[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: spoofed mail

To: "'Per Engelbrecht'" <per@xterm.dk>, <misc@openbsd.org>
Subject: Re: spoofed mail
From: "Steven S." <ssurdock@engineered-net.com>
Date: Mon, 2 Aug 2004 07:00:32 -0400
Organization: Engineered Networks, LLC

Are you (BGP) advertising the /20 yourself or is it advertised by the ISP on
your behalf?  Either way, you might wish to check a public route server or
looking glass site (start at www.traceroute.org) and make sure those IPs are
_really_ heading back to you.

-Steve S.

Per Engelbrecht wrote:
> Hi misc@
> 
> Lately I've recived spam-complaints on our 'abuse@' on ip-addresses
> from within one of our ranges/allocations (an old deprecating /20)
> The 'funny' part is that these ip-addresses are not in use i.e. don't
> have a nic attached to it.   
> 
> We have all the serveres in a large datacenter (my "domain") where I
> use obsd for a lot of tasks.  One of these tasks is a
> obsd-watchdog-box on each networksegment (switched network) running a
> small piece of c code to detect hosts going into promiscuous mode and
> ettercap+ethereal for network analyzies. Don't have any pf between
> the gateway and the customers servers, hence the approach with the
> watchdogs.      
> 
> The problem is that I can't find the shit-head[s] doing it!
> Any help is appreciated. Thank you.
> 
> respectfully
> /per
> per@xterm.dk
> 
> [demime 0.98d removed an attachment of type application/octet-stream]

References:
- spoofed mail
  - From: "Per Engelbrecht" <per@xterm.dk>

Prev by Date: Re: Updating to OPENBSD_3_5 Patch Branch
Next by Date: Re: PF and a feauture I requested weeks ago
Prev by thread: spoofed mail
Next by thread: Re: spoofed mail
Index(es):
- Date
- Thread