Man, they'll try anything to hack your system...
Bruce Dawson
jbd at codemeta.com
Fri Jan 27 13:40:01 EST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ben Scott wrote:
| In the vein of "Strange things seen on the Internet", I'm noticing a
|few domains have MXes pointing to hosts with addresses in RFC-1918
|private IP address space. I noticed this because our mail server was
|trying to send DSN bounce messages to the domains, and so was trying
|to connect to some hosts with bogon IP addresses. Our firewall caught
|it and dropped it, and since it was from our server, it was
|highlighted in a log report.
|
| Anyone else seen this? Is it just net.stupidity on the part of some
|mail server operators somewhere, or are spammers/attackers trying
|something new?
I've seen that for several years. It appears to be a technique used by
spammers/crackers. I suspect it is coupled with another attack/scoping
vector, but I haven't delved very deeply.
- --Bruce
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFD2mjX/TBScWXa5IgRArGuAJ9eIETIweC+IhwS32j+nDuOt8RO7gCdGzVM
OOF+mFDHKtL0lykvOvnQnhM=
=lcqK
-----END PGP SIGNATURE-----
More information about the gnhlug-discuss
mailing list