From owner-freebsd-chat  Mon May 17 16:31:26 1999
Delivered-To: freebsd-chat@freebsd.org
Received: from smtp03.primenet.com (smtp03.primenet.com [206.165.6.133])
	by hub.freebsd.org (Postfix) with ESMTP id BD07315337
	for <freebsd-chat@FreeBSD.ORG>; Mon, 17 May 1999 16:31:23 -0700 (PDT)
	(envelope-from tlambert@usr05.primenet.com)
Received: (from daemon@localhost)
	by smtp03.primenet.com (8.8.8/8.8.8) id QAA19467;
	Mon, 17 May 1999 16:31:22 -0700 (MST)
Received: from usr05.primenet.com(206.165.6.205)
 via SMTP by smtp03.primenet.com, id smtpd019313; Mon May 17 16:31:13 1999
Received: (from tlambert@localhost)
	by usr05.primenet.com (8.8.5/8.8.5) id QAA28376;
	Mon, 17 May 1999 16:31:06 -0700 (MST)
From: Terry Lambert <tlambert@primenet.com>
Message-Id: <199905172331.QAA28376@usr05.primenet.com>
Subject: Re: Weird "Advocacy"
To: spork@super-g.com (spork)
Date: Mon, 17 May 1999 23:31:06 +0000 (GMT)
Cc: freebsd-chat@FreeBSD.ORG
In-Reply-To: <Pine.BSF.4.00.9905171803450.10184-100000@super-g.inch.com> from "spork" at May 17, 99 06:06:23 pm
X-Mailer: ELM [version 2.4 PL25]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-chat@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> Last night we got hit with one of those "dictionary attack" mail spams
> where the spammer basically tries every username in a dictionary to get
> the spam through.  The funny thing is the name of the machine:
> 
> Received: from netppl.fi (monitor@get.freebsd.because.microsoftsucks.net
>     [209.3.31.115])  

[ ... ]

> Weird?  Malicious?  Why?

You need to look a little deeper next time:

% nslookup
> set q=any
> 115.31.3.209.in-addr.arpa.
[ ... ]

115.31.3.209.in-addr.arpa       name = get.freebsd.because.microsoftsucks.net
31.3.209.IN-ADDR.ARPA   nameserver = dns1.vdi.net
31.3.209.IN-ADDR.ARPA   nameserver = dns2.vdi.net
dns1.vdi.net    internet address = 209.3.31.32
dns2.vdi.net    internet address = 209.3.31.31
> server DNS1.VDI.NET
Default Server:  DNS1.VDI.NET
Address:  209.3.31.32

> ls microsoftsucks.net.
[DNS1.VDI.NET]
$ORIGIN microsoftsucks.net.
@                       1H IN A         209.3.31.16
we.all.know.that        1H IN A         207.206.55.157
kill.bill.gates.cause   1H IN A         209.201.94.137
bill.gates.has.more.money.than.me.so  1H IN A  209.201.94.136
get.freebsd.because     1H IN A         209.3.31.115
get.linux.because       1H IN A         209.201.94.132
bill.gates.swallows     1H IN A         209.3.31.111
pure-linux              1H IN A         209.3.31.27
knows                   1H IN A         209.201.94.135
windows98.is.proof      1H IN A         209.201.94.131
bill.gates.is.gay.and   1H IN A         142.207.10.6
linux.owns.and          1H IN A         142.207.10.6
bsd.rules.and           1H IN A         209.201.94.133
thinks.bill.gates.and   1H IN A         209.201.94.130
bitchx                  1H IN A         209.2.135.202
mail                    1H IN A         209.3.31.16
grep                    1H IN A         209.201.94.133
www                     1H IN A         209.3.31.16
everything.made.by      1H IN A         209.201.94.134
darkfires.rocks.but     1H IN A         209.3.31.4
incoming                1H IN A         209.3.31.16
freemail                1H IN A         209.3.31.16
>


					Terry Lambert
					terry@lambert.org
---
Any opinions in this posting are my own and not those of my present
or previous employers.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message