Link to home
Start Free TrialLog in
Avatar of wunderlich
wunderlichFlag for United States of America

asked on

Possible public IP label spoof

I think that one of my external IPs is being spoofed to a fake domain name. "gateway.wunderlichsecurities.com" I never set this up through the ISP. I have sent a ticket into the ISP to do some verification done. Does anyone have anything that I can do to narrow the the spectrum on this problem?
ASKER CERTIFIED SOLUTION
Avatar of Galtar99
Galtar99
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of wunderlich

ASKER

This what i am getting from SpamCop for the reason my IPis being blacklisted:

66.194.155.242 listed in bl.spamcop.net (127.0.0.2)


If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 23 hours.

Causes of listing
System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)
Additional potential problems
(these factors do not directly result in spamcop listing)

DNS error: 66.194.155.242 is gateway.wunderlichsecurities.com but gateway.wunderlichsecurities.com has no DNS information
Because of the above problems, express-delisting is not available

Listing History
In the past 6.2 days, it has been listed 3 times for a total of 3.0 days
I don't have an internal entry for that in DNS.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Wunderlich Securities is my company and that ios my IP range. I am not seeing "gateway" noted anywhere in my firewall. Hades is the name of the server. Last week the ISP made some changes to their dns records which messed up redirection to my website and others. it was for the .243 and .247 addresses. Is it possible that this is another one they need to add back. I just took over the companies IT dept and am not totally familiar with the way they were setup before. I wonder if i nned to have them add a PRT record for the .242 address to.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
i am waiting for them to call me back. I just called my rep to get this thing escalated.
I found the problem with the help of Microsoft  and got it fixed. I have a secondary fail-over internet connection which is load balanced with my main pipe. There was never an MX record established with the other Internet connection. When my SMTP server would send out e-mail it was going through the OPT WAN connection and the server on the other side couldn't come back for acknowledgement because the MX record wasn't there. Because of this my OPT WAN IP got blacklisted along with my external public IP. I switched it to a known good Exchange Server with an MX record, and BAM!!! Back in business. Now I just have to get the blacklists to take off the other IP and everything will be peachy. Thanks for everyones help.