SPAMMERS"
- Next in thread: Bruyere, Michel: "RE: Domain HiJacking by SPAMMERS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <security-basics@securityfocus.com> Date: Fri, 30 Jan 2004 23:59:53 +0800
in this case, it was an outright spam spoofing attack, with even the message
forged to make it look like it came from the domain. It's a tricky situation
but generally, we can drop those emails faster than they can bounce. Since
it's not being sent from our server, we just have to deal with the bounces,
as many as they may be.
Still many ill-informed spam analysers identify our servers as the spammer
because the domain is hosted with us. It's a sticky situation.
regards
----- Original Message -----
From: "Alejandro Flores" <alejandro.flores@triforsec.com.br>
To: "Ho Chaw Ming" <chawming@pacific.net.sg>
Cc: <security-basics@securityfocus.com>
Sent: Friday, January 30, 2004 7:47 PM
Subject: Re: Domain HiJacking by SPAMMERS
Hello there,
The basic problem, is that anyone can 'forge' an e-mail. Not all
servers will ask you for authentication.
This is an old trick used by spammers. They forge the sender 'cause if
the mail gets bounced, it will go to someone else. Another thing is that
many smtp servers check if the sender domain exists (MAIL FROM:
someone@somecompany.com). So, they use anyone's domain in order to get
their mail (SPAM) routed.
Regards,
Alejandro Flores
> I would be interested too, since we got a client who got "attacked" in
such
> a way yesterday. We received an estimated 30,000 bounced emails alone from
> the fake reply to email address in a matter of hours. The data center
> received hundreds of ill-informed abuse reports.
>
> We took a sample and they trace to US and Europe, from a large variety of
> ISPs, leading us to believe it's probably compromised machines.
>
> I would thus be interested too to hear about how this can be resolved. We
> don't wish to terminate the client, or ask him to move, but this causes us
> tremendous resources to deal with. At the same time, we don't want
> ill-informed reports to cause us to be blacklisted by ISPs or Spam lists.
>
> Any suggestions will be appreciated. Thanks.
--TriForSec
http://www.triforsec.com.br/
---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
course! All of our class sizes are guaranteed to be 10 students or less.
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
and many other technical hands on courses.
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
any course!
----------------------------------------------------------------------------
- Previous message: Fernando Gont: "RE: FTP Proxy"
- Maybe in reply to: saliskor_at_cyberus.ca: "Domain HiJacking by SPAMMERS"
- Next in thread: Bruyere, Michel: "RE: Domain HiJacking by SPAMMERS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
