This is an interesting thread that can be educational for anyone that wishes to follow... it is a bit off-topic and we can take it offline if it bothers anyone...
Jason & DrJ, Can you guys send me, privately, the headers of these messages...? I'm a bit of a sleuth and am curious about this one... Sidebar: a while back, I started seeing a hacker using my web site to hide his/her activities. Today, the packets continue (even if unproductive due to my HoneyPort); but the emerging pattern is that someone may be trying to boost "click-through" counts to affect advertising charges... If anyone is seeing packets from 211.154.65.144, I'd be interested in getting some info from you... Pierre On 21 Apr 2002 20:22:24 -0500 "J. Craig Woods" <[EMAIL PROTECTED]> wrote: > On Sun, 2002-04-21 at 17:49, Jason Guidry wrote: > > > > do the headers of the mail you are getting match any of the mail you > > are getting? I'm suspicious of a BBS i posted to about sheetmusic > > available > > on my website. I think I'm gonna contact the guy in charge and > > compare IPs. I realise that the person sending the email may not be > > aware, but I don't know who would have my address from Syracuse. > > > > Not sure about the BBS being the source of your problems, Jason, but I > kinda doubt it. The headers on the infected mail I received didn't match > anything else I might be receiving at the time of delivery. After > looking at a few of these infected emails, about the only consistency I > could find was that the origin was the same ip address, each time with a > different name, such as "[EMAIL PROTECTED]" or > "[EMAIL PROTECTED]". The other constant was that the address it was > sending to (destination address) was usually a bogus address, sometime > not even the domain name was real. > > The bottom line is, I think this is what Pierre is saying. you can > identify the originating ip address in the email headers but, in the > final analysis, this ip address may be spoofed, meaning that the ip > address may or may not be the offending machine. > > Nope, you do not have to worry: this mail is not being sent by your > machine unless you might be using windoze with some version of MS > outlook.. > > As a matter of fact, I have never heard of or seen a email type virus, > such as W32/Klez.e@MM, on linux. Another reason to bring the uninitiated > into the fold, right LX? > > Dr John > -- > J. Craig Woods > UNIX/NT Network/System Administration > > -Art is the illusion of spontaneity- > > >
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
