Re: Forged Source Address
From: FHLA56 (fhla56_at_aol.com)
Date: 09/03/03
- Next message: J. Reilink: "Re: Researching spamblock/antivirus/attachment filters on mail servers"
- Previous message: sponge: "Re: unknown dll and exe: ezbewvi.dll, ezbewvi.exe"
- In reply to: Robert C: "Forged Source Address"
- Next in thread: Robert C: "Re: Forged Source Address"
- Reply: Robert C: "Re: Forged Source Address"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 03 Sep 2003 07:37:18 GMT
You could be. Hackers can get into your computer, create an invisible
partition, and send mail etc. from your machine when you sign on. They use the
ntfs file system of linus and its open source code to do this. The partiion is
also invisible to you.
A member of our family recently discovered it has on his drive. It could also
have been someone with a floppy who installed it on his machine, because the
files for linus or unix are as small as dos files are.
This is the second time in a year for his computer to mess up, so in his case I
would suspect a family member doing this.
he is still seeking a solution. Me--I'd back up everything on the C drive to
cd roms, get a new harddrive, reinstall the operating system, get a firewall
and keep it up to date, get a good viruus scaner and keep up to date and then
find a way to restrict access to the computer of folks who happen by, or bring
floppies or cds from the outside to your home. Somewhere, someone must have a
windows interface that allows a proted mode desktop with limited availabilty to
the floppy and cd rom drive. Somewhere.
He was shut down by the internet provider because of the large volume of mail
being sent.
Hope you find a solution.
*****************************************
Check out how much disk space you have available and the size of the files to
see if it adds up to the total amount of disk space you have.
>We have started getting undeliverable reports from AOL saying that the
>message sent from our domain, but with a random mailbox, could not be
>delivered. I have check our server with the ORDB and other relay testers as
>well as confirmed our configuration with our mail server vendor's
>recommendation, and we are not an open relay. Also, the IP addresses of the
>various relays to do not include any of our IPS. I expect that the sender
>is just faking our from and reply to email address in an email that contains
>a link to some website and is not intended to be replied to. This probably
>means that there is nothing that I can do about it, but I thought I would
>ask if I am missing a possibility or if there is something that anyone else
>has done.
>
>I have included the text from two of the NDR emails below.
>
>Thanks,
>
>Robert
>
>Received: from rly-xj02.mx.aol.com (rly-xj02.mail.aol.com [172.20.116.39])
>by rly-st16.mail.aol.com (v92.16) with ESMTP id RELAYIN2-33f5515799e; Tue,
>02 Sep 2003 18:11:05 -0400
>Received: from stjh1-2688.nf.aliant.net (stjh1-2688.nl.aliant.net
>[142.163.154.128]) by rly-xj02.mx.aol.com (v95.1) with ESMTP id
>MAILRELAYINXJ22-5023f5515653bc; Tue, 02 Sep 2003 18:10:47 -0400
>Received: from [117.65.190.61] by stjh1-2688.nf.aliant.net with SMTP; Tue,
>02 Sep 2003 23:18:34 -0300
>Message-ID: <55a9$98o3e8gjl1-xo$c@58lbqn2jn8a>
>From: "Ulysses Kessler" <r475huzuh@thielsen.com>
>Reply-To: "Ulysses Kessler" <r475huzuh@thielsen.com>
>To: grainman54@aol.com
>Cc: <paxjaypolo@aol.com>, <karlgrupp@aol.com>, <notsgmp@aol.com>,
> <louchip1@aol.com>
>Subject: Fwd:SOMA - Viagra - Phentermine - Ultram - Ambien - Diflucan Free
>Overnight Fedex jyjzubdpjn
>Date: Tue, 02 Sep 2003 23:18:34 -0300
>X-Mailer: Microsoft Outlook Express 5.00.2615.200
>MIME-Version: 1.0
>Content-Type: multipart/alternative;
> boundary="C.FBE3.AA17CE_.A.C"
>X-Priority: 3
>X-AOL-IP: 142.163.154.128
>X-AOL-SCOLL-SCORE: 0:XXX:XX
>X-AOL-SCOLL-URL_COUNT: 0
>
>____________________________________________________
>
>Received: from ip-66-218-254-213.cablemo.net (ip-66-218-254-213.cablemo.net
>[66.218.254.213]) by rly-xj06.mx.aol.com (v95.1) with ESMTP id
>MAILRELAYINXJ610-72c3f53fc912a2; Mon, 01 Sep 2003 22:12:45 2000
>Message-ID: <hax8rc-e0s9o1t1auobik$4b2p$0zm0@61av4iam45>
>From: "Timothy Workman" <zs6kans@thielsen.com>
>Reply-To: "Timothy Workman" <zs6kans@thielsen.com>
>To: matt95916@aol.com
>Cc: <christbloodsaves@aol.com>, <dreamlvrmm@aol.com>, <jaguar867@aol.com>,
> <sec1214@aol.com>
>Subject: Fwd:Online PharmacySOMA,VIAGRA,MUCH MORE
>Date: Tue, 02 Sep 2003 01:18:31 -0500
>X-Mailer: Internet Mail Service (5.5.2650.21)
>MIME-Version: 1.0
>Content-Type: multipart/alternative;
> boundary="CE4_DCFF99A..299"
>X-Priority: 3
>X-AOL-IP: 66.218.254.213
>X-AOL-SCOLL-SCORE: 0:XXX:XX
>X-AOL-SCOLL-URL_COUNT: 0
>
>
>
>
>
>
>
>
>
>
>Subject: Forged Source Address
>Path:
>lobby!ngtf-m01.news.aol.com!ngpeer.news.aol.com!news.cis.ohio-state.edu!n
ews.maxwell.syr.edu!sn-xit-03!sn-xit-04!sn-xit-01!sn-post-02!sn-post-01!su
pernews.com!corp.supernews.com!not-for-mail
>From: "Robert C" rc3NOSPAM@PLEASEhotmail.com
>Newsgroups: comp.security.misc
>Date: Tue, 2 Sep 2003 16:13:59 -0700
>Organization: Posted via Supernews, http://www.supernews.com
>Message-ID: <vla94ka76vpr8a@corp.supernews.com>
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
>X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
>X-Complaints-To: abuse@supernews.com
>Lines: 67
>
>
- Next message: J. Reilink: "Re: Researching spamblock/antivirus/attachment filters on mail servers"
- Previous message: sponge: "Re: unknown dll and exe: ezbewvi.dll, ezbewvi.exe"
- In reply to: Robert C: "Forged Source Address"
- Next in thread: Robert C: "Re: Forged Source Address"
- Reply: Robert C: "Re: Forged Source Address"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
