[Dshield] Re: A few followup points
ed.truitt at etee2k.net
Thu Mar 21 13:26:25 GMT 2002
-----BEGIN PGP SIGNED MESSAGE-----
Also, can you take a look at one of the emails using a regular text
editor? Since the "damage" is done, save the thing to a plain text
file and open it with vi. You should then be able to see the web
bugs (HTML code) in the email.
PGP fingerprint: 5368 D25E 468C A250 9833 CCD6 DBAE 9C25 02F9 0AB9
"Note to spammers: my 'delete' key is connected to YOUR ISP.
Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."
- ----- Original Message -----
From: "John Groseclose" <iain at caradoc.org>
To: <list at dshield.org>
Sent: Wednesday, March 20, 2002 2:33 PM
Subject: Re: [Dshield] Re: A few followup points
> I suspect that the port 80 outbound traffic that you're seeing is
> embedded information sourced from a remote webserver. Can you sniff
> the traffic and see exactly what's happening?
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
-----END PGP SIGNATURE-----
More information about the list