[Dshield] Fanmail from a flounder

George A. Theall theall at tifaware.com
Fri Apr 27 10:45:06 GMT 2007


Sue Young wrote:

> I don't think I'd ever mistake this for legitimate mail.  hacker1 huh?  Real
> 1337.  I just wanted to share the stupidest thing I've seen all day (so
> far).
...
> Received: by mail33-fra (MessageSwitch) id 1177602211879526_541; Thu, 26 Apr
> 2007 15:43:31 +0000 (UCT)
> Received: from dsl-189-132-92-111.prod-infinitum.com.mx (unknown [
> 189.132.92.111])
>     by mail33-fra.bigfish.com (Postfix) with ESMTP id 1806B970077
>     for <kanwar at gcmlp.com>; Thu, 26 Apr 2007 15:43:30 +0000 (UTC)
> Received: from hacker1 ([132.131.35.163] helo=hacker1)
>     by dsl-189-132-92-111.prod-infinitum.com.mx ( sendmail 8.13.3/8.13.1)
> with esmtpa id 1vxapu-000AUN-vw
>     for kanwar at gcmlp.com; Thu, 26 Apr 2007 10:43:49 -0500

If the hacker1 header is valid (big "if", perhaps), its owner probably 
will eventually find him/herself in a bit of trouble -- the IP belongs 
to the Army National Guard Bureau.

George
--
theall at tifaware.com


More information about the list mailing list