North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re:hmm -- Get a load of this. Fwd'd

  • From: Daniel Reed
  • Date: Mon Nov 17 23:20:28 1997 
On Mon, 17 Nov 1997, James D. Butt wrote:
) >From [email protected]  Mon Nov 17 18:30:54 1997
) >Received: from www.RVC.CC.IL.US (www.RVC.CC.IL.US [207.142.145.2]) by
) mozart.lib.uchicago.edu (8.8.5/8.6.4) with SMTP id SAA21563 for
) <[email protected]>; Mon, 17 Nov 1997 18:30:54 -0600
) >Received: from merit.edu (166.72.5.121) by www.RVC.CC.IL.US
                             ^^^^^^^^^^^^

) > (EMWAC SMTPRS 0.81) with SMTP id <[email protected]>;
) > Mon, 17 Nov 1997 18:44:02 -0600
) >Date: Mon, 17 Nov 1997 18:44:02 -0600
) >Message-ID: <[email protected]>
) >From: NANOG Mailing List <[email protected]>
) >Subject: subscribe
) 
) In looking at this message that someone forwarded me.. It looks like the 
) message originated at one of our customers web servers.. I have called 
) and left messages for the sysadmins of this school.. We do not have any 
) after hours numbers.
) 
) Does anyone else have the bounces with headers so that I can verify or 
) not that it is this customer?
) 
) I will say that it is sorta ironic that I started this thread and it 
) seems to be originating from one of our customers... :-(
It really is too bad people neglect to note that non-mainstream mail
transport agents don't necessarily report messages paths the way
mainstream ones.

[email protected]:~# host 166.72.5.121
121.5.72.166.IN-ADDR.ARPA domain name pointer slip166-72-5-121.il.us.ibm.net
[email protected]:~#

I've already contacted [email protected] and [email protected] about this.
Unless this is a particularly cunning individual, not only sending a fake
host name but also identifying another IP, not associated with that
hostname, so as to throw suspicion onto some other provider, I believe
it's fairly safe to say an ibm.net dialup user is the purpetrator, and
www.RVC.CC.IL.US was used solely as a mail relay.

--
Daniel Reed <[email protected]>
System administrator of narnia.n.ml.org (narnia.mhv.net [199.0.0.118])
I personally think we developed language because of our deep inner need
 to complain. -- Jane Wagner