[Dshield] [DShield] Need Help - Or Advise

Mike Wydra mwydra1 at comcast.net
Fri Aug 19 00:41:32 GMT 2005

My Friends:

First - THANK-YOU to whoever it was that posted the warning about the "Osama Bin Laden Captured" hoax. Someone sent me the damn thing today and no - I didn't open the attachment. I also received another one called "The Post Office," which also has an attachment, and looks fishy. 

I don't have a spare machine set up that I could run these things on (and see what they are) but if someone else wants the honors, I can forward. What I need help/advise on is this: I think I know how to determine the originating IP from the headers. In these two cases, it appears that both e-mails came out of Europe (Both went through the Netherlands). Am I correct that the VERY first "received" line is the senders IP addy? Thanks for any answers. I know you guys are busy with the current patch crisis.

Mike Wydra

More information about the list mailing list