On 19/04/2006, at 12:23 PM, David F. Skoll wrote:
Anyone else seeing this? We see it quite a lot, and always from
cable modem
or DSL machines (probably cracked Windoze boxes.)
i haven't had time to do the forensics yet but i'm definitely of the
opinion that greylist aint working so well
On Thu, 20 Apr 2006, John Rudd wrote:
On Apr 20, 2006, at 16:34, nathan r. hruby wrote:
- ratware infected boxen on campus use campus relays which relay by IP.
They spew, we queue. Badness for everyone.
We no longer have our student-residential IP block in our relay domain for
this
--On Friday, April 21, 2006 9:30 -0400 nathan r. hruby [EMAIL PROTECTED]
wrote:
- Inbound ratware using SMTP AUTH to authenticate as a real user
Hm. We haven't seen this at all yet. That's not a good sign.
Yeah. We were *thrilled* to see this happening. *Thrilled* I tell you.
John Rudd wrote:
On Apr 20, 2006, at 16:34, nathan r. hruby wrote:
- Inbound ratware using SMTP AUTH to authenticate as a real user
Hm. We haven't seen this at all yet. That's not a good sign.
I see this as a good thing. You can tie the spam back to a particular user.
They change their
[EMAIL PROTECTED] wrote on 04/21/2006 02:05:52
PM:
I see this as a good thing. You can tie the spam back to a
particular user. They change their password, and the ratware is
blocked.
Are the credentials really stolen, or is the ratware actually using the
credentials that belong on the
WBrown wrote:
Are the credentials really stolen, or is the ratware actually using
the credentials that belong on the zombied computer. I would bet the
later. User changes password without cleaning off the infection and
goes right back to sending spam.
... in which case you can infer that
[EMAIL PROTECTED] wrote:
... in which case you can infer that they're infected, and the problem has gone
from a technical one to a business one. Do you cut off the customer's access,
fix their infection, send them a warning note... ?
I would think it depends on who you are... an ISP, a
On Apr 20, 2006, at 16:34, nathan r. hruby wrote:
- ratware infected boxen on campus use campus relays which relay by IP.
They spew, we queue. Badness for everyone.
We no longer have our student-residential IP block in our relay domain
for this reason. They were, by far, our biggest
8 matches
Mail list logo