Re: can someone decipher this?
From: Jason Kohles (jkohles@redhat.com)Date: 06/27/02
- Previous message: Lyric: "RE: Apache Problem, Hack, Worm, or Something else"
- In reply to: Jeremy Anderson: "Re: can someone decipher this?"
- Next in thread: Tim Donahue: "RE: can someone decipher this?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Jason Kohles <jkohles@redhat.com> To: Jeremy Anderson <jeremy@2monkeys.org> Date: 27 Jun 2002 15:03:14 -0400
On Wed, 2002-06-26 at 04:42, Jeremy Anderson wrote:
> 3) The only "real" information here can be found in the first Received: line. Note the IP address:
>
> 131.95.135.162
>
> This is the "address" of the machine which is originating these messages. This cannot easily be forged or erased. The only potential "gotcha" in the case of these originating addresses is if they are an RFC 1918 (private network) address. These are addresses which begin with 192.168, 172.16, or 10. You can find a full explanation of these addresses here:
>
Erasing or forging real Received: lines is hard, but there is no
guarantee that the first one you see is actually the first one, a
favorite spammer tactic is sending out mail that already has half a
dozen bogus Received lines to throw you off, the first real one will be
somewhere in the middle (and the timestamps may give it away).
-- Jason Kohles jkohles@redhat.com Senior Engineer Red Hat Professional Consulting
- Previous message: Lyric: "RE: Apache Problem, Hack, Worm, or Something else"
- In reply to: Jeremy Anderson: "Re: can someone decipher this?"
- Next in thread: Tim Donahue: "RE: can someone decipher this?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
