Tracking netsky source

Discussion in 'malware problems & news' started by gbtech, Aug 29, 2004.

Thread Status:
Not open for further replies.
  1. gbtech

    gbtech Registered Member

    Joined:
    Aug 29, 2004
    Posts:
    1
    Recently, my email server has been intercepting netskyP and beagleX infected messsages.
    I've traced the source email, and it doesn't resolve to the IP it says it's from in the header. -

    From: yadayada1@comcast.net
    To: whoever1@montarch.com
    Received: from hall-gateway.net [65.114.248.xx]
    by mail [170.215.76.xx]

    65.114.248.xx resolves to iwworks.com

    Comcast.net should have an address like- 63.240.76.??, 204.127.205.?, as per samspade (dns, finger, tracert, whois. etc.) and my logs of good past transactions.
    I sent a (nice) letter off to the admin and tech contacts listed in a WHOIS for iwworks.com, illustrating my points, and providing the ip addresses used to spoof the yadayada1@comcast.net account.
    I was wondering if I jumped the gun a bit- should I have or could I have done anything else to research the source? Or do I owe them an apology.
     
    gbtech, Aug 29, 2004
    #1
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...