[Dshield] Spammer

KennethSoong@tagtechnology.com.sg KennethSoong at tagtechnology.com.sg
Fri Oct 31 01:18:21 GMT 2003


Hi !! Jojannes
     I've have gone to the SMTP virtual server properties, Access tab,
Relay button and selected "only the list below" radio button and left box
blank. Yet the spammer can get into the Exchange server. I would appreciate
if you can suggest on how to totally stop all relay.

Thanks & Regards
Kenneth Soong



                                                                                                                   
                    Johannes                                                                                       
                    Ullrich              To:     General DShield Discussion List <list at dshield.org>                
                    <jullrich at eucl       cc:                                                                       
                    idian.com>           Subject:     Re: [Dshield] Spammer                                        
                    Sent by:                                                                                       
                    list-bounces at d                                                                                 
                    shield.org                                                                                     
                                                                                                                   
                                                                                                                   
                    29-10-03 08:56                                                                                 
                    PM                                                                                             
                    Please respond                                                                                 
                    to General                                                                                     
                    DShield                                                                                        
                    Discussion                                                                                     
                    List                                                                                           
                                                                                                                   
                                                                                                                   





The IP is owned by 'Dishnet', which is a US Satellite ISP for consumers.
I would assume that they got their fair share of hacked consumer boxes.

BTW: You say they are using your Exchange server to relay. I hope you
locked it down so its not an open relay ;-)


On Wed, 2003-10-29 at 07:19, KennethSoong at tagtechnology.com.sg wrote:
> Hi!!
>      I seem notice a particular spammer from IP range of 61.11.0.0/16
using
> our MS Exchanger 2000 Server to relay their emails. Can anyone tell me
who
> this people are. I tried ping, tracert and even checking whois database
but
> each it return error or no record.
>
> Kenneth Soong
>
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
--
--------------------------------------------------------------
Johannes Ullrich                     jullrich at euclidian.com
pgp key: http://johannes.homepc.org/PGPKEYS
--------------------------------------------------------------
   "We regret to inform you that we do not enable any of the
    security functions within the routers that we install."
         support at covad.net
--------------------------------------------------------------


_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list







More information about the list mailing list