Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Spoofed Email

From: "Donald R. Martin" <grey () highway1 com>
Date: Fri, 19 Sep 1997 13:28:25 -0400
 I really hate to get started on the wrong foot with the new list, but
somebody spoofed my email account yesterday and I'm being flooded with
hundreds of non-deliverable messages, spam messages, threat notes, and
propositions... of which I can't speak.

You, being firewall wizards, must know something about mail headers.  If
this in inaproppriate, please forgive me.  I'm not able to follow the new
list, as I'm buried with messages regarding un-godly sexuality and such.
Being thankful to get away from the spam on the old firewalls list, I now
find myself in a very peculiar postion here.  Have a heart eh?

I sent a note to one of the aggravated receivers of the spoofed message, who
in turn sent me this portion of the header of the original message:

Received: from 204.201.132.101 (172-129-229.ipt.aol.com
[152.172.129.229])
    by cyan.alamak.net (8.8.5/8.8.5) with SMTP id FAA05708;
    Thu, 18 Sep 1997 05:00:52 -0700 (PDT)



From the un-deliverable notices I'm getting, I can extrapolate this:


----- Original message follows -----
Return-Path: <Grey () usa net>
Received: from cyan.alamak.net ([204.201.132.101]) by ixmail7.ix.netcom.com
(8.7.5/SMI-4.1/Netcom)
id FAA24211; Thu, 18 Sep 1997 05:23:51 -0700 (PDT)

From: Grey () usa net

Received: from 204.201.132.101 (172-129-229.ipt.aol.com [152.172.129.229])
by cyan.alamak.net (8.8.5/8.8.5) with SMTP id FAA07228;
Thu, 18 Sep 1997 05:06:29 -0700 (PDT)
Received: from PostMaster <postmaster () here com> by Here.com (8.8.5/8.6.5)
with SMTP id GAA09426 for <erased () juno com>; Thu, 18 Sep 1997 07:56:54 -0600
(EST)
Date: Thu, 18 Sep 97 07:56:54 EST
To: erased () juno com
Subject: Hello
Message-ID: <199709150223.WAA28568 () hero com>
Reply-To: erased () juno com
X-UIDL: 00192883774665372615222884674775
Comments: Authenticated sender is <grey () usa net>

The user id 'erased' was removed to protect the innocent.  I know it was
un-deliverable.

I can't send the original message itself, for fear of even more
propositions, not that any of you would participate in such activities.  It
looks like somebody may have hacked my original shell account at usa.net,
but I no longer have the password for that account, and the email from
usa..net has been forwarded to another account.
Previous By Date Next
Previous By Thread Next

Current thread: