[nsp-sec] Fwd: Rise in TCP 1100/1106 scanning - HP StorageWorks

Michael Sinatra michael at rancid.berkeley.edu
Wed May 1 21:34:35 EDT 2013 

My headers look similar:

Received: from puck.nether.net (puck.nether.net [IPv6:2001:418:3f4::5])
	by rancid.net.berkeley.edu (8.14.5/8.14.4) with ESMTP id r41I3Jid095559
	for <michael at rancid.berkeley.edu>; Wed, 1 May 2013 11:03:19 -0700 (PDT)
	(envelope-from nsp-security-bounces at puck.nether.net)
Received: from puck.nether.net (localhost [127.0.0.1])
	by puck.nether.net (8.14.6/8.14.5) with ESMTP id r41I11n9032656;
	Wed, 1 May 2013 14:02:59 -0400
Received: from arbor.net (division.aa.arbor.net [152.160.38.65])
 by puck.nether.net (8.14.3/8.12.9) with ESMTP id m55Jo05j039017
 for <nsp-security at puck.nether.net>; Thu, 5 Jun 2008 15:50:00 -0400 (EDT)

I am also seeing the same thing on j-nsp.  Something slightly amiss with
puck?

On 05/01/13 15:32, Rodney Joffe wrote:
> ----------- nsp-security Confidential --------
> 
> Is it just me, or did this email come out of the time machine? ;-)
> 
> Jared?
> 
> I don't think Jose is back at Arbor, but I could be wrong…
> 
> 
> Begin forwarded message:
> 
>> From: jose nazario <jose at arbor.net>
>> Subject: [nsp-sec] Rise in TCP 1100/1106 scanning - HP StorageWorks
>> Date: June 5, 2008 3:46:13 PM EDT
>> To: nsp-security NSP <nsp-security at puck.nether.net>
>> Return-Path: <nsp-security-bounces at puck.nether.net>
>> X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on atlas.centergate.com
>> X-Spam-Status: No, score=-5.8 required=5.0 tests=AWL,BAYES_00,HTML_MESSAGE, MIME_QP_LONG_LINE,RCVD_IN_DNSWL_MED,UNPARSEABLE_RELAY autolearn=ham version=3.2.4
>> Received: from mail6.bemta7.messagelabs.com (mail6.bemta7.messagelabs.com [216.82.255.55]) by atlas.centergate.com (8.13.1/8.13.1) with ESMTP id r41KFVoi008652 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for <rjoffe at centergate.com>; Wed, 1 May 2013 13:15:56 -0700
>> Received: from [216.82.254.67:44095] by server-5.bemta-7.messagelabs.com id 4E/58-22341-3E771815; Wed, 01 May 2013 20:15:31 +0000
>> Received: (qmail 16905 invoked from network); 1 May 2013 20:15:31 -0000
>> Received: from puck.nether.net (HELO puck.nether.net) (204.42.254.5) by server-6.tower-196.messagelabs.com with DHE-RSA-AES256-SHA encrypted SMTP; 1 May 2013 20:15:31 -0000
>> Received: from puck.nether.net (localhost [127.0.0.1]) by puck.nether.net (8.14.6/8.14.5) with ESMTP id r41I11nU032656; Wed, 1 May 2013 14:09:34 -0400
>> Received: from arbor.net (division.aa.arbor.net [152.160.38.65]) by puck.nether.net (8.14.3/8.12.9) with ESMTP id m55Jo05j039017 for <nsp-security at puck.nether.net>; Thu, 5 Jun 2008 15:50:00 -0400 (EDT) (envelope-from jose at arbor.net)
>> Received: from [10.0.1.109] (dhcp109.aa.arbor.net [10.0.1.109]) by arbor.net (Postfix) with ESMTP id 07DC51710134 for <nsp-security at puck.nether.net>; Thu, 5 Jun 2008 15:46:17 -0400 (EDT)
>> X-Env-Sender: nsp-security-bounces at puck.nether.net
>> X-Msg-Ref: server-6.tower-196.messagelabs.com!1367439330!149030!1
>> X-Originating-Ip: [204.42.254.5]
>> X-Spamwhitelisted: IP whitelist
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
>

More information about the nsp-security mailing list