[Intrusions] New SPAM Technique?
Carey, Steve T GARRISON
steven-carey at us.army.mil
Thu Jun 3 15:29:55 GMT 2004
Shows up in Shadow logs with the IP addresses, so would think they are infected
with a worm and the same spammer is using them to send out the spam, which keeps
them clean. We are blocking these ports on our firewall so none are getting
through anyway.
Steve
-----Original Message-----
From: Tom Liston [mailto:tliston at premmag.com]
Sent: Thursday, June 03, 2004 10:12 AM
To: intrusions at lists.sans.org
Subject: Re: [Intrusions] New SPAM Technique?
On 3 Jun 2004 at 10:07, Hillery wrote:
> Sources are a variety of places - many .cn and .kr, some us dsl &
> broadband. I haven't been able to get anything from a machine where they
> were outbound (the src), and have only seen the dst traffic.
Folks,
This is single packet pop-up spam sent via UDP... It's connectionless. So
if the people sending this stuff have ANY brains at all, the source IP is
about as useful as the "From" line in email.
-TL
_______________________________________________
Intrusions mailing list
Intrusions at lists.sans.org
http://www.dshield.org/mailman/listinfo/intrusions
More information about the Intrusions
mailing list