[nsp-sec] Spam attack against pike.stonelake.fi (1927 ASNs)

Tom Sands tsands at rackspace.com
Fri Feb 1 17:47:34 EST 2008 

ACK

15395
33070
27357

------------------------------------------------------
Tom Sands			  				
Chief Network Engineer				
Rackspace 	    	
(210)312-4391	   	
------------------------------------------------------

Kinnari Johanna wrote:
> ----------- nsp-security Confidential --------
> 
> 
> 
> ------------------------------------------------------------------------
> 
> Hi,
> 
> Since Jan 23 pike.stonelake.fi (217.112.241.160) has been under a
> DDoS-like of spam attack. You can find the list of hosts attached.
> 
> Timestamps are in EET (GMT+2) timezone.
> 
> The IP address(es) mentioned have been found to be a source for email
> messages directed to either one of these bogus addresses:
> 
>   urethroscope at elonmerkki.net
>   kinship at elonmerkki.net
> 
> The messages have been blocked at the destination host (the MX for
> elonmerkki.net):
> 
>   pike.stonelake.fi (217.112.241.160)
> 
> It's interersting that some of the spam messages have been sent thru
> Finnish ISP's legitimate SMTP servers. It's common for Finnish ISP's to
> block outbound connections to port 25 of other than their own servers. 
> 
> Regards,
> Johanna
> CERT-FI
> 
> 
> 
> 
> 
> 
> 
> 
> ------------------------------------------------------------------------
> 
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________


Confidentiality Notice: This e-mail message (including any attached or
embedded documents) is intended for the exclusive and confidential use of the
individual or entity to which this message is addressed, and unless otherwise
expressly indicated, is confidential and privileged information of Rackspace.
Any dissemination, distribution or copying of the enclosed material is prohibited.
If you receive this transmission in error, please notify us immediately by e-mail
at abuse at rackspace.com, and delete the original message.
Your cooperation is appreciated.

More information about the nsp-security mailing list