[nsp-sec] Spam attack against pike.stonelake.fi (1927 ASNs)

Helmut Springer delta at hp.com
Mon Feb 4 09:28:29 EST 2008 

On Fri, Feb 01, 2008 at 02:42:07PM +0000, Kinnari Johanna wrote:
> This may be bogus, after all. It seems to be spam bounces.
> 
> There were some aspects that lead to believe the host is under direct
> attack, but probably it isn't.
> 
> Sorry about this!

No problem...explains why they didn't find a trace on the mailgates
here...


Regards
helmut, punishment for delays sems to be implemented immediately  8)

> > -----Original Message-----
> > From: nsp-security-bounces at puck.nether.net
> > [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of
> > Kinnari Johanna
> > Sent: 1. helmikuuta 2008 15:50
> > To: nsp-security at puck.nether.net
> > Subject: [nsp-sec] Spam attack against pike.stonelake.fi (1927 ASNs)
> >
> > ----------- nsp-security Confidential --------
> >
> >
> > Hi,
> >
> > Since Jan 23 pike.stonelake.fi (217.112.241.160) has been under a
> > DDoS-like of spam attack. You can find the list of hosts attached.
> >
> > Timestamps are in EET (GMT+2) timezone.
> >
> > The IP address(es) mentioned have been found to be a source for email
> > messages directed to either one of these bogus addresses:
> >
> >  urethroscope at elonmerkki.net
> >  kinship at elonmerkki.net
> >
> > The messages have been blocked at the destination host (the MX for
> > elonmerkki.net):
> >
> >  pike.stonelake.fi (217.112.241.160)
> >
> > It's interersting that some of the spam messages have been sent thru
> > Finnish ISP's legitimate SMTP servers. It's common for Finnish ISP's
> to
> > block outbound connections to port 25 of other than their own servers.
> 
> >
> > Regards,
> > Johanna
> > CERT-FI
> 
> 
> 
> 
> 
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________


Regards,
helmut

-- 
helmut springer                                          HP Services
+49.7031.14.4240                                EMEA Escalation Mgmt
delta at hp.com           http://intranet.hp.com/sites/Escalation/emea/

More information about the nsp-security mailing list