North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: any known users of NetRange 172.16.0.0 - 172.31.255.255

  • From: Joe
  • Date: Fri Sep 27 00:11:13 2002

Depending on the content of the headers, this address
can be "injected" into the flow of the email. This is very
easy to do. The important thing to look at regarding the 
headers from such an email are the last few transactions
I would suspect that the first few lines read IPs that are 
familiar to you, that is your smtp server handling an email from 
some foriegn source, than past that another foriegn source 
IP. The begining IP address (this 172.17.x.x) probably starts 
the whole thing out and has actually been forged or placed 
there from some virtual lan that NATs out to its internet provider. 
Remember that reading the headers is a bit backwards. The top is
the latest, while the headers close to the Subject or From To lines
are the origin.

Hope this offers some insite.

-Joe