• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Spoofing an IP address?

Kelemvor

Kelemvor

Lifer
Howdy,

Just to get this out of the way, I'm NOT asking HOW to spoof an IP address so don't bother flaming.

OK, that said. My wife's company has their internet connection provided via RoadRUnner. Somehow today their IP address (assuming the primary one their router has) got put on some sort of SPAM list at a local ISP. This caused any emails that were sent from any PC in that building to be rejected as Spam. Her company does not send out spam so they don't know how that happened but they are worried that someon hacked into their systems and used the network to send the emails and things like that.

So the question is, how likely is it that some Spammer email company just faked an IP address that just happened to be their versus that they hacked into their systems and actually send it from within their network using their IP.

Just looking for opinions on what might have happened.

Thanks!
 
Originally posted by: FrankyJunior
Howdy,

Just to get this out of the way, I'm NOT asking HOW to spoof an IP address so don't bother flaming.

OK, that said. My wife's company has their internet connection provided via RoadRUnner. Somehow today their IP address (assuming the primary one their router has) got put on some sort of SPAM list at a local ISP. This caused any emails that were sent from any PC in that building to be rejected as Spam. Her company does not send out spam so they don't know how that happened but they are worried that someon hacked into their systems and used the network to send the emails and things like that.

So the question is, how likely is it that some Spammer email company just faked an IP address that just happened to be their versus that they hacked into their systems and actually send it from within their network using their IP.

Just looking for opinions on what might have happened.

Thanks!
Click to expand...
Just call the ISP and tell them the issue.

This should be posted in the Networking section.
 
could happen but more than likely what happened is their Exchange box has been rooted and being used as a relay..
 
I'm fairly certain an ISP could detect IP spoofing and I don't think they would put that kind of filter in place without some internal alarm. What the ISP wouldn't be able to detect is a trojan/virus using their servers/workstations to send out spam.

 
THey don't use Exchange so that's not it. They do use outlook but it's like a 8 person office so they just use POP email accounts. The "other" ISP that's blocking it said someone got one of those "Mortgage Rate" spam emails and reported it with the IP from their office which then got banned. It has been reported to both ROadRunner and the ISP blocking the IP so it should be resolved shortly, but we're just wondering what happened in the first place.

Thanks.
 
Some ISPs will block entire ranges if they detect spam coming from an IP

Example:

If your IP were 66.35.101.98 and they were getting spam from 66.35.101.2, they will block 66.35.101.xxx screwing a lot of people.


Road Runner of Central Florida is notorious for this.
 
Originally posted by: AgaBooga
Call up Road Runner
Click to expand...

He already did and they aren't the ones blocking him, he said another local ISP is filtering their messages as spam. In the end nobody can force them to stop filtering that traffic.
 
It all depends on what the spam list is and what their criteria for adding new spammers to the list. You have to find out how/why the company was flagged as a spammer and what could have caused it.

While it's possible that someone could have spoofed the IP it's also possible that the entire subnet range has been blocked because someone with a similar IP was spamming (not as uncommon as you might expect). Another alternative is that someone set up the mail server to be an open relay and was accepting/forwarding mail from/to anyone. There might be compromised machines (virus/trojan/crackers) that have been used as a spam server w/o the company knowing about it. There might be some goofball employee who decided to use the company's internet connection for his own evil purposes. There could have been some random war driver who saw an open wireless and parks outside the buidling for an hour a day and sends spam off his laptop (unlikely but possible).
 
is the smtp server open? theres no need to hack an exchange box to spam...theres thousands of open send smtp servers out there.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top