[Dshield] Have spammers managed to forge the first received lines?

Hanke Penning hanke.penning at iap.de
Mon Feb 2 12:05:52 GMT 2004


Am 1 Feb 2004 schrieb JD zum Thema Re: [Dshield] Have spammers managed to forge the :

Hello,

> Received: from uvttgk (smtpout-2-63.shoppersville.net [157.156.162.63])
>  by mail.host.net (8.12.9/8.12.9) with SMTP id h4K4jEI5007488
>  for <crunch at host.net>; Tue, 20 May 2003 00:45:17 -0400

It seems, that 157.156.162.63 belongs to VMXNET according to
http://openrbl.org/ip/157/156/162/63.htm

As Ulrich already mentioned: hijacked IP-space.

The address is listed in NJABL, SORBS and SPEWS.
http://www.njabl.org/cgi-bin/lookup.cgi?query=157.156.162.63
http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=157.156.162.63
http://spews.org/html/S2461.html


-- 
Yours sincerely

Hanke Penning - Online Unit

IAP GmbH, Moerkenstr. 9, 22767 Hamburg, Germany
Phone +49 40-30 68 03-14 - Fax +49 40-30 68 03-10
Hanke.Penning at iap.de - www.iap.de

Managing Directors: Klaus de Vries, Klaus Erichsen
Amtsgericht Hamburg, HRB 61291





More information about the list mailing list