[Dshield] Spam Problem
Jon R. Kibler
Jon.Kibler at aset.com
Mon Jan 12 16:22:01 GMT 2004
Actually, the address is not really reserved for IANA use per se... Rather, it is one of the 3 netblocks specified by RFC 1918 for private address space. (The 3 netblocks being: 192.168/16, 172.16/12, and 10/8.)
When you see an RFC 1918 address as part of a Received: email header, it means that the mail server is a multi-homed system (has multiple network interfaces) and the email originated from a system on the local network of that mail server.
Furthermore, it is not possible for a system with an RFC 1918 address to connect to your system as RFC 1918 addresses are not routable on the Internet. Yes, a host can forge an originating address that is in private address space, but there is no way to send a response back to that host. Thus, you can never complete a TCP connection over the Internet with such a host.
Hope this helps.
Jon R. Kibler
Charleston, SC USA
Deb Hale wrote:
> Downeyjrd1 at aol.com
> The IP address that you have referenced is obviously spoofed (faked). It is
> an IP that is reserved for IANA use.
> Internet Assigned Numbers Authority
> OrgID: IANA
> Address: 4676 Admiralty Way, Suite 330
> City: Marina del Rey
> StateProv: CA
> PostalCode: 90292-6695
> Country: US
> NetRange: 172.16.0.0 - 172.31.255.255
> CIDR: 172.16.0.0/12
> NetName: IANA-BBLK-RESERVED
> NetHandle: NET-172-16-0-0-1
> Parent: NET-172-0-0-0-0
> NetType: IANA Special Use
> NameServer: BLACKHOLE-1.IANA.ORG
> NameServer: BLACKHOLE-2.IANA.ORG
> Comment: This block is reserved for special purposes.
> Comment: Please see RFC 1918 for additional information.
> RegDate: 1994-03-15
> Updated: 2002-09-12
> OrgAbuseHandle: IANA-IP-ARIN
> OrgAbuseName: Internet Corporation for Assigned Names and Number
> OrgAbusePhone: +1-310-301-5820
> OrgAbuseEmail: abuse at iana.org
> You can try sending an email to the above abuse address and include the
> email you received as an attachment. Other than that, not much can be done
> at this point.
> -----Original Message-----
> From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf
> Of Downeyjrd1 at aol.com
> Sent: Sunday, January 11, 2004 5:04 PM
> To: list at dshield.org
> Subject: [Dshield] Spam Problem
> I have been searching through with hopes of locating someone who has partook
> of spoofing my email with disturbing messages. I am not exactly computer
> savy, however, I have found whomever is responsible to have the IP address
> 172.20.83.104. Did you ever locate who was responsible for your troubles in
> May of
> last year and if so, how did you do it?
Filtered by: TRUSTEM.COM's Email Filtering Service
No Spam. No Viruses. Just Good Clean Email.
More information about the list