If you can setup your firewall to do reverse IP most if not all of this would go away. For example on Cisco your firewall should be configured as:
ip verify reverse-path interface outside
Where 'outside' is whatever you refer to the outside facing interface. It could called anything that is meaningful to you but the generic setup is usually 'outside' for convienience.
Brent Eads
Employee Technology Solutions, Inc.
Office: (312) 762-9224
Fax: (312) 762-9275
The contents contain privileged and/or confidential information intended for the named recipient of this email. ETSI (Employee Technology Solutions, Inc.) does not warrant that the contents of any electronically transmitted information will remain confidential. If the reader of this email is not the intended recipient you are hereby notified that any use, reproduction, disclosure or distribution of the information contained in the email in error, please reply to us immediately and delete the document.
Viruses, Malware, Phishing and other known and unknown electronic threats: It is the recipient/client's duties to perform virus scans and otherwise test the information provided before loading onto any computer system. No warranty is made that this material is free from computer virus or any other defect.
Any loss/damage incurred by using this material is not the sender's responsibility. Liability will be limited to resupplying the material.
| "Brian Desmond"
<[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED] 01/10/2006 11:08 AM
|
|
You could get a spam filter that does something as simple as reverse dns checks...
It's spam - welcome to email.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
________________________________
From: [EMAIL PROTECTED] on behalf of Navroz Shariff
Sent: Tue 1/10/2006 7:54 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Spoofed emails
Dear list,
For the past couple of weeks, a few staff members were receiving emails with the 'Subject', 'From', and 'To' fields being blank. It was not taken too seriously until I received such an email. In the advent the zero-day exploits such as the WMF, I realize what a big security problem this can be. Imagine if this email was sent last week with an image attached and upon viewing it, would run code taking advantage of the aforementioned exploit.
Below is the actual email header with server names just with type of server:
Microsoft Mail Internet Headers Version 2.0
Received: corporate webmail server by Exchange server with Microsoft SMTPSVC(6.0.3790.1830);
Sun, 8 Jan 2006 05:59:05 -0500
Received: from p101m059.symantecmail.net by webmail server with Microsoft SMTPSVC(6.0.3790.211);
Sun, 8 Jan 2006 05:59:06 -0500
Received: from unknown [65.33.35.111] (HELO 111.35.33.65.cfl.res.rr.com)
by p101m059.symantecmail.net (mxl_mta-2.9.0-24p5)
with SMTP id 970f0c34.2568223664.41029.p101m059.symantecmail.net (envelope-from <>);
Sun, 08 Jan 2006 03:59:05 -0700 (MST)
X-Spam: [F=0.5000000000; BMI=0.500(none); SC=none]
X-MAIL-FROM: <>
X-SOURCE-IP: [65.33.35.111]
From: <>
Bcc:
Return-Path: <>
Message-ID: <[EMAIL PROTECTED] webmail server>
X-OriginalArrivalTime: 08 Jan 2006 10:59:07.0229 (UTC) FILETIME=[8BC9C0D0:01C61442]
Date: 8 Jan 2006 05:59:07 -0500
I was going to call the ISP to whom this address is registered to and notify them of email abuse generating from within their network but, I received another email from a different address (213.226.189.173) so I am thinking that the addresses are spoofed.
Any help in shedding light into this situation would greatly be appreciated.
-Nav
Message scanned by TrendMicro
Message scanned by TrendMicro |
winmail.dat
Description: Binary data
