Security Incidents mailing list archives
Re: Strange email
From: Greg Broiles <gbroiles () netbox com>
Date: Wed, 16 May 2001 16:07:41 -0700
I got it too, also noticed that the headers were suspicious - couldn't find any record of a Sarah Pricer at UCB via their directory. The email I received didn't include a GIF.
These are the headers I got - Received: from home.netbox.com ([64.124.87.11] verified) by mailsys01.intnet.net (CommuniGate Pro SMTP 3.3.2) with ESMTP id 8222789 for gbroiles () wwc com; Wed, 16 May 2001 02:01:44 -0400 Received: (from gbroiles@localhost) by home.netbox.com (8.8.8/8.8.7) id XAA44683 for gbroiles () wwc com; Tue, 15 May 2001 23:02:35 -0700 (PDT) (envelope-from gbroiles)Received: from localhost.localdomain (root () s211-33-122-158 thrunet ne kr [211.33.122.158])
by home.netbox.com (8.8.8/8.8.7) with ESMTP id XAA44675 for <gbroiles () NETBOX COM>; Tue, 15 May 2001 23:02:34 -0700 (PDT) (envelope-from linuxone@localhost.localdomain) Received: (from linuxone@localhost) by localhost.localdomain (8.10.1/8.10.1) id f4GE3Q214200 for gbroiles () NETBOX COM; Wed, 16 May 2001 23:03:26 +0900 Date: Wed, 16 May 2001 23:03:26 +0900 Message-Id: <200105161403.f4GE3Q214200@localhost.localdomain> From: Sarah Pricer <sarah_pricer () hotmail com> Sender: Sarah.Pricer@localhost.localdomain Subject: Regarding ip block 199.165.136.0 - 199.165.136.255 Content-Type: text/html At 07:55 PM 5/15/2001 -0400, you wrote:
Real-To: "Jason Lewis" <jlewis () jasonlewis net> I received this email today. The headers show it being sent from a machine in Korea. Everything in the headers is forged, but I just can't figure out what the motive is behind it. Also, at the end of the email, there was a gif and I included the embedded html link. Has anyone else seen this? I have munged the IP's. Hi my name is Sarah Pricer, a CS graduate student at UC Berkeley. I obtained your email address from www.arin.net when searching for the IP block(192.168.64.0 - 192.168.64.255 ) that you coordinate. I'm currently writing a thesis on the network topology and would very much appreciate your cooperation. I am trying to draw out a map of how the IPs are distributed geographically. I realize that the IP registration data often times have country/state/city information that are different from the actual physical location of where the IPs are used. Arin data currently shows that 192.168.64.0 - 192.168.64.255 is registered to: Country: US State: VA City: MCLEAN Can you please tell me if this is the actual physical location of the IPs? If not, can you please tell me the actual location? Again, thank you for your cooperation. warm regards, Sarah P. <http://211.33.122.158/icons/1/cal_1506.gif> Jason Lewis http://www.packetnexus.com "All you can do is manage the risks. There is no security."
-- Greg Broiles gbroiles () well com
Current thread:
- Strange email Jason Lewis (May 16)
- Re: Strange email Greg Owen (May 17)
- Re: Strange email Devdas Bhagat (May 17)
- Re: Strange email mcoleman (May 17)
- Re: Strange email Greg Broiles (May 17)
- Re: Strange email Jens Hektor (May 18)
- <Possible follow-ups>
- Re: Strange email james . s . kahan (May 17)
- Re: Strange email Jeff Kell (May 18)
- RE: Strange email Jason Lewis (May 18)
- Re: Strange email Matt Scarborough (May 17)
- Re: Strange email Greg Owen (May 17)