Have you examined the attachment type? It would be easy enough to deliver
the message
w/attachment directly to your MTA while entering invalid headers. Might
make for a decent worm.

Your headers should still show the source host as this is not generally an
option specified by the client.

Take a look at your attachment, lets see if it contains a trojan/backdoor
app.

-Grant

-----Original Message-----
From: Koaps
To: INCIDENTSSECURITYFOCUS.COM
Sent: 1/11/2001 2:29 PM
Subject: Re: Finding out who owns particular IP addresses

I think all Emails have headers to some point

Are you using Outlook or something?

it might hide some header info

if u are in outlook express you can right click on a email and go to
properties
there is a details tab that should show you what server sent you the
email

if u are in outlook

open a email then go to view options
in the main window you should see the header and the server it came from

Even if you change a email to a fake from address
it should still show you what server delievered the email

sendmail will probably have a log of what server connected to it
But I'm still learning the joys of send mail

=)

L8rZ
        \!/
       ( )
----oOO-(_)-OOo--------
KoAps

----- Original Message -----
From: "Smith, Lonnie" <lonnie.smithVICORP.COM>
To: <INCIDENTSSECURITYFOCUS.COM>
Sent: Thursday, January 11, 2001 2:03 PM
Subject: Re: Finding out who owns particular IP addresses

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Is anyone aware of an email with absolutely no header? I received a
> email with an exe. attachment with no header at all. Wouldn't even
> show me the mail exchangers it went thru?
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
>
> iQA/AwUBOl4tyB3TooPmG5KtEQJjEgCgysb6lZABduu7hUxdQ7HJPsw95EsAoPL/
> PIdLqOqqxRGmwXf1LKBtTf07
> =w5HJ
> -----END PGP SIGNATURE-----
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]