[svlug] maicious spoofing
jeff at jeffs-place.org
Fri Oct 18 22:15:20 PDT 2002
Ron Hinchley wrote:
> Is there some way to lean anything about this header? It was sent to a
> militant Arab list.
> Received: (qmail 63847 invoked from network); 18 Oct 2002 18:29:21 -0000
> Received: from unknown (18.104.22.168)
> by m5.grp.scd.yahoo.com with QMQP; 18 Oct 2002 18:29:21 -0000
> Received: from unknown (HELO localhost) (22.214.171.124)
> by mta2.grp.scd.yahoo.com with SMTP; 18 Oct 2002 18:29:21 -0000
> To: GNAA-SC at yahoogroups.com
> From: ronh at best.com
> Date: Fri, 18 Oct 2002 11:28:48 -0700
> Received: from unknown (126.96.36.199) by 188.8.131.52 with HTTP; Fri, 18
> Oct 2002 09:19:34 -0500
> Message-ID: <9KADC6652AB645BC025F2372A86BB206D7EP92 at mail.law.uiuc.edu>
> MIME-Version: 1.0 (produced by the IP*Works! MIME Component -
> Content-Type: text/plain; charset="iso-8859-1"
> Content-Transfer-Encoding: 7bit
From what I see here, I can conclude that the email originated from a
computer with the IP address of 184.108.40.206. That's about it, other than
the originating server is 220.127.116.11 I believe.
Quick little nslookup from my Windows box on those two addresses shows
Hope that helps.
More information about the svlug