wierd "spam"

[fref99]

Hi All,

Maybe someone can explain what's the point of the e-mail listed below. It's not coming from my router or my server, the IP address the emails are coming from are not even my ISP.

Code:

Received: from brnt ([83.76.143.246]:34455) 
 by planet-ian.com with [XMail 1.24 ESMTP Server] 
 id <S29F75> for <i.dobson@planet-ian.com> from <i.dobson@planet-ian.com>; 
 Fri, 23 Nov 2007 12:38:33 +0100 
From: <i.dobson@planet-ian.com> 
To: i.dobson@planet-ian.com 
Subject: Alert Message!!!  
 
Dear User 
Your router has detected and protected you against an attempt to gain access to your network.  This may have been an attempted hacker intrusion, or perhaps just your Internet Service Provider doing routine network maintenance. 
Most of these network probes are nothing to be worried about - these types of random probes should NOT be reported, but you may want to report repeated intrusions attempts.  Save this email for comparison with future alert messages. 
Your router Alert Information 
 
Time: 11/23/2007, 12:38:38 
Message: Smurf 
Source: 169.254.255.255 
Destination:169.254.53.156, Type:3, Code:3 (from PPPoE1 Outbound) 
  
 
Visit the UXN Combat Spam web site to get more detailed information about the intruder - http://combat.uxn.com/ 
1. Type the intruder's IP address into the IP WHOIS search engine 
2. Click the Query Button 
3. Detailed network and administration information will be displayed

For information planet-ian.com is my domain, xmail is the mail sever sw I'm running under linux. The server sits behind a NAT/Firewall router. Running spamassassin (spamd/c) on the server.

I've now had 3,000 of these emails in the last 24hours, no worries spamassassin blocks them. It's just a pain in the butt.

I'll bang off an email the the ISP for the IP range thats "bothering" me but I can't see the point of this and the other 2,999 emails.

Regards
FREF99

[Sprinker]

Looks very dodgy whatever it is. It's trying to entice you to go to a website as well, steer clear. Are all the messages coming from the same IP? If so, I know Postfix under Linux has a way of blacklisting IP's. but I don't know about your software. Blocking the IP might be the best solution because there seems to be no "fix" for stopping these emails from being sent from you. The email is BS, block the IP and care no more.

If you want you can drop an email to your ISP explaining the "spam", but I don't know how much they will do about it.

[andrewbt]

you didnt own a bit of SMC kit and then sold it/gave it to someone? :P

[mpot]

Quote:

Originally Posted by fref99

Source: 169.254.255.255
Destination:169.254.53.156, Type:3, Code:3 (from PPPoE1 Outbound)

All IPs in the 169.254.0.0/16 subnet are not valid internet IPs - that's a subnet used by Microsoft for NICs that fail to get an IP via DHCP (as per RFC 3330).

Cheers,
Martin.

[fref99]

Hi andrewbt when I'm finished with a router no one will want it (mod it until it breaks).

All the emails are comming from a ADSL user so the IP address changes every so often, but it's always from the same system.

I've already sent a mail off to the ISP and blocked the subnet range that this system lives in.

Regards
FREF99

[fref99]

Hi All,

The "attacks" have stopped now. Almost 5,000 emails (or attempts) within 1 1/2 days.

After I blocked the IP range from this idiot it started to attempt to connect every 10 seconds, but at the mail server was blocking the emails at source rather than sending them to spamassassin it cut down the CPU load ito almost 0, which was OK for me.

Regards
FREF99

ps.I would still love to know what the fuck is this.