[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Idea for a new Linux-related site



On Tue, 30 Dec 1997, Ariel Biener wrote:

> 
> Hmm, if you didn't mail it, I'm sorry to say that someone mailed it from
> your account. As you can see, it is the same exact signature, and I doubt
> it that someone faking an e-mail from you will have the ability to exactly
> guess such a signature. I would strongly suggest checking for a breakin
> there.
> 
> --Ariel
> 

While it's probable that someone entered Nir's account and while in there,
read my E-mail and sent a replay message to the list, this is not the only
possibility. The Hackers FAQ gives details about how one can send fake
E-mail that is identical to an actual message up to the Received-From
headers. 
A user can contact an SMTP server from another host (otherwise ISPs would
not have been able to provide outgoing mail for PPP hosts), and I don't
think there is a header which says from which host the socket connection
was made. Normally, the SMTP servers don't even filter the hosts from
which one can connect to them.

If the guy hacked into Nir's account, it doesn't seem logical that he
would reveal himself by sending fake E-mail from there. Maybe, root or
some other user, SUed into Nir's account, and thinking the mail was sent
to him - he identified it as Junk-mail and responded accordingly. 

Good luck in finding out what happend exactly.

	Shlomi Fish