19-06-07

Major mailservers from Belgian major ISP's used for spam

1. Proximus server - honeypot info

IP Information for 81.169.105.17

Location: Belgium Belgium Proximus-mi
Host: 17.105.169.81.in-addr.arpa. 3600 IN PTR 17-105-169-81.mobileinternet.proximus.be.
IP 81.169.105.17
Blacklist Clear  (for now)
inetnum:   81.169.96.0 - 81.169.111.255
netname:   BE-PROXIMUS-MI3

2. TVD Brussels ISP  honeypot info

 

IP Information for 213.132.131.104

IP Location: Belgium Belgium Brussels Tvd Internet - Upc Belgium - Chello
Revolve Host: 104.131.132.213.in-addr.arpa. 10800 IN PTR cable-213-132-131-104.upc.chello.be.
IP Address: 213.132.131.104
Blacklist Currently Listed (history)
inetnum:   213.132.128.0 - 213.132.143.255
netname:   TVD-INTERNET
descr:    TVD Internet - UPC Belgium - Chello
descr:    ISP - CATV operator Brussels/Leuven

3. UPC - TVD Brussels

 

87.244.155.113   Honeypot info

inetnum:    87.244.128.0 - 87.244.191.255
org:      ORG-TIUB1-RIPE
netname:    BE-TVD-20050805
descr:     UPC Belgium

4. Skynet.be  Honeypot information

IP Information for 195.238.4.116

 Location: Belgium Belgium Liege Belgacom Sa/nv
Host: 116.4.238.195.in-addr.arpa.3600INPTRoutmx017.isp.belgacom.be.
IP 195.238.4.116
Blacklist Clear

inetnum:    195.238.0.0 - 195.238.31.255
netname:    SKYNET-B
descr:     Belgacom SA/NV
descr:     Internet access provider

5. Tele2  Honeypot information

IP Information for 83.182.176.169

IP Location: Belgium Belgium Brussels Tele2 Belgium
Revolve Host: 169.176.182.83.in-addr.arpa.4969INPTRd83-182-176-169.cust.tele2.be.
IP Address: 83.182.176.169
Blacklist : Clear
inetnum:    83.182.128.0 - 83.182.255.255
netname:    BE-TELE2
descr:     TELE2 Belgium
descr:     Adsl
descr:     TELE2 / SWIPNET

En dit geldt ook voor

 

212.68.218.201    Brutele   Honeypot info   Blacklisted

 

You can find more on http://www.projecthoneypot.org and you can participate by placing some code on your websites.

 

But what does the above mean

It can mean that

*  They do no spamfiltering from their users to users outside their network

*   Their mailservers IP addresses are used by others because they use no keys or identification mechanism

*  Their mailservers are being used by others  (maybe the same trick as was used against the mailservers from Vlaanderen.be)

 

Who knows ? The administrators can and they should start to pay attention because already two servers are in an automated blacklist. This can mean that certain mails from their users won't be accepted without explanation by some mailservers that use these blacklists as such. These mailservers are used by thosuands of businesses and people. Who often don't have a clue.

16:49 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

De commentaren zijn gesloten.