[Dshield] Spam Problem

Jon R. Kibler Jon.Kibler at aset.com
Mon Jan 12 16:22:01 GMT 2004


Actually, the address is not really reserved for IANA use per se... Rather, it is one of the 3 netblocks specified by RFC 1918 for private address space. (The 3 netblocks being: 192.168/16, 172.16/12, and 10/8.)

When you see an RFC 1918 address as part of a Received: email header, it means that the mail server is a multi-homed system (has multiple network interfaces) and the email originated from a system on the local network of that mail server.

Furthermore, it is not possible for a system with an RFC 1918 address to connect to your system as RFC 1918 addresses are not routable on the Internet. Yes, a host can forge an originating address that is in private address space, but there is no way to send a response back to that host. Thus, you can never complete a TCP connection over the Internet with such a host.

Hope this helps.

Jon R. Kibler
A.S.E.T., Inc.
Charleston, SC  USA


Deb Hale wrote:
> 
> Downeyjrd1 at aol.com
> The IP address that you have referenced is obviously spoofed (faked).  It is
> an IP that is reserved for IANA use.
> 
> Internet Assigned Numbers Authority
> OrgID:      IANA
> Address:    4676 Admiralty Way, Suite 330
> City:       Marina del Rey
> StateProv:  CA
> PostalCode: 90292-6695
> Country:    US
> 
> NetRange:   172.16.0.0 - 172.31.255.255
> CIDR:       172.16.0.0/12
> NetName:    IANA-BBLK-RESERVED
> NetHandle:  NET-172-16-0-0-1
> Parent:     NET-172-0-0-0-0
> NetType:    IANA Special Use
> NameServer: BLACKHOLE-1.IANA.ORG
> NameServer: BLACKHOLE-2.IANA.ORG
> Comment:    This block is reserved for special purposes.
> Comment:    Please see RFC 1918 for additional information.
> Comment:
> RegDate:    1994-03-15
> Updated:    2002-09-12
> 
> OrgAbuseHandle: IANA-IP-ARIN
> OrgAbuseName:   Internet Corporation for Assigned Names and Number
> OrgAbusePhone:  +1-310-301-5820
> OrgAbuseEmail:  abuse at iana.org
> 
> You can try sending an email to the above abuse address and include the
> email you received as an attachment.  Other than that, not much can be done
> at this point.
> Deb
> 
> -----Original Message-----
> From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf
> Of Downeyjrd1 at aol.com
> Sent: Sunday, January 11, 2004 5:04 PM
> To: list at dshield.org
> Subject: [Dshield] Spam Problem
> 
> I have been searching through with hopes of locating someone who has partook
> 
> of spoofing my email with disturbing messages.  I am not exactly computer
> savy, however, I have found whomever is responsible to have the IP address
> of
> 172.20.83.104. Did you ever locate who was responsible for your troubles in
> May of
> last year and if so, how did you do it?




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.



More information about the list mailing list