[Dshield] [DShield] Need Help - Or Advise

Tom dshield at oitc.com
Fri Aug 19 00:52:06 GMT 2005

At 7:41 PM -0500 8/18/05, Mike Wydra wrote:
>My Friends:
>First - THANK-YOU to whoever it was that posted the warning about 
>the "Osama Bin Laden Captured" hoax. Someone sent me the damn thing 
>today and no - I didn't open the attachment. I also received another 
>one called "The Post Office," which also has an attachment, and 
>looks fishy.
>I don't have a spare machine set up that I could run these things on 
>(and see what they are) but if someone else wants the honors, I can 
>forward. What I

For kicks send to virusmaster at oitc.com with title DSHIELD CHECK and 
I'll take a look at them.  In general we block all executeables and 
executeables in zip and rar files. Folks who need these files can get 
them through our alternate delivery system.

>need help/advise on is this: I think I know how to determine the 
>originating IP from the headers. In these two cases, it appears that 
>both e-mails came out of Europe (Both went through the Netherlands). 
>Am I correct that the VERY first "received" line is the senders IP 
>addy? Thanks for any answers. I know you guys are busy with the 
>current patch crisis.

IP yes but not name as it can and is forged.


Tom Shaw - Chief Engineer, OITC
<tshaw at oitc.com>, http://www.oitc.com/
US Phone Numbers: 321-984-3714, 321-729-6258(fax), 
321-258-2475(cell/voice mail,pager)
Text Paging: http://www.oitc.com/Pager/sendmessage.html

PGP Public Keys available at:
<A HREF="ldap://keyserver.pgp.com/">PGP's Key Server</A>
<A HREF="http://www.oitc.com/OITC/PGPKeys.html">OITC's Public Key List</A>
14A7 A308 266A 3646 FBA8  9A86 E139 F108 B1BE 37BD

More information about the list mailing list