Tracing port 25 mail forgery
Matthew Ghio
ghio at kaiwan.com
Mon Jul 18 19:45:34 PDT 1994
While looking over some of the detcrud I noticed something interesting...
>From colton at netcom.com Mon Jul 18 15:48:30 1994
>Received: from virginia.edu (uvaarpa.Virginia.EDU [128.143.2.7]) by
>kaiwan.kaiwan.com (8.6.9/8.6.5) with SMTP
> id PAA27245 for <ghio at kaiwan.com>; Mon, 18 Jul 1994 15:48:24 -0700
> *** KAIWAN Internet Access ***
>From: colton at netcom.com
>Received: from fulton.seas.virginia.edu by uvaarpa.virginia.edu id aa05968;
> 18 Jul 94 18:48 EDT
>Received: from <netcom12.netcom.com> (nym at netcom14.netcom.com
> [192.100.81.126]) by fulton.seas.Virginia.EDU (8.6.8/8.6.6) with SMTP id
> SAA67017 for <ghio at kaiwan.com >; Mon, 18 Jul 1994 18:48:20 -0400
>Date: Mon, 18 Jul 1994 18:48:20 -0400
>Message-Id: <199407182248.SAA67017 at fulton.seas.Virginia.EDU>
>To: ghio at kaiwan.com
>Request-Remailing-To: alt.59.79.99 at comlab.ox.ac.uk
>
>##
>Followups-To: news.admin.policy
>Reply-To: <support at netcom.com>
>Subject: Netcom is being SCAPEGOATED
>
...drivel removed...
In the Received: header, fulton.seas.Virginia.EDU identifies the message as
coming from nym at netcom14.netcom.com
My question is, How did it do this??? Did it use identd? I tried making a
fake mail thru that site and it did not show my username...but neither kaiwan
nor andrew have identd installed. nova.unix.portal.com did the same thing:
>Received: from <netcom12.netcom.com> (nym at netcom2.netcom.com [192.100.81.108])
>by nova.unix.portal.com (8.6.7/8.6.5) with SMTP id SAA22450 for
><ghio at kaiwan.com >; Mon, 18 Jul 1994 18:09:22 -0700
Comments?
More information about the cypherpunks-legacy
mailing list