[Previous] [Next] [Index]
[Thread]
Re: Email Hack: Help.
-----BEGIN PGP SIGNED MESSAGE-----
John Cronin wrote:
>
> Doug Breault wrote:
> =>
> =>Hello Everyone,
> =>
> =>We've got a problem here with a hacker. There's some punk
> =>apparently hacking a mail server somewhere and sending BS postings all over
> =>the net regarding get rich quick schemes, etc - from a non-existent
> =>account on our server. They've done it twice so far, from two different
> =>non-existent accounts.
>
> =>2. What are the methods one uses to do fake these FROM fields? And is
> => there a way to prevent it?
>
> Actually, there may not be much you can do about it. If the hacker hacks
> into a Linux box running Smail or whatever package they use instead of
> sendmail on a lot of Linux boxes, they don't even have to hack into
> your domain to make it look like they are delivering mail from it.
> They can spoof all the headers and nobody will ever be able to tell
> it didn't come from your machine. Apparently Smail does not even
> log the connection made to it, or does not log the connection correctly,
> or something. It is also possible to spoof sendmail to make it look
> like the mail comes from your site, but at least in this case you can
> see where the post actually originated, although it is possible the
> originator might be using a spoofed IP address or something. The bottom
> line is that if this spammer knows what he or she is doing, they can
> make it virtually impossible to trace them back to the originating site.
>
> --
> John Cronin
> Office of Information Technology Customer Support Center 0710
> Georgia Institute of Technology, Atlanta Georgia, 30332
> Internet: john.cronin@oit.gatech.edu
> phone: (404) 894-7563
Somebody told me that the key to bagging a hacker is in the ``MX
records,'' does that ring a bell to anyone? They said you can
nail them through MX records. Now to find out the specifics. ;-)
Gene
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMdCXCM4N33uf66GRAQEAXAP/XOYJg7zaoa58k7eXPy6AwOUXiWSTlnPD
aqN2OJYJW8CMbYuhENKn45pZ6rb/9vMoPxerbOhK4SIvAAZL7kwwMqYvhc+wCnmK
r+SC/P4LrP8pKd34nB0+uroeCflU6G5YReiqHb1u5M8q8n3yAeNmvHq+Ydjyb+yJ
IueWh8xj0DA=
=rmOP
-----END PGP SIGNATURE-----
--
``Imagine if every Thursday your shoes exploded if you tied them
the usual way. This happens to us all the time with computers,
and nobody thinks of complaining.'' -Jef Raskin
______ gene@cup.hp.com
/\__ _\ ingram@pubs.holosys.com
\/_/\ \/ ___ __ _ __ __ ___ ___
\ \ \ /' _ `\ /'_ `\/\`'__\/'__`\ /' __` __`\
\_\ \__/\ \/\ \/\ \L\ \ \ \//\ \L\.\_/\ \/\ \/\ \
/\_____\ \_\ \_\ \____ \ \_\\ \__/.\_\ \_\ \_\ \_\
\/_____/\/_/\/_/\/___L\ \/_/ \/__/\/_/\/_/\/_/\/_/
/\____/
________________________\_/__/____________________________________
PGP UserID: "Gene Ingram <gene@cup.hp.com>"
Key Size: 1024 bits; Creation date: 21 March 1996; KeyID: 9FEBA191
Key fingerprint: 93 E1 15 E6 35 BC B2 84 B2 7B 39 76 29 72 32 72
--3D signature created courtesy of ``Figlet Ascii Font Converter''
<http://mediacube.datacom.de/cgi-bin/moniteurs/figlet>
Follow-Ups:
References: