Re: Email Hack: Help.

• To: www-security@ns2.rutgers.edu
• Subject: Re: Email Hack: Help.
• From: articles@express.com (Subscription Master)
• Date: Wed, 10 Jul 1996 17:36:02 +0100

Doug Breault wrote:
=>
=>Hello Everyone,
=>
=>We've got a problem here with a hacker. There's some punk
=>apparently hacking a mail server somewhere and sending BS postings all over
=>the net regarding get rich quick schemes, etc - from a non-existent
=>account on our server. They've done it twice so far, from two different
=>non-existent accounts.

=>2. What are the methods one uses to do fake these FROM fields? And is
=>   there a way to prevent it?

Actually, there may not be much you can do about it.  If the hacker hacks
into a Linux box running Smail or whatever package they use instead of
sendmail on a lot of Linux boxes, they don't even have to hack into
your domain to make it look like they are delivering mail from it.
They can spoof all the headers and nobody will ever be able to tell
it didn't come from your machine.  Apparently Smail does not even
log the connection made to it, or does not log the connection correctly,
or something.  It is also possible to spoof sendmail to make it look
like the mail comes from your site, but at least in this case you can
see where the post actually originated, although it is possible the
originator might be using a spoofed IP address or something.  The bottom
line is that if this spammer knows what he or she is doing, they can
make it virtually impossible to trace them back to the originating site.

--
John Cronin
Office of Information Technology Customer Support Center 0710
Georgia Institute of Technology, Atlanta Georgia, 30332
Internet: john.cronin@oit.gatech.edu
phone: (404) 894-7563

• Previous: Re: REMOTE_HOST and REMOTE_ADDR security
• Next: Re: Email Hack: Help.
• Index(es):
  • Index
  • Thread