[Mimedefang] HBEDV Reporting broken? - False Positives Reported

Albert E. Whale aewhale at ABS-CompTech.com
Mon Dec 16 11:26:00 EST 2002


WoW!

So am I to  Block the IP Classes from India as well?

"Ashley M. Kirchner" wrote:

> Albert E. Whale wrote:
>
> >Received: from [202.9.153.20] (HELO mdss1.kebi.com)  by wks02
> >
>
>     That's forged:
>
> ----------
> % dig mdss1.kebi.com
>
> ;; QUESTION SECTION:
> ;mdss1.kebi.com.                        IN      A
>
> ;; ANSWER SECTION:
> mdss1.kebi.com.         7142    IN      A       210.116.116.81
> mdss1.kebi.com.         7142    IN      A       210.116.116.105
> mdss1.kebi.com.         7142    IN      A       210.116.116.25
> mdss1.kebi.com.         7142    IN      A       210.116.116.66
> ----------
>
>     In fact, the 202.9.153.20 IP belongs to:
>
> ----------
>
> inetnum:      202.9.128.0 - 202.9.159.255
> netname:      DISHNET
> descr:        DISHNETDSL LTD
> descr:        19, Cathedral Garden Road
> descr:        Nungambakkam
> descr:        CHENNAI
> country:      IN
> ----------
>
>     So, your message came from a server in India, with headers that are
> pointing to mdss1.kebi.com, a server in Korea.
>
>     AMK4
>
> _______________________________________________
> MIMEDefang mailing list
> MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

--
Albert E. Whale - CISSP
http://www.abs-comptech.com
----------------------------------------------------------------------
ABS Computer Technology, Inc. - ESM, Computer & Networking Specialists
Sr. Security, Network, and Systems Consultant
Board of Directors - InfraGard - Pittsburgh, PA





More information about the MIMEDefang mailing list