>From [EMAIL PROTECTED] Sun Nov 16 15:36:43 1997
>Received: (qmail 23401 invoked by uid 38); 16 Nov 1997 23:32:27 -
>Resent-Date: 16 Nov 1997 23:32:27 -
>Resent-Cc: recipient list not shown: ;
>X-Envelope-Sender: [EMAIL PROTECTED]
>Received: (qmail 23323 invoked from network); 16 Nov 1997 23:32:24
-
>Received: from uhura.cc.rochester.edu
([EMAIL PROTECTED]@128.151.224.17)
> by 205.229.104.5 with SMTP; 16 Nov 1997 23:32:24 -
>Received: from gatekeeper ([EMAIL PROTECTED]
[128.151.220.153])
> by uhura.cc.rochester.edu (8.8.5/8.8.5) with SMTP id SAA19870
> for ; Sun, 16 Nov 1997 18:36:01 -0500
(EST)
>Message-Id: <[EMAIL PROTECTED]>
>X-Sender: [EMAIL PROTECTED]
>X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32)
>Date: Sun, 16 Nov 1997 18:36:15 -0500
>To: debian-user@lists.debian.org
>From: Chi Wong <[EMAIL PROTECTED]>
>Subject: Tracing Spoof IP's
>Mime-Version: 1.0
>Content-Type: text/plain; charset="us-ascii"
>Resent-Message-ID: <"xKMkwC.A.usF.LK4b0"@debian>
>Resent-From: debian-user@lists.debian.org
>X-Mailing-List: archive/latest/18536
>X-Loop: debian-user@lists.debian.org
>Precedence: list
>Resent-Sender: [EMAIL PROTECTED]
>
>Is there a way to detect / trace where the spoof ip addresses are
coming
>from? Or is it an impoosible task?
Best way I have found, is to use tcpdump, install, then cd /usr/sbin
and ./tcpdump. Not full-proof, But I can get the real addy of a
Spoofed hit, 90% of the timeRegards...Rik...aka..Debian1
>TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
>[EMAIL PROTECTED] .
>Trouble? e-mail to [EMAIL PROTECTED] .
>
>
__
Get Your Private, Free Email at http://www.hotmail.com
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] .
Trouble? e-mail to [EMAIL PROTECTED] .