Tracking netsky source

Discussion in 'malware problems & news' started by gbtech, Aug 29, 2004.

Thread Status:
Not open for further replies.
  1. gbtech

    gbtech Registered Member

    Aug 29, 2004
    Recently, my email server has been intercepting netskyP and beagleX infected messsages.
    I've traced the source email, and it doesn't resolve to the IP it says it's from in the header. -

    Received: from [65.114.248.xx]
    by mail [170.215.76.xx]

    65.114.248.xx resolves to should have an address like- 63.240.76.??, 204.127.205.?, as per samspade (dns, finger, tracert, whois. etc.) and my logs of good past transactions.
    I sent a (nice) letter off to the admin and tech contacts listed in a WHOIS for, illustrating my points, and providing the ip addresses used to spoof the account.
    I was wondering if I jumped the gun a bit- should I have or could I have done anything else to research the source? Or do I owe them an apology.
Thread Status:
Not open for further replies.