[Dshield] Fanmail from a flounder

Tom dshield at oitc.com
Fri Apr 27 14:04:56 GMT 2007


At 6:45 AM -0400 4/27/07, George A. Theall wrote:
>Sue Young wrote:
>
>>  I don't think I'd ever mistake this for legitimate mail.  hacker1 huh?  Real
>>  1337.  I just wanted to share the stupidest thing I've seen all day (so
>>  far).
>...
>>  Received: by mail33-fra (MessageSwitch) id 1177602211879526_541; Thu, 26 Apr
>>  2007 15:43:31 +0000 (UCT)
>>  Received: from dsl-189-132-92-111.prod-infinitum.com.mx (unknown [
>>  189.132.92.111])
>>      by mail33-fra.bigfish.com (Postfix) with ESMTP id 1806B970077
>>      for <kanwar at gcmlp.com>; Thu, 26 Apr 2007 15:43:30 +0000 (UTC)
>>  Received: from hacker1 ([132.131.35.163] helo=hacker1)
>>      by dsl-189-132-92-111.prod-infinitum.com.mx ( sendmail 8.13.3/8.13.1)
>>  with esmtpa id 1vxapu-000AUN-vw
>>      for kanwar at gcmlp.com; Thu, 26 Apr 2007 10:43:49 -0500
>
>If the hacker1 header is valid (big "if", perhaps), its owner probably
>will eventually find him/herself in a bit of trouble -- the IP belongs
>to the Army National Guard Bureau.

Received: from hacker1 ([132.131.35.163] helo=hacker1)
     by dsl-189-132-92-111.prod-infinitum.com.mx ( sendmail 8.13.3/8.13.1)
with esmtpa id 1vxapu-000AUN-vw
     for kanwar at gcmlp.com; Thu, 26 Apr 2007 10:43:49 -0500

is bogus. port 25 is not active and I doubt that a provisioning dsl 
line in mexico is a relay.

Tom


More information about the list mailing list