As others have pointed out in the past, it is extremely hard to spoof the IP address.
John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:IMail_Forum- > [EMAIL PROTECTED] On Behalf Of Allen > Sent: Thursday, August 21, 2003 12:35 PM > To: [EMAIL PROTECTED] > Subject: RE: [IMail Forum] WAY OT--Tracking Sobig > > Ok let me get this one straight! > The IP address that shows up in the remote IP address block is a legit > way to track these? So in the returned mail below the guilt party would > be: > 65.218.223.194 or ns1.nnmt.net. (an authoritative nameserver for > 223.218.65.in-addr.arpa., which is in charge of the reverse DNS for > 65.218.223.194) > says that there are no PTR records for 65.218.223.194. > > Is it possible that the virus is spoofing these messages ip? > > > postmaster message with headers below!!!! > > Declude Virus v1.61 caught the W32/[EMAIL PROTECTED] virus in > document_9446.pif from [EMAIL PROTECTED] to: [EMAIL PROTECTED] > > Date: 08/21/2003 10:51:18 > Subject: Re: Approved > Spool File: Dea6f01da019671d5.SMD > Remote IP: 65.218.223.194 > > Headers: > Received: from SUPERINTENDENT [65.218.223.194] by > XXXX.XXXXXXXXXX.com > with ESMTP(SMTPD32-7.13) id AA6F1DA0196; Thu, 21 Aug 2003 10:51:11 -0500 > From: <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: Re: Approved > Date: Thu, 21 Aug 2003 9:32:44 --0600 > X-MailScanner: Found to be clean > Importance: Normal > X-Mailer: Microsoft Outlook Express 6.00.2600.0000 > X-MSMail-Priority: Normal > X-Priority: 3 (Normal) > MIME-Version: 1.0 > Content-Type: multipart/mixed; > boundary="_NextPart_000_007425F7" > Message-Id: <[EMAIL PROTECTED]> > > --- > [This email has been prescanned for viruses by Declude and F-Prot] > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
