Tracking netsky source

Discussion in 'malware problems & news' started by gbtech, Aug 29, 2004.

Thread Status:
Not open for further replies.
  1. gbtech

    gbtech Registered Member

    Joined:
    Aug 29, 2004
    Posts:
    1
    Recently, my email server has been intercepting netskyP and beagleX infected messsages.
    I've traced the source email, and it doesn't resolve to the IP it says it's from in the header. -

    From: yadayada1@comcast.net
    To: whoever1@montarch.com
    Received: from hall-gateway.net [65.114.248.xx]
    by mail [170.215.76.xx]

    65.114.248.xx resolves to iwworks.com

    Comcast.net should have an address like- 63.240.76.??, 204.127.205.?, as per samspade (dns, finger, tracert, whois. etc.) and my logs of good past transactions.
    I sent a (nice) letter off to the admin and tech contacts listed in a WHOIS for iwworks.com, illustrating my points, and providing the ip addresses used to spoof the yadayada1@comcast.net account.
    I was wondering if I jumped the gun a bit- should I have or could I have done anything else to research the source? Or do I owe them an apology.
     
Loading...
Thread Status:
Not open for further replies.