Spoofing an IP address?

[Kelemvor]

Howdy,

Just to get this out of the way, I'm NOT asking HOW to spoof an IP address so don't bother flaming.

OK, that said. My wife's company has their internet connection provided via RoadRUnner. Somehow today their IP address (assuming the primary one their router has) got put on some sort of SPAM list at a local ISP. This caused any emails that were sent from any PC in that building to be rejected as Spam. Her company does not send out spam so they don't know how that happened but they are worried that someon hacked into their systems and used the network to send the emails and things like that.

So the question is, how likely is it that some Spammer email company just faked an IP address that just happened to be their versus that they hacked into their systems and actually send it from within their network using their IP.

Just looking for opinions on what might have happened.

Thanks!

 

[Iron Woode]

Originally posted by: FrankyJunior
Howdy,

Just to get this out of the way, I'm NOT asking HOW to spoof an IP address so don't bother flaming.

OK, that said. My wife's company has their internet connection provided via RoadRUnner. Somehow today their IP address (assuming the primary one their router has) got put on some sort of SPAM list at a local ISP. This caused any emails that were sent from any PC in that building to be rejected as Spam. Her company does not send out spam so they don't know how that happened but they are worried that someon hacked into their systems and used the network to send the emails and things like that.

So the question is, how likely is it that some Spammer email company just faked an IP address that just happened to be their versus that they hacked into their systems and actually send it from within their network using their IP.

Just looking for opinions on what might have happened.

Thanks!

Just call the ISP and tell them the issue.

This should be posted in the Networking section.

 

[Nocturnal]

Maybe someone sent a chain letter and someone reported it as spam to someone?

 

[hevnsnt]

could happen but more than likely what happened is their Exchange box has been rooted and being used as a relay..

 

[joinT]

I'm fairly certain an ISP could detect IP spoofing and I don't think they would put that kind of filter in place without some internal alarm. What the ISP wouldn't be able to detect is a trojan/virus using their servers/workstations to send out spam.

 

[Kelemvor]

THey don't use Exchange so that's not it. They do use outlook but it's like a 8 person office so they just use POP email accounts. The "other" ISP that's blocking it said someone got one of those "Mortgage Rate" spam emails and reported it with the IP from their office which then got banned. It has been reported to both ROadRunner and the ISP blocking the IP so it should be resolved shortly, but we're just wondering what happened in the first place.

Thanks.

 

[Aves]

Some ISPs will block entire ranges if they detect spam coming from an IP

Example:

If your IP were 66.35.101.98 and they were getting spam from 66.35.101.2, they will block 66.35.101.xxx screwing a lot of people.


Road Runner of Central Florida is notorious for this.

 

[AgaBoogaBoo]

Call up Road Runner

 

[Aves]

Originally posted by: AgaBooga
Call up Road Runner

He already did and they aren't the ones blocking him, he said another local ISP is filtering their messages as spam. In the end nobody can force them to stop filtering that traffic.

 

[Savij]

It all depends on what the spam list is and what their criteria for adding new spammers to the list. You have to find out how/why the company was flagged as a spammer and what could have caused it.

While it's possible that someone could have spoofed the IP it's also possible that the entire subnet range has been blocked because someone with a similar IP was spamming (not as uncommon as you might expect). Another alternative is that someone set up the mail server to be an open relay and was accepting/forwarding mail from/to anyone. There might be compromised machines (virus/trojan/crackers) that have been used as a spam server w/o the company knowing about it. There might be some goofball employee who decided to use the company's internet connection for his own evil purposes. There could have been some random war driver who saw an open wireless and parks outside the buidling for an hour a day and sends spam off his laptop (unlikely but possible).

 

is the smtp server open? theres no need to hack an exchange box to spam...theres thousands of open send smtp servers out there.