[Dshield] In regards to "Klez any one"

John Hardin johnh at aproposretail.com
Mon Oct 21 22:09:02 GMT 2002


On Mon, 2002-10-21 at 13:06, MidnightStarr41 at aol.com wrote:
> I have written AOL asking them how an email was sent to me from me from over 
> the Internet

Most email headers are trivially easy to forge. The only ones you can
put any amount of trust in are the Received: headers.

> Return-Path: <midnightstarr41 at aol.com>
> Received: from  rly-xg02.mx.aol.com (rly-xg02.mail.aol.com [172.20.115.199]) 
> by air-xg05.mail.aol.com (v89.10) with ESMTP id MAILINXG51-1019152256; Sat, 
> 19 Oct 2002 15:22:56 -0400
> Received: from  addu.axelero.hu (mail02.axelero.hu [195.228.240.77]) by 
> rly-xg02.mx.aol.com (v89.10) with ESMTP id MAILRELAYINXG23-1019152355; Sat, 
> 19 Oct 2002 15:23:55 -0400
> Received: from SMTP (line-27-56.dial.matav.net [145.236.27.56])
>  by mail02.axelero.hu
>  (iPlanet Messaging Server 5.1 HotFix 0.6 (built Apr 26 2002))
>  with SMTP id <0H4800IX5TW3E1 at mail02.axelero.hu> for midnightstarr41 at aol.com;
>  Sat, 19 Oct 2002 21:24:03 +0200 (MEST)

The mail was apparently submitted by a dialup line owned by matav.net.

Doing a NIC query on the IP address 145.236.27.56 reports:

inetnum:      145.236.0.0 - 145.236.255.255
netname:      MATAV
descr:        Hungarian Telecommunications Company Limited
descr:        Budapest

-- 
John Hardin                                   <johnh at aproposretail.com>
Internal Systems Administrator                    voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
-----------------------------------------------------------------------
 ...people confuse "security" and "Trustworthy Computing."
                                 - Craig Mundie, MS Senior VP and CTO
-----------------------------------------------------------------------
 6 days until Daylight Savings Time ends




More information about the list mailing list