[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Spam from SecurityFocus outgoing email servers!
- To: ald2003@xxxxxxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] Spam from SecurityFocus outgoing email servers!
- From: James Tucker <jftucker@xxxxxxxxx>
- Date: Tue, 8 Mar 2005 13:15:30 +0000
On Tue, 8 Mar 2005 16:06:45 +0530, Aditya Deshmukh
<aditya.deshmukh@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
> >
> >Hello list members,
> > Here is an interesting piece of spam I received that originated
> >from "205.206.231.27" which resolves to "outgoing.securityfocus.com".
> >Doing a DNS lookup for "outgoing.securityfocus.com" returns the IP
> >addresses "205.206.231.27, 205.206.231.26". Has anyone else received
> >this? Note the IP Address "63.242.122.41" belongs to my email server.
>
> Which dns server are u using can u try a different server and do the same
> queries ?
>
> I think a this is DNS cache poisoning
If so, quite extensively executed it would seem:
http://www.dnsstuff.com/tools/lookup.ch?name=outgoing.securityfocus.com&type=A
http://www.dnsstuff.com/tools/ptr.ch?ip=205.206.231.26
>
> -aditya
>
> ________________________________________________________________________
> Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://www.secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/