news.admin.net-abuse.email



Newsgroups: news.admin.net-abuse.email
From: [email protected] (Morely Dotes [permanent C&C])
Subject: Re: Army.mil open relay?
Organization: The Lumber Cartel (TacOps Div)
References: <[email protected]>
X-Newsreader: News Xpress 2.01
Lines: 148
Message-ID: 
Date: Sat, 18 Nov 2000 18:47:48 GMT
NNTP-Posting-Host: 24.6.154.6
X-Complaints-To: [email protected]
X-Trace: news1.sttls1.wa.home.com 974573268 24.6.154.6 (Sat, 18 Nov 2000 10:47:48 PST)
NNTP-Posting-Date: Sat, 18 Nov 2000 10:47:48 PST


In article <[email protected]>, [email protected] (Joseph Joyce) wrote:
>
>Return-Path: 
>Received: from army.mil ([140.153.43.98])
>        by runyon.mail.mindspring.net (Mindspring Mail Service) with ESMTP id
>t19ptu.gj.37kbi7f       for ; Fri, 17 Nov 2000
>03:09:34 -0500 (EST) Received: by army.mil; id AAA24730; Fri, 17 Nov 2000
>00:56:41 -0700 (MST) Date: Fri, 17 Nov 2000 00:56:41 -0700 (MST)
>From: 
>Message-Id: <[email protected]>
>To: [email protected]
>Reply-To: [email protected]
>Subject: Your Mortgage = A Vaction :)                                    
>              [hm2xg] 
>
>Army.mil doesn't say where they recieved it from. Also, I tried a
>traceroute on 140.153.43.98, but it failed. So I did a IP Block,
>unfortunatly, they didn't turn up well either. It just turned up more
>army.mil stuff. Even Sam Spade has no idea where it might go to. My only
>guess is that it came directly from army.mil, but I doubt that. 
>
>Can anyone help me with this?

Let's see:

11/18/00 10:42:26 IP block 140.153.43.98
Trying 140.153.43.98 at ARIN
Trying 140.153.43 at ARIN
Fulda CDOIM (NET-FULDA-GW1)
   DIR USANETA
   Ft Huachuca, AZ 85613-5000

   Netname: FULDA-GW1
   Netnumber: 140.153.0.0

   Coordinator:
      Jones, Linda  (LJ264-ARIN)  [email protected]
      (520) 538-1245 (FAX) (520) 538-6809

   Domain System inverse mapping provided by:

   NS01.ARMY.MIL  198.49.185.27
   NS02.ARMY.MIL  192.82.113.7
   NS03.ARMY.MIL  130.114.200.6

   Record last updated on 09-Dec-1999.
   Database last updated on 18-Nov-2000 07:34:41 EDT.

11/18/00 10:43:15 dig NS01.ARMY.MIL @ 24.2.0.27
Dig [email protected] (130.114.200.6) ...
Authoritative Answer
Recursive queries supported by this server
 Query for NS01.ARMY.MIL type=255 class=1
  NS01.ARMY.MIL A (Address) 140.153.43.44
Malformed name in RR
Dig [email protected] (192.82.113.7) ...
Authoritative Answer
Recursive queries supported by this server
 Query for NS01.ARMY.MIL type=255 class=1
  NS01.ARMY.MIL A (Address) 140.153.43.44
Malformed name in RR
Dig [email protected] (140.153.43.44) ...
Authoritative Answer
Recursive queries supported by this server
 Query for NS01.ARMY.MIL type=255 class=1
  NS01.ARMY.MIL A (Address) 140.153.43.44
  mil NS (Nameserver) NS01.ARMY.MIL
  mil NS (Nameserver) ns03.army.mil
  mil NS (Nameserver) ns02.army.mil
  NS01.ARMY.MIL A (Address) 140.153.43.44
  ns03.army.mil A (Address) 130.114.200.6
  ns02.army.mil A (Address) 192.82.113.7
Dig [email protected] ...
Non-authoritative answer
Recursive queries supported by this server
 Query for NS01.ARMY.MIL type=255 class=1
  NS01.ARMY.MIL A (Address) 140.153.43.44
  ARMY.MIL NS (Nameserver) NS01.ARMY.MIL
  ARMY.MIL NS (Nameserver) NS02.ARMY.MIL
  ARMY.MIL NS (Nameserver) NS03.ARMY.MIL
  NS01.ARMY.MIL A (Address) 140.153.43.44
  NS02.ARMY.MIL A (Address) 192.82.113.7
  NS03.ARMY.MIL A (Address) 130.114.200.6

11/18/00 10:43:53 IP block 130.114.200.6
Trying 130.114.200.6 at ARIN
Trying 130.114.200 at ARIN
Army Aberdeen Proving Ground Installation Support Activity (NET-APGNET)
   USAGAPG
   Aberdeen Proving Ground, MD 21005-5001

   Netname: APGNET
   Netnumber: 130.114.0.0

   Coordinator:
      Hanssen, Robert  (RH402-ARIN)  [email protected]
      (410) 306-1340 (FAX) (410) 278-7011

   Domain System inverse mapping provided by:

   NS01.ARMY.MIL  198.49.185.27
   NS02.ARMY.MIL  192.82.113.7
   NS03.ARMY.MIL  130.114.200.6

   Record last updated on 23-Mar-2000.
   Database last updated on 18-Nov-2000 07:34:41 EDT.

11/18/00 10:44:18 IP block 192.82.113.7
Trying 192.82.113.7 at ARIN
Trying 192.82.113 at ARIN
US Army Tank-Automotive Command (NET-TACOM-LAN)
   AMSTA-RM-DCA  Bldg 230 Computer Room
   6501 E. Eleven Mile Rd.
   Warren, MI 48397-5000

   Netname: TACOM-LAN
   Netnumber: 192.82.113.0

   Coordinator:
      Petersen, Keith  (KP218-ARIN)  [email protected]
      (904) 304-3349 (FAX) (904) 304-3349

   Domain System inverse mapping provided by:

   NS01.ARMY.MIL  198.49.185.27
   NS02.ARMY.MIL  192.82.113.7
   NS03.ARMY.MIL  130.114.200.6

   Record last updated on 30-Mar-2000.
   Database last updated on 18-Nov-2000 07:34:41 EDT.

So I'd say LARTS to:
[email protected]
[email protected]
[email protected]

And if that doesn't work, try a reporter at the Washington Post - suggest that 
it might not be a good thing for the US Army to permit anonymous civilians 
from all over the world to have Internet access to US Army computers which 
seem to be located at Fort Huachuca, AZ, and may be involved in strategic 
planning for military operations in the Fulda Gap.


-- 
"I LART; therefor I am."
"Running over spammers on the information superhighway since 1995"
The e-mail address above is real.  Nothing has been changed to protect anyone.
Spammers who send junk to that address find that out very quickly.


From: Mike Segel Subject: Re: Redstone.army.mil Spam response Date: 1997/12/29 Message-ID: <[email protected]>#1/1 Content-Transfer-Encoding: 7bit References: <[email protected]> Content-Type: text/plain; charset=us-ascii Organization: Secret Squirrel Fan Club Mime-Version: 1.0 Newsgroups: news.admin.net-abuse.email Well, Today, I talked with Linda Jones over at Army.Mil. In front of her, I did a simple test. The relay is still open, however it does check to see if you have a valid domain. However it doesn't record or show your domain in the e-mail. Since it doesn't show the server type, I'd guess sendmail. But then again we are dealing with the army so use your best judgement. -The Management. [email protected] wrote: > heya all.. I forwarded the headers to Redstone's administrator.. and I > got the following response... > > To: David Yellope > Subject: RE: Illegal Relay Use of your email server > From: Administrator1 > Date: Mon, 29 Dec 97 06:49:00 CST > > Thanks David, this will be turned over to security.. > > admin > > ---------- > From: David Yellope > To: admin > Subject: Illegal Relay Use of your email server > Date: Saturday, December 27, 1997 5:35AM > > You may want to check the security of your server.. looks like > Unauthorized Unsolicited Commercial E-Mail is being relayed through > your servers.... > > (headers sbnipped) > > Looks like a spammer may have a couple of MP's on his case soon > > David Y. > > -------------------==== Posted via Deja News ====----------------------- > http://www.dejanews.com/ Search, Read, Post to Usenet
Lines: 46 X-Admin: [email protected] From: [email protected] (Karen Hoffmann) Newsgroups: news.admin.net-abuse.email Date: 11 Aug 2001 15:23:42 GMT Organization: AOL http://www.aol.com Subject: relay test needed for 55.30.254.245 Message-ID: <[email protected]> http://relays.osirusoft.com/cgi-bin/rbcheck.cgi doesn't list 55.30.254.245. Can someone here spin their magic and let me know if it's open or point me to some handy, dandy on-line tool? The one I usually use seems to be down right now. 08/11/01 11:01:35 dns 55.30.254.245 nslookup 55.30.254.245 Canonical name: ms-28245-mail.ms.ngb.army.mil Addresses: 55.30.254.245 Return-Path: Received: from rly-st08.mail.aol.com (rly-st08.mail.aol.com [172.31.34.3]) by air-xd05.mail.aol.com (v79.27) with ESMTP id MAILINXD53-0811020532; Sat, 11 Aug 2001 02:05:32 -0400 Received: from rly-xa05.mx.aol.com (rly-xa05.mail.aol.com [172.20.105.74]) by rly-st08.mail.aol.com (8.8.8/8.8.8/AOL-5.0.0) with ESMTP id CAA08197; Sat, 11 Aug 2001 02:00:39 -0400 (EDT) From: [email protected] Received: from ms-28245-mail.ms.ngb.army.mil (ms-28245-mail.ms.ngb.army.mil [55.30.254.245]) by rly-xa05.mx.aol.com (v79.20) with ESMTP id MAILRELAYINXA57-0811020028; Sat, 11 Aug 2001 02:00:28 -0400 Received: from mail.pechtek.net (hdflw308.hostdepot.com [12.8.12.38]) by ms-28245-mail.ms.ngb.army.mil with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id QTPP7MQX; Sat, 11 Aug 2001 00:59:18 -0500 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.5 MIME-Version: 1.0 Message-ID: Sensitivity: Personal To: Content-Type: text/html Importance: Medium Subject: Amazing Secrets To Discover! Date: Sat, 11 Aug 2001 02:00:17 -0400 Content-Transfer-Encoding: 7bit X-Other-References: 0391AF217 X-References: 0482E48E1, 09D8BF469 Start Here Now!: http://www.bramara.net/index.html TIA --- Karen --- -- "lately, karen never vends until richard manages the resilient proxy lovingly" --- HipCrime, 08-Aug-2001
From: Dan Anderson Newsgroups: news.admin.net-abuse.email Subject: Re: NIC.mil spam Message-ID: Cancel-Lock: sha1:dlemz0QGN7aURxmU87QbFtPxvN0= References: <[email protected]> <[email protected]> X-Newsreader: Forte Agent 1.8/32.548 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-NFilter: 1.2.1-b1 Lines: 71 Date: Sat, 30 Jun 2001 04:09:15 GMT NNTP-Posting-Host: 66.74.204.151 X-Complaints-To: [email protected] X-Trace: typhoon.san.rr.com 993874155 66.74.204.151 (Fri, 29 Jun 2001 21:09:15 PDT) NNTP-Posting-Date: Fri, 29 Jun 2001 21:09:15 PDT Organization: Road Runner Dan Anderson wrote: OK--I found the spam. The Military spam at least wasn't trying to sell me Herbal Viagra or other junk, but I find it interesting that they were spamming to test a mailing list. I never heard or dealed with these people and have no interest in the subject (Military Medicine????) and I don't want to hear from them again. - Dan > From [email protected] Sat Jun 9 04:55:04 2001 Return-Path: Received: from andrews.computer.org ([63.84.220.11]) by dan.drydog.com (8.11.2/8.11.2) with ESMTP id f59Bt3504714 for <.................................>; Sat, 9 Jun 2001 04:55:04 -0700 Received: from csdmail.medcom.amedd.army.mil ([139.232.17.42]) by andrews.computer.org (Build 101 8.9.3/NT-8.9.3) with ESMTP id QAA10440 for <..............................>; Thu, 07 Jun 2001 16:10:04 -0700 Received: from 126-b001-05c [139.232.17.45] by csdmail.medcom.amedd.army.mil [139.232.17.42] with SMTP (MDaemon.PRO.v4.0.3a.T) for <...........................>; Thu, 07 Jun 2001 17:13:16 -0500 From: "Milton Bell" To: "Tricarehelp List Member" <...............................> Date: Thu, 7 Jun 2001 17:11:51 -0500 MIME-Version: 1.0 Date: Thu, 7 Jun 2001 17:11:51 -0500 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: [Tricarehelp] Mailing List Test Message {01} Message-ID: Priority: normal X-mailer: Pegasus Mail for Win32 (v3.12c) X-MDRemoteIP: 139.232.17.45 Sender: [email protected] X-Return-Path: [email protected] Precedence: bulk X-MDMailing-List: [email protected] X-MDSend-Notifications-To: [email protected] Reply-To: [email protected] Status: O X-Status: Status: O X-Status: X-Keywords: X-UID: 3254 This is a test of the TRICAREHELP mailing list. This mailing list is used to distribute newsletters and other information for the TRICARE Help Electronic Mail System ([email protected]) A reply is not required. However, if you receive duplicate copies of this message please advise. If you do not wish to be on the TRICAREHELP mailing list, please let me know or send a message to [email protected] to be automatically removed. Thank you, - Dan Anderson dan San Diego, - @ - California, USA drydog.com
From sunny.netside.net!news-out.cwix.com!newsfeed.cwix.com!sjc-peer.news.verio.net!news.verio.net!feeder.via.net!news.he.net!sn-xit-03!sn-post-01!supernews.com!corp.supernews.com!not-for-mail Sat Nov 18 12:44:25 2000 Path: sunny.netside.net!news-out.cwix.com!newsfeed.cwix.com!sjc-peer.news.verio.net!news.verio.net!feeder.via.net!news.he.net!sn-xit-03!sn-post-01!supernews.com!corp.supernews.com!not-for-mail From: [email protected] (Gary S. Callison) Newsgroups: news.admin.net-abuse.email Subject: Re: Army.mil open relay? Date: Sat, 18 Nov 2000 09:26:40 -0000 Organization: InterAccess, Co. - Chicagoland's Full Service Internet Provider Message-ID: References: <[email protected]> Reply-To: [email protected] X-Newsreader: TIN [UNIX 1.3 950824BETA PL0] X-Complaints-To: [email protected] Lines: 33 Joseph Joyce ([email protected]) wrote: : Return-Path: : Received: from army.mil ([140.153.43.98]) : by runyon.mail.mindspring.net (Mindspring Mail Service) with ESMTP id : t19ptu.gj.37kbi7f for ; Fri, 17 Nov 2000 : 03:09:34 -0500 (EST) Received: by army.mil; id AAA24730; Fri, 17 Nov 2000 : 00:56:41 -0700 (MST) Date: Fri, 17 Nov 2000 00:56:41 -0700 (MST) : From: : Message-Id: <[email protected]> : To: [email protected] : Reply-To: [email protected] : Subject: Your Mortgage = A Vaction :) : [hm2xg] : : Army.mil doesn't say where they recieved it from. Also, I tried a : traceroute on 140.153.43.98, but it failed. So I did a IP Block, : unfortunatly, they didn't turn up well either. It just turned up more : army.mil stuff. Even Sam Spade has no idea where it might go to. My only : guess is that it came directly from army.mil, but I doubt that. If these are complete headers, my guess is that it _did_ come from 140.153.43.98, which is a US Army computer. I couldn't tell you who to lart though, as I dunno any more about it than that, and it's not answering on port 25 or 80. Most military computers have a little more useful information in the headers, typically {base}-{machine}.army.mil, and in that case you send your lart to the Information Systems Security Officer at {base}, but in this case, I'm clueless. Maybe postmaster at AIMS7.ARMY.MIL ? -- Huey
From sunny.netside.net!news-out.cwix.com!newsfeed.cwix.com!news.maxwell.syr.edu!telocity-west!TELOCITY!newsrump.sjc.telocity.net!not-for-mail Sat Nov 18 12:44:25 2000 Path: sunny.netside.net!news-out.cwix.com!newsfeed.cwix.com!news.maxwell.syr.edu!telocity-west!TELOCITY!newsrump.sjc.telocity.net!not-for-mail From: "JGardner" Newsgroups: news.admin.net-abuse.email References: <[email protected]> Subject: Re: Army.mil open relay? Lines: 46 X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Message-ID: X-Trace: NDYgTm9BdXRoVXNlciBURUxPMklUWS1SRTBERVJTIDY0LjM0LjExMC4xN1EgU2F0LCAxOCBOb3Yg!MjAwMBYwNTozSToxNSBQU1Q= X-Abuse-Info: Please forward ALL headers when reporting abuse. X-Complaints-To: [email protected] NNTP-Posting-Date: Sat, 18 Nov 2000 05:38:15 PST Date: Sat, 18 Nov 2000 08:33:57 -0500 "Joseph Joyce" wrote in message news:[email protected]... > Return-Path: > Received: from army.mil ([140.153.43.98]) > by runyon.mail.mindspring.net (Mindspring Mail Service) with ESMTP id > t19ptu.gj.37kbi7f for ; Fri, 17 Nov 2000 > 03:09:34 -0500 (EST) Received: by army.mil; id AAA24730; Fri, 17 Nov 2000 > 00:56:41 -0700 (MST) Date: Fri, 17 Nov 2000 00:56:41 -0700 (MST) > From: > Message-Id: <[email protected]> > To: [email protected] > Reply-To: [email protected] > Subject: Your Mortgage = A Vaction :) > [hm2xg] > > Army.mil doesn't say where they recieved it from. Also, I tried a > traceroute on 140.153.43.98, but it failed. So I did a IP Block, > unfortunatly, they didn't turn up well either. It just turned up more > army.mil stuff. Even Sam Spade has no idea where it might go to. My only > guess is that it came directly from army.mil, but I doubt that. > > Can anyone help me with this? > IP block lookup for 140.153.43.98 whois -h whois.arin.net 140.153.43.98 Fulda CDOIM (NET-FULDA-GW1) DIR USANETA Ft Huachuca, AZ 85613-5000 Netname: FULDA-GW1 Netnumber: 140.153.0.0 Coordinator: Jones, Linda (LJ264-ARIN) DOMAIN-REQUEST [at] AIMS7.ARMY.MIL (520) 538-1245 (FAX) (520) 538-6809 I'd go ahead and use the email address above; Ft Huachuca is the UUNET of the military domain system - where a lart can result in "real" disciplinary action. -JGardner
From sunny.netside.net!news-out.cwix.com!newsfeed.cwix.com!howland.erols.net!feed2.news.rcn.net!rcn!newsfeed.atl!newsfeed.mia!news.hcs.net!tlhdlp175.hcsys.com Sat Nov 18 12:44:25 2000 From: [email protected] (DulaDust1401) Newsgroups: news.admin.net-abuse.email Subject: Re: Army.mil open relay? Date: Sat, 18 Nov 2000 16:03:45 GMT Organization: very little. Reply-To: Duh? Duh sender. Message-ID: <[email protected]> References: <[email protected]> X-Newsreader: Forte Agent 1.5/32.451 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit NNTP-Posting-Host: tlhdlp175.hcsys.com X-Trace: 18 Nov 2000 11:13:42 -0500, tlhdlp175.hcsys.com Lines: 60 Path: sunny.netside.net!news-out.cwix.com!newsfeed.cwix.com!howland.erols.net!feed2.news.rcn.net!rcn!newsfeed.atl!newsfeed.mia!news.hcs.net!tlhdlp175.hcsys.com On Sat, 18 Nov 2000 08:33:57 -0500, "JGardner" wrote: > >"Joseph Joyce" wrote in message >news:[email protected]... >> Return-Path: >> Received: from army.mil ([140.153.43.98]) >> by runyon.mail.mindspring.net (Mindspring Mail Service) with ESMTP id >> t19ptu.gj.37kbi7f for ; Fri, 17 Nov 2000 >> 03:09:34 -0500 (EST) Received: by army.mil; id AAA24730; Fri, 17 Nov 2000 >> 00:56:41 -0700 (MST) Date: Fri, 17 Nov 2000 00:56:41 -0700 (MST) >> From: >> Message-Id: <[email protected]> >> To: [email protected] >> Reply-To: [email protected] >> Subject: Your Mortgage = A Vaction :) >> [hm2xg] >> >> Army.mil doesn't say where they recieved it from. Also, I tried a >> traceroute on 140.153.43.98, but it failed. So I did a IP Block, >> unfortunatly, they didn't turn up well either. It just turned up more >> army.mil stuff. Even Sam Spade has no idea where it might go to. My only >> guess is that it came directly from army.mil, but I doubt that. >> >> Can anyone help me with this? >> > >IP block lookup for 140.153.43.98 >whois -h whois.arin.net 140.153.43.98 > >Fulda CDOIM (NET-FULDA-GW1) > DIR USANETA > Ft Huachuca, AZ 85613-5000 > > Netname: FULDA-GW1 > Netnumber: 140.153.0.0 > > Coordinator: > Jones, Linda (LJ264-ARIN) DOMAIN-REQUEST [at] AIMS7.ARMY.MIL > (520) 538-1245 (FAX) (520) 538-6809 > >I'd go ahead and use the email address above; Ft Huachuca is the UUNET of >the military domain system - where a lart can result in "real" disciplinary >action. > >-JGardner Yes, indeed, as this is the place where the Army sends their MI types (Military Intelligence) to train. My wife took her Officer Basic there. She called it Spook School. Someone should go down HARD for this one! DD1401 -- Before spamming me visit and get a clue! Join the fight to help stop cost shifted advertising (spam),
From: [email protected] (Dolores Nichols) Subject: Response from Redstone Date: 1998/01/07 Message-ID: <[email protected]>#1/1 Content-Transfer-Encoding: 7bit Content-Type: text/plain;charset=US-ASCII Organization: D and D Data, Vienna VA Mime-Version: 1.0 Reply-To: [email protected] Newsgroups: news.admin.net-abuse.email This is an except from a response that I just received from redstone.army.mil concerning the recent relay thru their site. >The host that delivered the message to our host was >. >To prelude this from happening again, this host has been blocked from our >gateways. I guess this is better than nothing. However, closing ALL relays would have been better. Dolores -- Dolores Nichols | D&D Data | Voice (Eves): (703) 938-4564 Disclaimer: from here - None | Email: --- .sig? ----- .what? Who me?
___________________________________

STOP THE MAPS CONSPIRACY!

[ dotcomeon.com ]