OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Ryan Yagatich (ryagatichCSN1.COM)
Date: Fri Jan 12 2001 - 15:45:32 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    looks like a machine with a mailserver behind a lan.

    the message started at some user with the mailserver of 10.209.20.32
    (internal address)
    their outside line is 208.235.39.108 (moperr01-98.midwest.net)
    which told it to goto the home network's mx server of 24.0.95.73
    (mx8-w.mail.home.com)
    where it was sent to you.

    the name of the isp is midwest.com, which was bought out by earthlink. as
    you see in the headers, their mailhost is smtp02.mail.onemain.com (part of
    earthlink)
    after sending a scan and some other things, the machine looks like a windows
    box (maybe 9x). the sender's mail server is running qmail-ldap, which looks
    like it's running off of a linux machine.
    now the real question is: how many people do you know that run windows and
    linux on the same network that have earthlink (or oneMain) as their ISP

    ryan

    -----Original Message-----
    From: Incidents Mailing List [mailto:INCIDENTSSECURITYFOCUS.COM]On
    Behalf Of Kelly Reid
    Sent: Friday, January 12, 2001 5:17 AM
    To: INCIDENTSSECURITYFOCUS.COM
    Subject: properties in e-mail from sexyfun

    Following is the properties from the email from sexyfun. I'm interested in
    knowing who this came from so that they can get their machine scanned.

    Any help would be appreciated

              Thu, 11 Jan 2001 21:43:57 -0800
    Received: from mx8-w.mail.home.com (mx8-w.mail.home.com [24.0.95.73])
     by h14.mail.home.com (8.9.3/8.9.0) with ESMTP id VAA09676
     for <Kelly-Reidhome.com>; Thu, 11 Jan 2001 21:43:57 -0800 (PST)
    Received: from smtp02.mail.onemain.com (SMTP-OUT003.ONEMAIN.COM
    [63.208.208.73])
     by mx8-w.mail.home.com (8.11.1/8.11.1) with SMTP id f0C5huk01495
     for <Kelly-Reidhome.com>; Thu, 11 Jan 2001 21:43:56 -0800 (PST)
    Date: Thu, 11 Jan 2001 21:43:56 -0800 (PST)
    Message-Id: <200101120543.f0C5huk01495mx8-w.mail.home.com>
    Received: (qmail 4354 invoked from network); 12 Jan 2001 04:25:11 -0000
    Received: from moperr01-98.midwest.net (HELO computer) ([208.235.39.108])
    (envelope-sender <>)
              by 10.209.20.32 (qmail-ldap-1.03) with SMTP
              for <Kelly-Reidhome.com>; 12 Jan 2001 04:25:11 -0000
    From: Hahaha <hahahasexyfun.net>
    Subject: Snowhite and the Seven Dwarfs - The REAL story!
    MIME-Version: 1.0
    Content-Type: multipart/mixed; boundary="--VEJOXIFS9IZC1IZ4DAR0DIVOTAJ05AJ"
    Apparently-To: <Kelly-Reidhome.com>