[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Idea for a new Linux-related site
Hi,
On Thu, 1 Jan 1998, Shlomi Fish wrote:
> On Tue, 30 Dec 1997, Ariel Biener wrote:
>
> >
> > Hmm, if you didn't mail it, I'm sorry to say that someone mailed it from
> > your account. As you can see, it is the same exact signature, and I doubt
> > it that someone faking an e-mail from you will have the ability to exactly
> > guess such a signature. I would strongly suggest checking for a breakin
> > there.
> >
> > --Ariel
> >
>
> While it's probable that someone entered Nir's account and while in there,
> read my E-mail and sent a replay message to the list, this is not the only
> possibility. The Hackers FAQ gives details about how one can send fake
> E-mail that is identical to an actual message up to the Received-From
> headers.
> A user can contact an SMTP server from another host (otherwise ISPs would
> not have been able to provide outgoing mail for PPP hosts), and I don't
> think there is a header which says from which host the socket connection
> was made. Normally, the SMTP servers don't even filter the hosts from
> which one can connect to them.
I agree. SMTP headers can be faked easily.
> If the guy hacked into Nir's account, it doesn't seem logical that he
> would reveal himself by sending fake E-mail from there. Maybe, root or
> some other user, SUed into Nir's account, and thinking the mail was sent
> to him - he identified it as Junk-mail and responded accordingly.
Well, I'm root on that particular machine. :) and in this case I can
assure you root didn't su into his account.
Shachar.
-----------------------------------------------------------------------------
Shachar Tal - Computer Science, Technion, Israel Institute of Technology
email: shachar@vipe.technion.ac.il, shachar@il.eu.org
KeyID 0481FEF1 fingerprint = 52 1B 97 6A F2 77 AE C6 64 B6 5A 5E 14 28 8E 7E
-----------------------------------------------------------------------------