[nsp-sec] Spam attack against pike.stonelake.fi (1927 ASNs)
Kinnari Johanna
Johanna.Kinnari at ficora.fi
Fri Feb 1 09:42:07 EST 2008
Hello again,
This may be bogus, after all. It seems to be spam bounces.
There were some aspects that lead to believe the host is under direct
attack, but probably it isn't.
Sorry about this!
Johanna
CERT-FI
> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of
> Kinnari Johanna
> Sent: 1. helmikuuta 2008 15:50
> To: nsp-security at puck.nether.net
> Subject: [nsp-sec] Spam attack against pike.stonelake.fi (1927 ASNs)
>
> ----------- nsp-security Confidential --------
>
>
> Hi,
>
> Since Jan 23 pike.stonelake.fi (217.112.241.160) has been under a
> DDoS-like of spam attack. You can find the list of hosts attached.
>
> Timestamps are in EET (GMT+2) timezone.
>
> The IP address(es) mentioned have been found to be a source for email
> messages directed to either one of these bogus addresses:
>
> urethroscope at elonmerkki.net
> kinship at elonmerkki.net
>
> The messages have been blocked at the destination host (the MX for
> elonmerkki.net):
>
> pike.stonelake.fi (217.112.241.160)
>
> It's interersting that some of the spam messages have been sent thru
> Finnish ISP's legitimate SMTP servers. It's common for Finnish ISP's
to
> block outbound connections to port 25 of other than their own servers.
>
> Regards,
> Johanna
> CERT-FI
More information about the nsp-security
mailing list