[nsp-sec] spam bounces drown German university
Stephen Gill
gillsr at cymru.com
Wed Jun 18 14:12:39 EDT 2008
These Ips appear to have been spamming in June from a 'fht-esslinggen.de'
mail_from address:
209 | 75.169.81.33 | ASN-QWEST - Qwest
701 | 63.96.15.2 | UUNET - MCI Communications Services, Inc. d/b/a
Verizon Business
1241 | 194.219.173.205 | FORTHNET-GR FORTHnet
1680 | 217.132.162.138 | NetVision Ltd.
2379 | 67.235.135.250 | EMBARQ-WNPK - Embarq Corporation
2819 | 213.29.20.242 | GTSCZ GTS NOVERA (GTS CZ)
3215 | 193.253.218.92 | AS3215 France Telecom - Orange
3215 | 80.8.28.128 | AS3215 France Telecom - Orange
3243 | 85.240.207.11 | TELEPAC PT.Com - Comunicacoes Interactivas,
S.A.
3269 | 79.12.154.191 | ASN-IBSNAZ TELECOM ITALIA
3269 | 79.40.167.111 | ASN-IBSNAZ TELECOM ITALIA
3269 | 87.17.207.72 | ASN-IBSNAZ TELECOM ITALIA
3301 | 81.225.78.88 | TELIANET-SWEDEN TeliaNet Sweden
3320 | 80.146.36.1 | DTAG Deutsche Telekom AG
3320 | 84.139.173.91 | DTAG Deutsche Telekom AG
3786 | 61.39.55.26 | LGDACOM LG DACOM Corporation
3816 | 190.67.144.152 | COLOMBIA TELECOMUNICACIONES S.A. ESP
4134 | 116.207.159.40 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 116.30.243.96 | CHINANET-BACKBONE No.31,Jin-rong Street
4739 | 59.167.194.93 | CIX-ADELAIDE-AS Internode Systems Pty Ltd
4750 | 58.136.32.12 | CSLOXINFO-ISP-AS-AP CSLOXINFO Public Company
Limited.
4755 | 121.247.124.244 | VSNL-AS Videsh Sanchar Nigam Ltd. Autonomous
System
4755 | 59.163.89.68 | VSNL-AS Videsh Sanchar Nigam Ltd. Autonomous
System
4755 | 61.11.23.208 | VSNL-AS Videsh Sanchar Nigam Ltd. Autonomous
System
4766 | 121.132.42.88 | KIXS-AS-KR Korea Telecom
4766 | 121.144.237.26 | KIXS-AS-KR Korea Telecom
4766 | 121.189.146.102 | KIXS-AS-KR Korea Telecom
4766 | 211.198.251.138 | KIXS-AS-KR Korea Telecom
4766 | 211.51.121.13 | KIXS-AS-KR Korea Telecom
4766 | 218.159.43.252 | KIXS-AS-KR Korea Telecom
4766 | 61.76.121.25 | KIXS-AS-KR Korea Telecom
4837 | 124.134.168.181 | CHINA169-BACKBONE CNCGROUP China169 Backbone
4837 | 221.201.165.102 | CHINA169-BACKBONE CNCGROUP China169 Backbone
4837 | 221.8.210.24 | CHINA169-BACKBONE CNCGROUP China169 Backbone
5462 | 92.235.112.195 | CABLEINET Telewest Broadband
5578 | 195.168.247.200 | GTS-SK-AS GTS Nextra a.s.
5578 | 85.248.66.16 | GTS-SK-AS GTS Nextra a.s.
5610 | 83.208.152.132 | CZECHTELECOM CZECH TELECOM, a.s
5610 | 83.208.3.204 | CZECHTELECOM CZECH TELECOM, a.s
5610 | 88.100.220.58 | CZECHTELECOM CZECH TELECOM, a.s
5610 | 88.101.10.232 | CZECHTELECOM CZECH TELECOM, a.s
5610 | 88.103.88.99 | CZECHTELECOM CZECH TELECOM, a.s
5610 | 90.177.148.72 | CZECHTELECOM CZECH TELECOM, a.s
5617 | 79.184.230.128 | TPNET Polish Telecom_s commercial IP network
5617 | 79.186.182.245 | TPNET Polish Telecom_s commercial IP network
5617 | 83.16.106.14 | TPNET Polish Telecom_s commercial IP network
5617 | 83.27.201.162 | TPNET Polish Telecom_s commercial IP network
6147 | 201.230.129.177 | Telefonica del Peru S.A.A.
6167 | 75.218.75.31 | CELLCO-PART - Cellco Partnership
6306 | 200.31.136.184 | Telcel, C.A
6478 | 12.202.0.160 | ATT-INTERNET3 - AT&T WorldNet Services
6690 | 195.131.199.25 | WEBPLUS-AS WEBplus Ltd.
6690 | 89.163.17.143 | WEBPLUS-AS WEBplus Ltd.
6703 | 213.227.231.141 | ALKAR-AS Alkar Teleport Communications Network
6713 | 81.192.171.3 | IAM-AS
6739 | 79.109.185.252 | ONO-AS Cableuropa - ONO
6746 | 82.208.174.237 | ASTRAL ASTRAL Telecom SA, Romania
6746 | 83.103.137.77 | ASTRAL ASTRAL Telecom SA, Romania
6785 | 77.212.125.238 | CYBERCITY Cybercity A/S
6799 | 85.72.189.60 | OTENET-GR OTEnet S.A. Multiprotocol Backbone &
ISP
6799 | 85.73.85.80 | OTENET-GR OTEnet S.A. Multiprotocol Backbone &
ISP
6799 | 85.74.184.47 | OTENET-GR OTEnet S.A. Multiprotocol Backbone &
ISP
6799 | 85.75.18.100 | OTENET-GR OTEnet S.A. Multiprotocol Backbone &
ISP
6799 | 87.203.97.69 | OTENET-GR OTEnet S.A. Multiprotocol Backbone &
ISP
6849 | 91.124.64.173 | UKRTELNET JSC UKRTELECOM,
6849 | 92.112.134.58 | UKRTELNET JSC UKRTELECOM,
6855 | 78.98.88.96 | SK SLOVAK TELECOM, AS6855
6855 | 91.127.91.221 | SK SLOVAK TELECOM, AS6855
7132 | 66.120.138.177 | SBIS-AS - AT&T Internet Services
7132 | 69.104.56.50 | SBIS-AS - AT&T Internet Services
7470 | 124.120.198.190 | ASIAINFO-AS-AP ASIA INFONET Co.,Ltd.
7470 | 124.120.202.75 | ASIAINFO-AS-AP ASIA INFONET Co.,Ltd.
7470 | 124.121.121.150 | ASIAINFO-AS-AP ASIA INFONET Co.,Ltd.
7470 | 124.121.206.142 | ASIAINFO-AS-AP ASIA INFONET Co.,Ltd.
7470 | 124.121.38.168 | ASIAINFO-AS-AP ASIA INFONET Co.,Ltd.
7470 | 58.10.234.185 | ASIAINFO-AS-AP ASIA INFONET Co.,Ltd.
7470 | 58.9.154.208 | ASIAINFO-AS-AP ASIA INFONET Co.,Ltd.
7470 | 58.9.225.140 | ASIAINFO-AS-AP ASIA INFONET Co.,Ltd.
7470 | 58.9.36.196 | ASIAINFO-AS-AP ASIA INFONET Co.,Ltd.
7629 | 125.5.56.155 | INFOCOM-AS-AP INFOCOM Technologies, Inc.
7629 | 203.131.159.79 | INFOCOM-AS-AP INFOCOM Technologies, Inc.
7643 | 123.20.24.17 | VNN-AS-AP Vietnam Posts and Telecommunications
(VNPT)
7643 | 123.23.3.230 | VNN-AS-AP Vietnam Posts and Telecommunications
(VNPT)
7738 | 189.13.5.132 | Telecomunicacoes da Bahia S.A.
7738 | 189.48.172.146 | Telecomunicacoes da Bahia S.A.
7738 | 189.70.102.194 | Telecomunicacoes da Bahia S.A.
7738 | 201.18.135.189 | Telecomunicacoes da Bahia S.A.
7757 | 76.87.41.114 | CCCH-AS4 - Comcast Cable Communications
Holdings, Inc
8065 | 200.13.245.237 | EPM Telecomunicaciones S.A. E.S.P.
8167 | 201.34.12.119 | TELESC - Telecomunicacoes de Santa Catarina SA
8359 | 83.237.165.221 | COMSTAR COMSTAR-Direct Moscow region network
8359 | 91.76.168.134 | COMSTAR COMSTAR-Direct Moscow region network
8359 | 91.76.218.119 | COMSTAR COMSTAR-Direct Moscow region network
8359 | 91.77.117.238 | COMSTAR COMSTAR-Direct Moscow region network
8473 | 212.85.83.187 | BAHNHOF Bahnhof AB
8595 | 195.94.237.2 | WESTCALL-AS Autonomous System of WestCall Ltd.
and customers
8615 | 79.164.219.146 | CNT-AS CNT Autonomous System
8732 | 87.245.149.2 | COMCOR-AS AS for Moscow Telecommunication
Corporation (COMCOR)
8764 | 81.7.97.82 | TEOLTAB TEO LT AB Autonomous System
8866 | 79.100.36.145 | BTC-AS Bulgarian Telecommunication Company Plc.
8997 | 78.37.135.141 | ASN-SPBNIT OJSC North-West Telecom Autonomous
System
8997 | 78.37.230.83 | ASN-SPBNIT OJSC North-West Telecom Autonomous
System
8997 | 92.100.81.95 | ASN-SPBNIT OJSC North-West Telecom Autonomous
System
8997 | 92.100.90.91 | ASN-SPBNIT OJSC North-West Telecom Autonomous
System
9050 | 89.123.127.40 | RTD RTD-ROMTELECOM Autonomous System Number
9050 | 89.123.4.48 | RTD RTD-ROMTELECOM Autonomous System Number
9050 | 92.80.205.79 | RTD RTD-ROMTELECOM Autonomous System Number
9105 | 88.110.230.67 | TISCALI-UK Tiscali UK
9121 | 78.184.62.70 | TTNET TTnet Autonomous System
9121 | 81.214.114.105 | TTNET TTnet Autonomous System
9121 | 81.214.33.190 | TTNET TTnet Autonomous System
9121 | 81.214.67.4 | TTNET TTnet Autonomous System
9121 | 85.101.18.145 | TTNET TTnet Autonomous System
9121 | 85.102.161.171 | TTNET TTnet Autonomous System
9121 | 85.105.15.74 | TTNET TTnet Autonomous System
9121 | 85.105.61.123 | TTNET TTnet Autonomous System
9121 | 85.105.61.58 | TTNET TTnet Autonomous System
9121 | 85.107.83.40 | TTNET TTnet Autonomous System
9121 | 85.108.91.157 | TTNET TTnet Autonomous System
9121 | 85.110.195.173 | TTNET TTnet Autonomous System
9121 | 88.224.180.134 | TTNET TTnet Autonomous System
9121 | 88.225.227.12 | TTNET TTnet Autonomous System
9121 | 88.229.34.4 | TTNET TTnet Autonomous System
9121 | 88.234.16.177 | TTNET TTnet Autonomous System
9121 | 88.238.206.185 | TTNET TTnet Autonomous System
9121 | 88.238.25.93 | TTNET TTnet Autonomous System
9121 | 88.247.172.194 | TTNET TTnet Autonomous System
9121 | 88.247.181.98 | TTNET TTnet Autonomous System
9121 | 88.251.191.113 | TTNET TTnet Autonomous System
9121 | 88.252.56.87 | TTNET TTnet Autonomous System
9198 | 92.47.241.150 | KAZTELECOM-AS Kazakhtelecom Corporate Sales
Administration
9198 | 92.47.251.167 | KAZTELECOM-AS Kazakhtelecom Corporate Sales
Administration
9498 | 122.160.1.79 | BBIL-AP BHARTI BT INTERNET LTD.
9498 | 122.162.125.14 | BBIL-AP BHARTI BT INTERNET LTD.
9498 | 122.163.0.120 | BBIL-AP BHARTI BT INTERNET LTD.
9498 | 122.165.20.140 | BBIL-AP BHARTI BT INTERNET LTD.
9498 | 122.167.144.178 | BBIL-AP BHARTI BT INTERNET LTD.
9498 | 122.167.71.249 | BBIL-AP BHARTI BT INTERNET LTD.
9534 | 121.120.207.200 | MAXIS-AS1-AP Binariang Berhad
9583 | 124.30.27.210 | SIFY-AS-IN Sify Limited
9737 | 203.113.105.132 | TOTNET-TH-AS-AP TOT Public Company Limited
9829 | 59.92.242.104 | BSNL-NIB National Internet Backbone
9829 | 59.94.103.185 | BSNL-NIB National Internet Backbone
9829 | 59.94.42.17 | BSNL-NIB National Internet Backbone
9829 | 59.95.117.36 | BSNL-NIB National Internet Backbone
9829 | 59.98.42.55 | BSNL-NIB National Internet Backbone
9829 | 59.99.20.50 | BSNL-NIB National Internet Backbone
9924 | 123.193.82.34 | TFN-TW Taiwan Fixed Network, Telco and Network
Service Provider.
9942 | 202.136.33.73 | COMINDICO-AP SOUL Converged Communications
Australia
10299 | 190.99.146.222 | EMCATEL
10318 | 201.235.176.91 | CABLEVISION S.A.
10318 | 201.235.223.216 | CABLEVISION S.A.
10796 | 98.28.119.128 | SCRR-10796 - Road Runner HoldCo LLC
10796 | 98.31.20.59 | SCRR-10796 - Road Runner HoldCo LLC
11426 | 98.26.232.104 | SCRR-11426 - Road Runner HoldCo LLC
11427 | 24.27.39.199 | SCRR-11427 - Road Runner HoldCo LLC
11888 | 201.172.82.62 | Television Internacional S.A. de C.V.
12127 | 216.184.122.164 | Telefonica Moviles El Salvador S.A. de C.V.
12570 | 89.190.52.19 | CBCZ CZECHBONE AS
12741 | 77.253.164.47 | INTERNETIA-AS Netia SA
13110 | 85.221.170.102 | ICP-AS Internet Cable Provider network
13110 | 85.221.230.182 | ICP-AS Internet Cable Provider network
13124 | 84.252.20.115 | IBGC IBGC Autonomous system of Inter-Bg-Com
Ltd.
13285 | 78.149.67.89 | OPALTELECOM-AS Opal Telecom
14420 | 190.152.4.46 | ANDINATEL S.A.
14638 | 69.79.96.236 | LCPR-HSD - Liberty Cablevision of Puerto Rico
LTD
15425 | 84.21.97.177 | COMA AS for Coma s.r.o.
15500 | 80.234.31.242 | Samara Telegraph
15557 | 84.102.132.191 | LDCOMNET NEUF CEGETEL (formerly LDCOM NETWORKS)
15589 | 213.136.182.135 | AS15589 Eutelia S.p.A. Backbone AS
15738 | 80.84.184.213 | UAEXPRESS EXPRESS Radio Network
16287 | 92.125.42.157 | KUZBASSNET Kemerovo regional branch of OJSC
_Sibirtelecom_
16586 | 96.24.21.66 | CLEARWIRE - Clearwire, LLC
16735 | 189.15.73.162 | Companhia de Telecomunicacoes do Brasil Central
17443 | 202.131.147.14 | ESTELCOM-AP International Internet gateway ,
India
17557 | 116.71.56.135 | PKTELECOM-AS-AP Pakistan Telecom
17565 | 58.64.65.214 | ADC-BUDDYB-AS Advance Datanetwork
Communications Co.,Ltd. BuddyB service. Bangkok
17785 | 222.89.118.206 | CHINATELECOM-HA-AS-AP asn for Henan Provincial
Net of CT
18101 | 124.125.247.46 | RIL-IDC Reliance Infocom Ltd Internet Data
Centre,
18231 | 202.70.199.25 | EXATT-AS-AP IOL NETCOM LTD
18403 | 118.68.17.69 | FPT-AS-AP The Corporation for Financing &
Promoting Technology
18687 | 216.70.162.242 | MPOWER-2 - MPOWER COMMUNICATIONS CORP.
18881 | 201.86.108.13 | Global Village Telecom
19262 | 70.108.93.73 | VZGNI-TRANSIT - Verizon Internet Services Inc.
19262 | 71.103.244.132 | VZGNI-TRANSIT - Verizon Internet Services Inc.
19262 | 71.108.135.235 | VZGNI-TRANSIT - Verizon Internet Services Inc.
19262 | 71.176.163.31 | VZGNI-TRANSIT - Verizon Internet Services Inc.
19262 | 72.67.233.199 | VZGNI-TRANSIT - Verizon Internet Services Inc.
19262 | 96.226.99.248 | VZGNI-TRANSIT - Verizon Internet Services Inc.
19262 | 96.231.142.41 | VZGNI-TRANSIT - Verizon Internet Services Inc.
19262 | 96.251.185.111 | VZGNI-TRANSIT - Verizon Internet Services Inc.
20001 | 76.175.158.196 | ROADRUNNER-WEST - Road Runner HoldCo LLC
20115 | 75.130.109.236 | CHARTER-NET-HKY-NC - Charter Communications
20655 | 217.174.110.50 | E-STYLEISP-AS http://www.e-styleisp.ru
20804 | 82.177.47.146 | ASN-TELENERGO EXATEL S.A. Autonomous System
20838 | 89.130.25.134 | YIF-AS YIF Autonomous System
20977 | 80.71.161.30 | BARNAUL-AS AS for Barnaul.ru Network
21017 | 77.45.167.87 | VSI-AS VSI AS
21502 | 80.236.114.114 | ASN-NUMERICABLE NUMERICABLE is a cabled network
in France,
22927 | 190.49.162.176 | Telefonica de Argentina
22927 | 201.250.223.65 | Telefonica de Argentina
23700 | 118.137.9.197 | BM-AS-ID PT. Broadband Multimedia, Tbk
24326 | 117.47.85.238 | TTT-AS-AP Maxnet, Internet Service Provider,
Bangkok
24326 | 222.123.187.149 | TTT-AS-AP Maxnet, Internet Service Provider,
Bangkok
24326 | 58.147.16.164 | TTT-AS-AP Maxnet, Internet Service Provider,
Bangkok
24762 | 87.117.157.31 | STELCOM Autonomous system of Stelcom LLC.
25310 | 84.9.192.154 | ASN-CWACCESS Cable and Wireless Access Ltd
25436 | 89.254.210.44 | KIROV-CAIT-AS CAIT affiliate of Kirov branch of
JSC _VolgaTelecom_
25454 | 217.12.116.85 | TELEMEDIAAS Telemedia Group SA Autonomous
System
25515 | 89.109.225.166 | CTCNET-AS Joint-Stock Central Telecommunication
Company Autonomous System
26094 | 144.202.0.38 | BTP - Baltimore Technology Park, LLC
27747 | 200.115.222.2 | Telecentro S.A.
27775 | 200.2.166.67 | Telecommunicationcompany Suriname - TeleSur
27964 | 200.50.244.128 | RSONet
28573 | 189.101.12.232 | NET Servicos de Comunicao S.A.
28725 | 85.160.106.75 | CZ-EUROTEL-AS AS of Eurotel Praha
28858 | 194.242.117.173 | LECOS Lecos ISP
29113 | 93.190.57.14 | SLOANE-AS Sloane Park Property Trust, a.s.
Autonomous System
31242 | 85.14.73.156 | TKPSA-AS TKP S.A. is 3S.pl network operator.
31286 | 217.173.21.32 | INTELSET-AS TeleRadioCompany TVT
31304 | 83.168.75.202 | ESPOL-AS ESPOL POLAND AUTONOMOUS SYSTEM
33491 | 98.206.121.245 | DNEO-OSP7 - Comcast Cable Communications, Inc.
34584 | 92.37.230.133 | KHBDSV AS for ISP - Khabarovsk
Telecommunication Center
34772 | 88.85.110.10 | NEOTEL-AS-MK NEOTEL-MKD Autonomous System
34918 | 85.9.73.154 | IR-PISHGAMAN-ICP Pishgaman Kavir Yazd
35311 | 87.242.27.245 | PR-TELECOM-AS AS for PR-TELECOM
35311 | 88.132.30.87 | PR-TELECOM-AS AS for PR-TELECOM
35421 | 89.37.212.228 | PANELECTRO-AS SC PAN ELECTRO SRL
38108 | 58.141.168.127 | NOWON-AS-KR Nowon Cable Television Network
38951 | 77.241.32.2 | TKT-AS JSC TKT
38951 | 77.241.35.13 | TKT-AS JSC TKT
39278 | 89.114.35.194 | ILINK-AS SC COBALT IT SRL
39660 | 81.30.54.182 | ITN-AS Integrated Transport Network, Ltd. AS
39834 | 79.173.16.224 | TESAT-AS Tesat Telewizja Kablowa
41976 | 213.168.44.107 | SZKTI-AS SZKTI AS
42396 | 92.49.196.52 | PPLNETUA-AS PEOPLEnet Autonomous System
43234 | 92.9.92.102 | CPWBBSERV-AS Carphone Warehouse Broadband
Services
43649 | 86.100.216.72 | RYGVEDA-AS UAB _Rygveda_
At first glance, I don't see barid in the list of sources:
"Adam Lewis" <Adam at fht-esslingen.de>
"Allyson Villalobos" <Allyson at fht-esslingen.de>
"Angelina Dwyer" <Angelina at fht-esslingen.de>
"Angeline Mcdonough" <Angeline at fht-esslingen.de>
"antonin hartley" <gunther.kurz at fht-esslingen.de>
"Barbra Kraft" <Barbra at fht-esslingen.de>
"Bart Anthony" <Bart at fht-esslingen.de>
"Bradley Coleman" <Bradley at fht-esslingen.de>
"Brendan Klein" <Brendan at fht-esslingen.de>
"Celeste Farr" <Celeste at fht-esslingen.de>
"Clement Serrano" <Clement at fht-esslingen.de>
"Clifton Kim" <Clifton at fht-esslingen.de>
"Clyde Reyes" <Clyde at fht-esslingen.de>
"Cody Lawson" <Cody at fht-esslingen.de>
"Damian Pitts" <Damian at fht-esslingen.de>
"Delia Stover" <Delia at fht-esslingen.de>
"Dolores Kirkpatrick" <Dolores at fht-esslingen.de>
"Dustin Perry" <Dustin at fht-esslingen.de>
"Edgar Mcdonald" <Edgar at fht-esslingen.de>
"Elisabeth Crump" <Elisabeth at fht-esslingen.de>
"Evangelina Romo" <Evangelina at fht-esslingen.de>
"farley chanshin" <80gunther.kurz at fht-esslingen.de>
"Forest Barry" <Forest at fht-esslingen.de>
"Gabriel Watkins" <Gabriel at fht-esslingen.de>
"Galen Golden" <Galen at fht-esslingen.de>
"Gale Solomon" <Gale at fht-esslingen.de>
"garvey gabriell" <2harald.toepfer at fht-esslingen.de>
"Graham Mueller" <Graham at fht-esslingen.de>
"Hank Valenzuela" <Hank at fht-esslingen.de>
"Hershel Bernard" <Hershel at fht-esslingen.de>
"Hilda Lam" <Hilda at fht-esslingen.de>
"Hiram Moses" <Hiram at fht-esslingen.de>
"Jacqueline Rangel" <Jacqueline at fht-esslingen.de>
"Jan Buchanan" <Jan at fht-esslingen.de>
"John Crandall" <John at fht-esslingen.de>
"Jolene Felton" <Jolene at fht-esslingen.de>
"Justine Anaya" <Justine at fht-esslingen.de>
"Kara Ladner" <Kara at fht-esslingen.de>
"Kim Mann" <Kim at fht-esslingen.de>
"Kristy Sorensen" <Kristy at fht-esslingen.de>
"Leola Thorpe" <Leola at fht-esslingen.de>
"Leopoldo Jacobson" <Leopoldo at fht-esslingen.de>
"Lina Elliot" <Lina at fht-esslingen.de>
"Liza Diggs" <Liza at fht-esslingen.de>
"Lucille Blanton" <Lucille at fht-esslingen.de>
"Maggie Cartwright" <Maggie at fht-esslingen.de>
"Mara Hanks" <Mara at fht-esslingen.de>
"Mario Stewart" <Mario at fht-esslingen.de>
"Meghan Mccord" <Meghan at fht-esslingen.de>
"Melisa Honeycutt" <Melisa at fht-esslingen.de>
"Merlin Shannon" <Merlin at fht-esslingen.de>
"Mindy Hutchison" <Mindy at fht-esslingen.de>
"Moises Cameron" <Moises at fht-esslingen.de>
"Noelle Driver" <Noelle at fht-esslingen.de>
"Orville Joseph" <Orville at fht-esslingen.de>
"Pablo Lambert" <Pablo at fht-esslingen.de>
"Patrica Cordero" <Patrica at fht-esslingen.de>
"Philip Edwards" <Philip at fht-esslingen.de>
"Quinn Bolton" <Quinn at fht-esslingen.de>
"Ramona Erwin" <Ramona at fht-esslingen.de>
"Robert Joiner" <Robert at fht-esslingen.de>
"Roseann Bonds" <Roseann at fht-esslingen.de>
"Rosemary Cramer" <Rosemary at fht-esslingen.de>
"Sandy Greenwood" <Sandy at fht-esslingen.de>
"Shawn Cormier" <Shawn at fht-esslingen.de>
"Shirley Dejesus" <Shirley at fht-esslingen.de>
"Stewart Moss" <Stewart at fht-esslingen.de>
"Tad Duffy" <Tad at fht-esslingen.de>
"Tammy Forbes" <Tammy at fht-esslingen.de>
"Thomas Metz" <Thomas at fht-esslingen.de>
"Tia Neff" <Tia at fht-esslingen.de>
"Tommie Goodman" <Tommie at fht-esslingen.de>
"Tommy Harrison" <Tommy at fht-esslingen.de>
"Vicente Massey" <Vicente at fht-esslingen.de>
"Violet Clement" <Violet at fht-esslingen.de>
"Wilmer Camacho" <Wilmer at fht-esslingen.de>
"Winifred Hathaway" <Winifred at fht-esslingen.de>
-- steve
On 6/18/08 9:36 AM, "Andreas Bunten" <bunten at dfn-cert.de> wrote:
> ----------- nsp-security Confidential --------
>
> Hi teams,
>
> I am writing on behalf of a German university which is receiving
> massive amounts of spam bounces.
>
> Somebody was and still is sending out great amounts of spam with faked
> 'From' headers which point to <barid AT fht-esslingen.de> and sometimes
> other email addresses under the same domain. The mail server at this
> university are now receiving around 2 million bounces from non
> deliverable spam messages every day.
>
> This is going on since march 2008 but the volume increased severely
> last week. I would like you to look at a list of the top senders of
> bounces to:
>
> <barid AT fht-esslingen.de>
>
> The systems on the list were not sending, but *receiving* spam. The
> problem is, they are not handling it properly. I only included the
> top 5% bounce senders of 2008-06-17 and 2008-06-18.
>
> Please have a look at the list - the as included are appended below
> the signature. If you find some of your or your customers systems,
> please share some clue with them and explain the problem ->
>
> Please do not send bounces concerning mails which are known to be spam.
> Failing that, please stop sending bounces to the user 'barid' at
> 'fht-esslingen.de', since the site is drowning in unsolicitated bounces.
>
> The list can be found here:
>
> https://www.dfn-cert.de/downloads/irt/bounce_sender_top5percent.lst
>
> You will need these credentials (we don't want google indexing this):
>
> User: nspsec
> Pass: zaYie9si
>
> If you have questions or other comments, please feel free to contact us.
> We are handling the case as DFN-CERT#31892
>
> Regards,
> andreas-b, as 680 (German research network)
--
Stephen Gill, Chief Scientist, Team Cymru
http://www.cymru.com | +1 312 924 4023 | gillsr at cymru.com
More information about the nsp-security
mailing list