Archives of this list are public at https://www.ripe.net/ripe/mail/archives/members-discuss/. Not everyone reading these messages will be an LIR.

On Wed, Mar 30, 2022 at 5:57 PM Andrzej Ława <andrzej.lawa@dawis-it.pl> wrote:
As I was afraid Russian agents are trying to distribute malware using
data from this mailing list (links to onedrive.com to download something).

In last days I've received at least two spoofed e-mail pretending to be
from this mailing list quoting my older posts in this mailing list -
thus it has to be an attempt from someone who has access to this mailing
list.

The offending IPs are:

62.3.58.13

and

193.233.207.195

(originating mail IPs, both geolocated in Russian Federation)

I say again: both spoofed e-mail were quoting my older mails on this
mailing list and attempting to pretend to be responses to my inquiries
(one "personal information" and one "you can pay here for your LIR
membership"). Thus the perpetrator has to be a LIR, not just a user of
those operators.

What are the RIPE rules regarding LIRs trying to send other LIRs malware?

--
Regards
Andrzej Ława
tel. 500 206 268
DAWIS IT Sp. z o.o., 05-800 Pruszków, ul. Staszica 1
NIP 5342409456 /  REGON 141663620/ KRS 0000319237

_______________________________________________
members-discuss mailing list
members-discuss@ripe.net
https://lists.ripe.net/mailman/listinfo/members-discuss
Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/matthias%40matthias.zone