[Dshield] Klez any one

John Hardin johnh at aproposretail.com
Fri Aug 23 18:09:13 GMT 2002

On Thu, 2002-08-22 at 19:53, Dave wrote:
> For the more knowledgeable virus types out there:  Can the Klez virus forge 
> the IP in this line:
>  >>Received: from Pgcdjo ([]) by out003.verizon.net
> The name is obviously bogus, but if that IP is logged by the Verizon SMTP 
> server, then we have the IP of the infected machine.  It sounds too good to 
> be true.

No, the server logs that IP address. It's the actual IP address of the
system it's receiving the message from.

John Hardin                                   <johnh at aproposretail.com>
Internal Systems Administrator                    voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
 "To disable the Internet to save EMI and Disney is the moral
  equivalent of burning down the library of Alexandria to ensure the
  livelihood of monastic scribes."
                                    -- John Ippolito of the Guggenheim
 117 days until The Two Towers

More information about the list mailing list