[6bone] Spammers already using 6bone ipv6 addresses?

Kimmo Suominen kim@tac.nyc.ny.us
Wed, 10 Sep 2003 11:56:19 -0400


I frequently see MAILER-DAEMON mail trying to come back to my internal
systems, using Message-ID's as the recipient address.

In other words, someone is sending out spam/viruses using Message-ID's
from harvested messages.  Then some systems send back "helpful" virus
alerts to the sender, or just regular bounces.

If the system is IPv6 enabled, and the DNS entry has an AAAA, then
delivery for the bounces will be attempted over IPv6 first.

So not necessarily a spammer or even a virus infected machine.

Cheers,
+ Kim


| From:    Russell King <rmk@arm.linux.org.uk>
| Date:    Wed, 10 Sep 2003 10:05:52 +0100
|
| Hi,
|
| It seems that spammers may have started using IPv6 to spread their wares.
| I've recently had SMTP connection attempts to one of my internal machines
| (flint.arm.linux.org.uk) from 3ffe:0bc0:8000:0000:8000:0000:d582:a322.
|
| The interesting thing about this is that flint.arm.linux.org.uk has never
| been used as the source of email, but does appear in BitKeeper repositories
| as the host ID part of someone who commits.  (BitKeeper ids contain an
| object which looks a lot like an email address.)
|
| Maybe someone's running an open relay on 6bone ?
|
| I'm also copying the person who seems to be the owner of that IPv6 space.
|
| --
| Russell King (rmk@arm.linux.org.uk)	http://www.arm.linux.org.uk/personal/
| Linux kernel maintainer of:
|   2.6 ARM Linux   - http://www.arm.linux.org.uk/
|   2.6 PCMCIA      - http://pcmcia.arm.linux.org.uk/
|   2.6 Serial core
| _______________________________________________
| 6bone mailing list
| 6bone@mailman.isi.edu
| http://mailman.isi.edu/mailman/listinfo/6bone
|