bob at verysecurelinux.com
Mon Feb 9 09:19:35 EST 2004
On Fri, Feb 06, 2004 at 09:07:45PM -0500, John Wells wrote:
> On Fri, 2004-02-06 at 19:55, magius at wittsend.com wrote:
> > test
> ...could it be? Warfield himself infected?!? Surely a test machine? :)
Yeah, right. Wanna buy a bridge in Brooklyn?
The faked mail header on that message is:
Received: from wittsend.com ([184.108.40.206]) by lakemtao02.cox.net
(InterMail vM.5.01.06.05 201-253-122-130-105-20030824) with ESMTP
id <20040207005648.ZZWA19763.lakemtao02.cox.net at wittsend.com>
for <ale at ale.org>; Fri, 6 Feb 2004 19:56:48 -0500
Note that Mike's system, wittsend.com, is not at IP 220.127.116.11 so
the message is faked.
bob at verysecurelinux.com [Please use for email to me]
http://www.verysecurelinux.com [Network&Linux/Unix security consulting]
http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.
"Microsoft: Unsafe at any clock speed!"
-- Bob Toxen 10/03/2002
More information about the Ale