Re: Strange e-mails from Excite.com

[Don Tansey <hyghlander () MINDSPRING COM>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I would say they might be looking to take a look at e-mail
headers originating from your organization,  this could
give them some clues about your network.

Cheers,
Don

- --Beware the fury of a patient man.
- ----- Original Message -----
From: DAVID CULLEN <DAVIDCULLEN () HOME COM>
To: <VULN-DEV () SECURITYFOCUS COM>
Sent: Thursday, February 08, 2001 1:57 PM
Subject: Strange e-mails from Excite.com


> My Web site has received 3 e-mails in the last week, via a Web
> Support form (believe it is a CGI form), from the Excite.com
> domain. All three e-mails asked verbatim:
>
> "What's your corporate HQ street address?"
>
> Has anyone else received similar messages in the past week?
>
> I don't know if it is anything--beyond a simple address
> request--but my company's supporters have not seen anything similar
> to these
> requests in the last year.
>
> I checked with Excite and I could not find the member names listed
> in their directory.
>
> Does anyone know of a possible exploit scenario? I was thinking
> of a send-mail attack. Am I being paranoid?
>
> Any thoughts, speculations would be greatly appreciated,
>
> Thanks,
David

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBOoKla377bb9Ex5zDEQL5KQCcDk9PmRJ62pLCjB0PEhhpVJu80jAAoLyx
5JKRzXzcxLfBrK6M2RXJ8KMe
=tFBO
-----END PGP SIGNATURE-----