Skizofrén mail

Security-all

Nem voltam gépközelben délután, most késő este ránéztem a postafiókjaimra, és ezt találtam.

,,
Return-Path:
Delivered-To: akármi@freemail.hu
Received: (qmail 48715 invoked from network); 5 Jun 2006 15:33:35 +0200
Received: from unknown (HELO Texas1.com) (72.16.147.46)
by fmx13.freemail.hu with SMTP; 5 Jun 2006 15:33:34 +0200
Date: Mon, 05 Jun 2006 08:33:32 -0600
To: "akármi"
From: "akármi"
Subject: 1545453
Message-ID:
MIME-Version: 1.0
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Freemail: message scanned
Status: R
X-Status: NC
X-KMail-EncryptionState:
X-KMail-SignatureState:
X-KMail-MDN-Sent:

969

''

Vagyis kaptam magamtól (?!) egy levelet. Ami freemailen elég ritkán fordul elő velem. A forrásban szereplő IP-címet megnéztem.

Keresésre ezt adja:

,,
Source TTL Address Type Record Type1 Resolution
147.16.72.in-addr.arpa. 3520 IN SOA 147.16.72.in-addr.arpa.
''

Whois-ra:

,,
OrgName: CBEYOND COMMUNICATIONS, LLC
OrgID: CBEY
Address: 320 Interstate North Parkway
Address: Suite 300
City: Atlanta
StateProv: GA
PostalCode: 30339
Country: US

ReferralServer: rwhois://rwhois.cbeyond.net:4321/

NetRange: 72.16.128.0 - 72.16.255.255
CIDR: 72.16.128.0/17
NetName: CBEY
NetHandle: NET-72-16-128-0-1
Parent: NET-72-0-0-0-0
NetType: Direct Allocation
NameServer: INFINITY.CBEYOND.NET
NameServer: BEYOND.CBEYOND.NET
Comment: For prompt attention, please send all abuse (spam, DOS,
Comment: etc) correspondence to our Abuse handle...(abuse@cbeyond.net) -Cbeyond
Comment: rwhois.cbeyond.net port 4321
RegDate: 2005-01-13
Updated: 2005-08-03

OrgAbuseHandle: ABUSE294-ARIN
OrgAbuseName: Cbeyond-Abuse
OrgAbusePhone: +1-678-424-2400
OrgAbuseEmail: abuse@cbeyond.net

OrgTechHandle: AI93-ARIN
OrgTechName: Admin IP
OrgTechPhone: +1-678-424-2400
OrgTechEmail: ip-admin@cbeyond.net

# ARIN WHOIS database, last updated 2006-06-04 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

Found a referral to rwhois.cbeyond.net:4321.

%rwhois V-1.5:003eff:00 rwhois.cbeyond.net (by Network Solutions, Inc. V-1.5.9)
network:Class-Name:network
network:ID:NET-72-16-128-0-1
network:Auth-Area:72.16.128.0
network:Network-Name:CBEY-72.16.147.44
network:IP-Network:72.16.147.44/30
network:IP-Network-Block:72.16.147.44 - 72.16.147.47
network:Org-Name:McGinnis Industrial
network:Street-Address:3935 Hartsdale Dr
network:City:Houston
network:State:TX
network:Postal-Code:77063
network:Country-Code:US
network:Tech-Contact;I:ip-admin@cbeyond.net
network:Admin-Contact;I:ip-admin@cbeyond.net
network:Abuse-Contact;I:abuse@cbeyond.net
network:Created:1
network:Updated:20060603
network:Updated-By:ip-admin@cbeyond.net

network:Class-Name:network
network:ID:NET-72-16-128-0-1
network:Auth-Area:72.16.128.0/18
network:Network-Name:CBEY-72.16.128.0
network:IP-Network:72.16.128.0/18
network:IP-Network-Block:72.16.128.0 - 72.16.191.255
network:Org-Name:Cbeyond Communications
network:Street-Address:320 Interstate North Parkway, Suite 300
network:City:Atlanta
network:State:GA
network:Postal-Code:30339
network:Country-Code:US
network:Tech-Contact;I:ip-admin@cbeyond.net
network:Admin-Contact;I:ip-admin@cbeyond.net
network:Abuse-Contact;I:abuse.net
network:Created:1
network:Updated:20060603
network:Updated-By:ip-admin@cbeyond.net

%ok
''

Traceroute-tal:

,,
Hop Hostname IP Time 1 Time 2
1 x.x.x.x x.x.x.x 0.922 0.536
2 lo1.bsr0-keszthely.net.telekom.hu 145.236.238.164 16.398 20.391
4 * * * *
5 bpt-b1-geth4-0.telia.net 213.248.79.241 18.162 19.941
6 ffm-bb2-pos1-0-0.telia.net 213.248.64.25 37.556 36.392
7 prs-bb2-pos7-0-0.telia.net 213.248.65.117 46.057 44.290
8 ldn-bb2-pos7-0-0.telia.net 213.248.65.113 52.222 54.139
9 nyk-bb2-pos7-0-0.telia.net 213.248.65.210 121.982 120.151
10 chi-bb1-pos7-0-0-0.telia.net 213.248.80.73 141.663 141.569
11 at-t.telia.net 213.248.84.70 170.271 172.818
12 tbr2-p010101.cgcil.ip.att.net 12.123.4.18 204.593 208.077
13 tbr2-cl7.sl9mo.ip.att.net 12.122.10.46 207.955 207.119
14 tbr1-cl24.sl9mo.ip.att.net 12.122.9.141 204.233 200.693
15 tbr2-cl6.dlstx.ip.att.net 12.122.10.90 207.252 208.546
16 tbr1-cl25.dlstx.ip.att.net 12.122.9.161 208.698 207.086
17 tbr2-cl12.hs1tx.ip.att.net 12.122.10.130 206.472 206.645
18 gbr2-p100.hs1tx.ip.att.net 12.122.12.150 204.954 201.665
19 gar1-p370.hs1tx.ip.att.net 12.123.134.25 199.545 199.842
20 12.116.147.206 12.116.147.206 200.309 201.663
21 * * * *
22 * * * *
23 * * * *
24 72.16.147.46 72.16.147.46 207.587 !A
''

Megköszönném, ha valaki felvilágosítana, hogy fölöslegesen gyanakszom egy ilyen levél olvastán.

tazola

  • 1654 megtekintés

( maszogep | 2006. 06. 06., k – 06:52 )

Én is kaptam ma egy ugyanilyet a gmailtől a gmailes címemre. Biztosan valami 666 típusú vírus.

Mászógép

( Refresh | 2006. 06. 06., k – 07:15 )

Én meg valami mailer-daemon-tól kaptam hasonlót a munkahelyi címemre. :)
(a spamfilter észrevette, hogy valami nem stimmel, ezért tőle)
Attachmentként egy három soros html kód, benne egyetlen számmal.
A feladó a header szerint valami brazil adsl user.
Szóval szvsz nincs jelentősége.

--
Fel! Támadunk!

( flimo | 2006. 06. 06., k – 07:32 )

Én vmi madridi fixip-s címtől kaptam ugyan ezt :)
Lehet elszabadult a skynet :D