Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

eircom ringing business

  • 14-09-2006 2:37pm
    #1
    Closed Accounts Posts: 578 ✭✭✭


    eircom just rang my business to inform us that they ahve traced back our number for sending viruses. he told us to get a virus scanner or else they will cut our broadband line off.

    he says people have been getting emails and when eircom traced it back it was coming from our number. they said tey recieved lots of complaints. :rolleyes:

    anyone else ever have this happen to them?


Comments

  • Closed Accounts Posts: 4,858 ✭✭✭paulm17781


    inode wrote:
    anyone else ever have this happen to them?

    Never happened to me but I have heard of it happening to people I know.


  • Registered Users, Registered Users 2 Posts: 18,984 ✭✭✭✭kippy


    Yeah, It happens.
    They have obviously received a complaint from another company/ISP that vuruses are coming from your companies IP address, which they are ultimately responsible for.
    Is you company big, do they have an IT department?


  • Registered Users, Registered Users 2 Posts: 2,013 ✭✭✭lynchie


    You based in Galway by any chance? We have been receiving loads of emails with virii in them. I have traced the headers to 2 computers in Galway. Both IP addresses have their netopia modem accessible from the internet, so I assume they have been hijaked and are running spam bots. I've informed Eircom who informed me they have contacted the respective owners..


  • Closed Accounts Posts: 1,491 ✭✭✭Foxwood


    I hope you're not complaining about eircom in this case?

    If it was me, I woud have cut you off first, and then let you know that you would stay disconnected until you had disinfected the machines that are spam zombies.


  • Banned (with Prison Access) Posts: 25,234 ✭✭✭✭Sponge Bob


    Do as eircom say, you are a public nuisance if you have picked up spam zombie software thanks to having no proper anti virus and no firewall in place

    I have a can of petrol in mycar and if you want me to do the honours on the hard drive in Galway, this afternoon,simply PM me please.


  • Advertisement
  • Moderators, Technology & Internet Moderators Posts: 12,450 Mod ✭✭✭✭dub45


    Surely a more appropriate title for this thread would be something along the lines of 'Eircom request irresponsible business to stop facilitating the spread of viruses?'


  • Registered Users, Registered Users 2 Posts: 666 ✭✭✭Prisoner6409


    inode wrote:
    eircom just rang my business to inform us that they ahve traced back our number for sending viruses. he told us to get a virus scanner or else they will cut our broadband line off.

    he says people have been getting emails and when eircom traced it back it was coming from our number. they said tey recieved lots of complaints. :rolleyes:

    anyone else ever have this happen to them?

    While I would have some sympathy for your position(after all it is the ppl who are sending the spam bots via your server that are the real culprits) maybe it's time you considered employing an IT person or company or training an existing employee to look after your system.


  • Registered Users, Registered Users 2 Posts: 9,560 ✭✭✭DublinWriter


    dub45 wrote:
    Surely a more appropriate title for this thread would be something along the lines of 'Eircom request irresponsible business to stop facilitating the spread of viruses?'
    You've never heard of IP spoofing then?

    I could also send someone an email with the return address of dub45.com, gov.ie, pentagon.com, but doesn't mean the email originated from where it claims to originate from.

    Don't be so quick to chuck stones, dub45.


  • Moderators, Technology & Internet Moderators Posts: 12,450 Mod ✭✭✭✭dub45


    You've never heard of IP spoofing then?

    I could also send someone an email with the return address of dub45.com, gov.ie, pentagon.com, but doesn't mean the email originated from where it claims to originate from.

    Don't be so quick to chuck stones, dub45.

    Where exactly is the chucking stones? Is there any sign of responsibility in the original post apart from an implication that Eircom are somehow in the wrong here? I can see no sign of concern whatsoever - as in how might we solve this etc etc?


  • Closed Accounts Posts: 1,491 ✭✭✭Foxwood


    You've never heard of IP spoofing then?

    I could also send someone an email with the return address of dub45.com, gov.ie, pentagon.com, but doesn't mean the email originated from where it claims to originate from.

    Don't be so quick to chuck stones, dub45.
    Well, if the guys at eircom were only as smart as you, then they probably fell for that trick.

    But I'm pretty sure they're more than capable of a) checking the SMTP headers, b) verifying that the traffic in question is actually originating from the IP address.

    (I'm assuming that someone mentions "IP Spoofing" and setting a false "From:" field in an e-mail is talking through his arse. Feel free to prove me wrong).


  • Advertisement
  • Closed Accounts Posts: 140 ✭✭dathiultaigh


    If you are using Eircom's SMTP server for your mail and you are spamming then you will affect everyone else's mail service also. Eircom are probably seeing a massive spike in email being sent out from your self. You could infect the eircom network or other customers and your IP may be blacklisted by third party companies.

    Cutting off your service is a bit bloody harsh though. Just get it sorted as soon as you can then call Eircom tech support and ask them to monitor your SMTP service to see if there's still lots of traffic.

    If you are lucky the tech support agent will help you out and happy days


  • Closed Accounts Posts: 578 ✭✭✭inode


    i have done a virus scan and spyware scan on each computer in the office. also putting up a firewall tomorrow. if this doesnt work eircom can suck my left one lol


  • Moderators, Technology & Internet Moderators, Regional South East Moderators Posts: 28,536 Mod ✭✭✭✭Cabaal


    inode wrote:
    i have done a virus scan and spyware scan on each computer in the office. also putting up a firewall tomorrow. if this doesnt work eircom can suck my left one lol

    ...I'm sure by that you mean they can go ahead and disconnect your DSL


  • Closed Accounts Posts: 1,491 ✭✭✭Foxwood


    If you are using Eircom's SMTP server
    Spambots don't usually use the ISPs SMTP service - they make a direct SMTP connection to whatever server the mail is addressed to.

    While the 2% of the population who want to run their own mail servers kick up an almighty fuss whenever this is suggested, there's a lot to be said for outbound SMTP traffic being blocked on "retail" broadband services.


  • Moderators, Technology & Internet Moderators Posts: 12,450 Mod ✭✭✭✭dub45


    inode wrote:
    i have done a virus scan and spyware scan on each computer in the office. also putting up a firewall tomorrow. if this doesnt work eircom can suck my left one lol

    I notice you are not saying what the results were? Have you run any spyware detectors also?


  • Banned (with Prison Access) Posts: 25,234 ✭✭✭✭Sponge Bob


    run a root kit detector as well as a spyware detector

    http://www.sysinternals.com/Utilities/RootkitRevealer.html


  • Registered Users, Registered Users 2 Posts: 2,013 ✭✭✭lynchie


    Are you based in Galway inode? Have you got the management interface of your dsl router enabled on the WAN interface?

    I agree with Foxwood.. Its easy to spoof the return addresses and sender address on the email, but I've gone through the email headers on the 3 different emails i've gotten and they are all originating from eircom dsl addresses


    Return-Path: <tech@xxx.com>
    Received: (qmail 41856 messnum 7061274 invoked from network[86.42.9.xxx/unknown]); 13 Sep 2006 16:51:20 -0000
    Received: from unknown (HELO xxx.com) (86.42.9.xxx)
    by mail01.svc.cra.dublin.eircom.net (qp 41856) with SMTP; 13 Sep 2006 16:51:20 -0000

    Return-Path: <tech@xxx.com> Received: (qmail 64931 messnum 5075671
    invoked from
    network[159.134.108.xxx/159-134-108-xxx.b-ras1.mvw.galway.eircom.net]);
    7 Sep 2006 13:59:37 -0000 Received: from
    159-134-108-xxx.b-ras1.mvw.galway.eircom.net (HELO xxx.com)
    (159.134.108.xxx) by mail17.svc.cra.dublin.eircom.net (qp 64931) with
    SMTP;


  • Banned (with Prison Access) Posts: 25,234 ✭✭✭✭Sponge Bob


    He is in Mervue is he ????

    My can of petrol is still in the car, I'll flush them varmints out for ya inode

    http://www.senderbase.org/search?searchString=159.134.108.0

    shows that one particular Galway address has been at it since May !

    Sorbs says that the same IP address has been at it since February and that the Korgo Trojan is in there _somewher_
    Address and Port: 159.134.108.173
    Record Created: Mon Feb 13 13:04:29 2006 GMT
    Record Updated: Mon Feb 13 15:33:48 2006 GMT
    Additional Information: Likely Trojaned Machine, host running Korgo trojan
    Currently active and flagged to be published in DNS

    Not saying thats you of course inode but the information is out there....beside the petrol can.


  • Registered Users, Registered Users 2 Posts: 2,013 ✭✭✭lynchie


    Never saw that site before Spongebob. Suprised Eircom dont monitor it to check for ips that have a massive increase in mail usage. This one looks as if has had a 7000% increase in email sent in the last day!! :mad:


  • Banned (with Prison Access) Posts: 25,234 ✭✭✭✭Sponge Bob


    You would crash your mail server if you tried to keep up with them and keep them up to date lynchie . The top 200 account for such an amount of spam at any given time that you need only check that and blacklist them to make things more manageable.

    However that particular IP of eircoms has no reverse dns entry which makes it spoofable to a degree. Its probably a core network element not an end user IP address at all , see here for further info if you wanna help :p


  • Advertisement
Advertisement