共计 1517 个字符,预计需要花费 4 分钟才能阅读完成。
最近发现攻击者 IP 180.103.12.117 通过 SMTP 端口向同事发送钓鱼邮件成功,没有经过任何认证,且发件 IP 不在 cpibj.com.cn 的 SPF 允许范围内。
C:>nslookup
默认服务器: public1.114dns.com
Address: 114.114.114.114
> set qt=txt
> cpibj.com.cn
服务器: public1.114dns.com
Address: 114.114.114.114
非权威应答:
cpibj.com.cn text =
"qqmail-site-verification=b72f361daa3048ca5b64be6b1670252f65ced90d851"
cpibj.com.cn text =
"MS=D2EBDFFED7F601051E24E409E3F0F36697658F03"
cpibj.com.cn text =
"v=spf1 ip4:123.117.136.189 ip4:114.255.252.30 ip4:114.255.252.17 -all"
发送的钓鱼邮件如下:
相关邮件源码如下:
感觉碰到玄学了,攻击者能直接利用,我却复现不了。。。提示没通过 SPF 校验。。。
黑产是怎么实现这种方式的批量钓鱼邮件投递啊。。。求大佬解惑
=====================
更新
下面是捕获到的伪造的发件人清单:
MAIL FROM:<[email protected]>
MAIL FROM:<[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM:<[email protected]>
MAIL FROM:<[email protected]>
MAIL FROM:<[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM:<[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM:<[email protected]>
MAIL FROM:<[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM:<[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM:<[email protected]>
MAIL FROM:<[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM:<[email protected]>
MAIL FROM:<[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM:<[email protected]>
MAIL FROM:<[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM:<[email protected]>
MAIL FROM:<[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM:<[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM:<[email protected]>
MAIL FROM:<[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM:<[email protected]>
MAIL FROM:<[email protected]>
MAIL FROM:<[email protected]>
MAIL FROM:<[email protected]>
MAIL FROM:<[email protected]>
MAIL FROM:<[email protected]>
MAIL FROM:<[email protected]>
MAIL FROM:<[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM:<[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM:<[email protected]>
MAIL FROM:<[email protected]>
MAIL FROM:<[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM:<[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM:<[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM:<[email protected]>
MAIL FROM:<[email protected]>
MAIL FROM:<[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM:<[email protected]>
MAIL FROM: <[email protected]>
MAIL FROM:<[email protected]>
MAIL FROM:<[email protected]>
MAIL FROM:<[email protected]>
MAIL FROM:<[email protected]>
MAIL FROM:<[email protected]>
MAIL FROM: <[email protected]>
正文完