Michael E. Marrotta writes:

Which does show the wisconsin 144 stuff, but none of the Delphi- Bix-UUnet nonsense. So what I am to make of this? Two sharp 'punks finger this as coming from (through?) wisconsin 144. So, I conclude that this spoofer goes to U-Wisc. He has accounts on Bix and Delphi. He forwards Free Willy from 144 to Delphi to Bix and from there to toad. But ferguson didn't have Delphi and Bix in his solution. And, again, the message came to me with just the address of the Presidential Palace in Federal City.

Not necessarily; I tried telgate, and it accepts connections from anywhere. This makes it ideal for spoofing, as only if a log is kept of remote connections could the true location of the spoofer be discovered. Even in that case, a savvy user of PADs and other non-Internet functions could easily add another layer of concealment to an already fairly clever spoof. The spoofer _may_ be at uwisc, but it is also possible that a telnet gate collector is at work here. There are dozens of cisco servers, X.25 gateways, etc. which allow public access from any site. The wise choice is, of course, to disable both incoming and outgoing interdomain telnet connections from these gateways. However, this is not always done. ---- Robert W. F. Clark rclark@nyx.cs.du.edu