vision2020
Attack of the killer junk mail
- To: vision2020@moscow.com
- Subject: Attack of the killer junk mail
- From: Tom Lamar <lamar@pcei.org>
- Date: Fri, 20 Sep 2002 09:05:18 -0700
- Resent-Date: Fri, 20 Sep 2002 09:08:15 -0700 (PDT)
- Resent-From: vision2020@moscow.com
- Resent-Message-ID: <ZDk4vB.A.duQ.sf0i9@whale2.fsr.net>
- Resent-Sender: vision2020-request@moscow.com
Visionaries,
Just wanted to let everyone know that the junk mail and attachment that
came with my email address this morning was not sent by my computer. It
was a spoofed email sent by another computer somewhere. Below is a
description of what happened as described by Andrew Morris of First Step
Internet <techsupport@fsr.net>.
So when these individuals make an attack (such as the directory harvest
attacks) they generate the usernames at the time of sending and tend to send
from and to as the same name. If they are also spoofing the IP address they
are sending from then they connect through a remote smtp server (illegally)
and send email to other servers addressed to all_users@domain.com from
all_users@domain.com. Their tracks are covered and it looks like the remote
smtp is the home of the culprit when in fact they are the first victim.
There is a lengthy write-up on this topic at:
http://www.cert.org/tech_tips/email_spoofing.html
hasta luego,
Tom
Thomas C. Lamar, Executive Director
=================================================
Palouse-Clearwater Environmental Institute
P O Box 8596; 112 West 4th St; Suite #1
Moscow ID 83843-1096
Phone (208)882-1444; Fax (208)882-8029
url: http://www.pcei.org
Celebrating sixteen years of "connecting people, place and community".
=================================================
Back to TOC