[GTALUG] Email problem and some observations.
ac
ac at main.me
Thu Jul 14 10:58:34 EDT 2016
On Thu, 14 Jul 2016 10:37:32 -0400
Alvin Starr <alvin at netvel.net> wrote:
<snip snip>
> >> Tue, 12 Jul 2016 19:59:59 -0400 Yahoo! Inc. 8
> >> Tue, 12 Jul 2016 15:22:56 -0400 CheatCodes.com 13
> >> Wed, 13 Jul 2016 19:59:59 -0400 google.com 785
> >> Wed, 13 Jul 2016 14:49:03 -0400 CheatCodes.com 3
> >> So about cheatcodes.com.
> > hmm, looks like this could be a fake reverse zone for a private ip
> > on your home pvt network?
> > If you look at my headers I have a pvt range setup with a inaddr to
> > cow.co.za :) - my DMARC would report "cow.co.za" on the sec gw
> > 192.168. - otherwise you could have malware, either way - you should
> > have fun figuring it out :)
> DMARC reports the sending IP. and in my case the sending ip is my
> firewall. That is what got me going.
in the report it's just a name - it can be anything - even "hello world"
like mine is cow...
i just had a thought... cheatcodes.com - do you have a teenager /
gamer in the house :)
oh, and btw - how are you blocking the outgoing ports?
in theory you/malware/teenager/? would be opening
example port 34912 (r high) --> 25 (or whatever)
> I know it cannot be my laptop because that runs Linux and we all know
> that is impervious to hacks.
> OOPS. My android phones also run Linux(of sorts)...
> Possibly its time to re-evaluate this belief.
>
i would still choose a hardened *nix/bsd over anything else any day
>
> >
> >
>
More information about the talk
mailing list