[Dshield] [DShield] Need Help - Or Advise
dshield at oitc.com
Fri Aug 19 00:52:06 GMT 2005
At 7:41 PM -0500 8/18/05, Mike Wydra wrote:
>First - THANK-YOU to whoever it was that posted the warning about
>the "Osama Bin Laden Captured" hoax. Someone sent me the damn thing
>today and no - I didn't open the attachment. I also received another
>one called "The Post Office," which also has an attachment, and
>I don't have a spare machine set up that I could run these things on
>(and see what they are) but if someone else wants the honors, I can
>forward. What I
For kicks send to virusmaster at oitc.com with title DSHIELD CHECK and
I'll take a look at them. In general we block all executeables and
executeables in zip and rar files. Folks who need these files can get
them through our alternate delivery system.
>need help/advise on is this: I think I know how to determine the
>originating IP from the headers. In these two cases, it appears that
>both e-mails came out of Europe (Both went through the Netherlands).
>Am I correct that the VERY first "received" line is the senders IP
>addy? Thanks for any answers. I know you guys are busy with the
>current patch crisis.
IP yes but not name as it can and is forged.
Tom Shaw - Chief Engineer, OITC
<tshaw at oitc.com>, http://www.oitc.com/
US Phone Numbers: 321-984-3714, 321-729-6258(fax),
Text Paging: http://www.oitc.com/Pager/sendmessage.html
PGP Public Keys available at:
<A HREF="ldap://keyserver.pgp.com/">PGP's Key Server</A>
<A HREF="http://www.oitc.com/OITC/PGPKeys.html">OITC's Public Key List</A>
14A7 A308 266A 3646 FBA8 9A86 E139 F108 B1BE 37BD
More information about the list