[Dshield] Have spammers managed to forge the first received lines?
DavidHart at TQMcube.com
Sun Feb 1 15:15:11 GMT 2004
On Sun, 2004-02-01 at 10:01, JD wrote:
> I've been getting some spam from these IP addresses. The Whois lookups
> fail, because these addresses are not assigned anywhere, or the
> say "Unassigned".
Could you post a header?
> None of these are pingeable, and are perhaps "dead" IP addressed,
> which is
> quite troubling, because this indicates either that spammers have
> figured out
> how to forge the first received line in the header, OR have somehow
> to program the upstream routers to "steal" these IP addresses, and are
> activating them during their spam binges.
> Is there anyone who can shed some light on this? Has anyone gotten
> these addresses
> in their IDS or mail logs? If so, inquiring minds want to know.
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
Quality Management - A Commitment to Excellence
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040201/4921d9e0/attachment.bin
More information about the list