UUNet contact for security spambot?
Some well-intentioned person at UUNet, in an effort to rid the Internet of worms, viruses, and evildoers, has written a script that sends email in response to network scans. Repeatedly. Mail comes from "secmbox3@uu.net" with a return path of "eagleeye@uu.net". We're getting complaints for an origin IP that neither originates on nor passes through our network. I'm not sure why UUNet or their robot assumes that we can help with the problem. Replies to the scripted mail appear to go to Dave Null. If a human at UU.Net could contact me off-list about this, it would be appreciated. -- Jay Hennigan - CCIE #7880 - Network Administration - jay@west.net WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Jay Hennigan [1/5/2004 10:14 PM] :
Mail comes from "secmbox3@uu.net" with a return path of "eagleeye@uu.net".
I'm getting these too, because whoever it is has been a bit too clever for his own good. Like - the ARIN contact for a netblock is foo@email.com, where email.com is a freemail service that we run. This genius at uunet takes the foo@email.com, determines that email.com admins can be best reached at postmaster@email.com, and sends us reports about an IP that we have zero control over. Totally dumb, of course ... but luckily not at the sort of volume that is generated by zone alarm type GWF [1] software. srs [1] Goober With Firewall -- srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9 manager, outblaze.com security and antispam operations
please email me your question :) I didn't write the bot, but I know the people that did. On Mon, 5 Jan 2004, Jay Hennigan wrote:
Some well-intentioned person at UUNet, in an effort to rid the Internet of worms, viruses, and evildoers, has written a script that sends email in response to network scans. Repeatedly.
Mail comes from "secmbox3@uu.net" with a return path of "eagleeye@uu.net".
We're getting complaints for an origin IP that neither originates on nor passes through our network. I'm not sure why UUNet or their robot assumes that we can help with the problem.
Replies to the scripted mail appear to go to Dave Null. If a human at UU.Net could contact me off-list about this, it would be appreciated.
-- Jay Hennigan - CCIE #7880 - Network Administration - jay@west.net WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
participants (3)
-
Christopher L. Morrow -
Jay Hennigan -
Suresh Ramasubramanian