Support Intelligence
ServicesTechnologyBlogAbout usSign Up

Tuesday, April 17, 2007

Company Profile: Toshiba America Business Solutions

We started watching Toshiba's network on Feb 23 2007. Since that very day one host has shone above the others, spewing every variety of spam. The host [] has activity sent spam dating back as far as July 17th 2006. It has been listed on CBL, SpamHaus, TQMcube, UCEProtect, and WPBL. All in all it was listed some 105 times for sending SPAM/UCE in the last 9 months.

Every spam we captured from the host used a different HELO in the SMTP transaction to deliver mail to our traps. There were no Received headers Of the 716 spam we have received from this one host, we collected stock touts for WSDC.PK (up big!) and CDYV.PK up a hefty 25% today, CCTI.PK (ouch, down almost 100% from its high) and SPSY.PK. There were also Rolex Watch and other Trademark/Brand SPAM.

I don't buy the nmap analysis below but I thought it interesting enough to include. This device is determined by nmap to be a Cisco load balancer. We are constantly surprised.

Starting Nmap 4.20 ( ) at 2007-04-17 20:51 PDT
Interesting ports on
Not shown: 1681 closed ports
178/tcp filtered nextstep
605/tcp filtered unknown
654/tcp filtered unknown
1076/tcp filtered sns_credit
5050/tcp filtered mmcc
5101/tcp filtered admdog
5190/tcp filtered aol
5192/tcp filtered aol-2
5193/tcp filtered aol-3
5510/tcp filtered secureidprop
5520/tcp filtered sdlog
5530/tcp filtered sdserv
5540/tcp filtered sdreport
5550/tcp filtered sdadmind
5555/tcp filtered freeciv
5560/tcp filtered isqlplus
Device type: load balancer
Running: Cisco embedded
OS details: Cisco CSS 11501 Content Services Switch

Spread the word: Bookmark it!    submit If You Can't Measure It, You Can't Manage It to Digg it!    Technorati Related



Sign Up  |   About Us   |   Terms of Use  |   Privacy  |   Contact

© Copyright 2006 Support Intelligence, LLC • All rights reserved