Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NFR Wizards> 1997

NFR Wizards Archive: Spoofed Email

Spoofed Email

Donald R. Martin (greyhighway1.com)
Fri, 19 Sep 1997 13:28:25 -0400

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Kevin Tyrrell: "Re: Changing Firewall-Wizards to a Daily Digest Format"
Previous message: Erik Van Riper: "Re: How do you fight an attack in progress?"

I really hate to get started on the wrong foot with the new list, but
somebody spoofed my email account yesterday and I'm being flooded with
hundreds of non-deliverable messages, spam messages, threat notes, and
propositions... of which I can't speak.

You, being firewall wizards, must know something about mail headers. If
this in inaproppriate, please forgive me. I'm not able to follow the new
list, as I'm buried with messages regarding un-godly sexuality and such.
Being thankful to get away from the spam on the old firewalls list, I now
find myself in a very peculiar postion here. Have a heart eh?

I sent a note to one of the aggravated receivers of the spoofed message, who
in turn sent me this portion of the header of the original message:

Received: from 204.201.132.101 (172-129-229.ipt.aol.com
[152.172.129.229])
by cyan.alamak.net (8.8.5/8.8.5) with SMTP id FAA05708;
Thu, 18 Sep 1997 05:00:52 -0700 (PDT)

>From the un-deliverable notices I'm getting, I can extrapolate this:

----- Original message follows -----
Return-Path: <Greyusa.net>
Received: from cyan.alamak.net ([204.201.132.101]) by ixmail7.ix.netcom.com
(8.7.5/SMI-4.1/Netcom)
id FAA24211; Thu, 18 Sep 1997 05:23:51 -0700 (PDT)
>From: Greyusa.net
Received: from 204.201.132.101 (172-129-229.ipt.aol.com [152.172.129.229])
by cyan.alamak.net (8.8.5/8.8.5) with SMTP id FAA07228;
Thu, 18 Sep 1997 05:06:29 -0700 (PDT)
Received: from PostMaster <postmasterhere.com> by Here.com (8.8.5/8.6.5)
with SMTP id GAA09426 for <erasedjuno.com>; Thu, 18 Sep 1997 07:56:54 -0600
(EST)
Date: Thu, 18 Sep 97 07:56:54 EST
To: erasedjuno.com
Subject: Hello
Message-ID: <199709150223.WAA28568hero.com>
Reply-To: erasedjuno.com
X-UIDL: 00192883774665372615222884674775
Comments: Authenticated sender is <greyusa.net>

The user id 'erased' was removed to protect the innocent. I know it was
un-deliverable.

I can't send the original message itself, for fear of even more
propositions, not that any of you would participate in such activities. It
looks like somebody may have hacked my original shell account at usa.net,
but I no longer have the password for that account, and the email from
usa..net has been forwarded to another account.

Next message: Kevin Tyrrell: "Re: Changing Firewall-Wizards to a Daily Digest Format"
Previous message: Erik Van Riper: "Re: How do you fight an attack in progress?"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:08:58 CDT