[Mimedefang] HBEDV Reporting broken? - False Positives Reported
Albert E. Whale
aewhale at ABS-CompTech.com
Mon Dec 16 11:26:00 EST 2002
WoW!
So am I to Block the IP Classes from India as well?
"Ashley M. Kirchner" wrote:
> Albert E. Whale wrote:
>
> >Received: from [202.9.153.20] (HELO mdss1.kebi.com) by wks02
> >
>
> That's forged:
>
> ----------
> % dig mdss1.kebi.com
>
> ;; QUESTION SECTION:
> ;mdss1.kebi.com. IN A
>
> ;; ANSWER SECTION:
> mdss1.kebi.com. 7142 IN A 210.116.116.81
> mdss1.kebi.com. 7142 IN A 210.116.116.105
> mdss1.kebi.com. 7142 IN A 210.116.116.25
> mdss1.kebi.com. 7142 IN A 210.116.116.66
> ----------
>
> In fact, the 202.9.153.20 IP belongs to:
>
> ----------
>
> inetnum: 202.9.128.0 - 202.9.159.255
> netname: DISHNET
> descr: DISHNETDSL LTD
> descr: 19, Cathedral Garden Road
> descr: Nungambakkam
> descr: CHENNAI
> country: IN
> ----------
>
> So, your message came from a server in India, with headers that are
> pointing to mdss1.kebi.com, a server in Korea.
>
> AMK4
>
> _______________________________________________
> MIMEDefang mailing list
> MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
--
Albert E. Whale - CISSP
http://www.abs-comptech.com
----------------------------------------------------------------------
ABS Computer Technology, Inc. - ESM, Computer & Networking Specialists
Sr. Security, Network, and Systems Consultant
Board of Directors - InfraGard - Pittsburgh, PA
More information about the MIMEDefang
mailing list