From: Matthew Ghio <ghio@kaiwan.com>
To: cypherpunks@toad.com
Message Hash: b3d71de31bbfadd14bed94e0d467e72e35d1c12beecb6d04b421fe61db2b1391
Message ID: <199407190244.TAA26934@kaiwan.kaiwan.com>
Reply To: N/A
UTC Datetime: 1994-07-19 02:45:34 UTC
Raw Date: Mon, 18 Jul 94 19:45:34 PDT
From: Matthew Ghio <ghio@kaiwan.com>
Date: Mon, 18 Jul 94 19:45:34 PDT
To: cypherpunks@toad.com
Subject: Tracing port 25 mail forgery
Message-ID: <199407190244.TAA26934@kaiwan.kaiwan.com>
MIME-Version: 1.0
Content-Type: text/plain
While looking over some of the detcrud I noticed something interesting...
>From colton@netcom.com Mon Jul 18 15:48:30 1994
>Received: from virginia.edu (uvaarpa.Virginia.EDU [128.143.2.7]) by
>kaiwan.kaiwan.com (8.6.9/8.6.5) with SMTP
> id PAA27245 for <ghio@kaiwan.com>; Mon, 18 Jul 1994 15:48:24 -0700
> *** KAIWAN Internet Access ***
>From: colton@netcom.com
>Received: from fulton.seas.virginia.edu by uvaarpa.virginia.edu id aa05968;
> 18 Jul 94 18:48 EDT
>Received: from <netcom12.netcom.com> (nym@netcom14.netcom.com
> [192.100.81.126]) by fulton.seas.Virginia.EDU (8.6.8/8.6.6) with SMTP id
> SAA67017 for <ghio@kaiwan.com >; Mon, 18 Jul 1994 18:48:20 -0400
>Date: Mon, 18 Jul 1994 18:48:20 -0400
>Message-Id: <199407182248.SAA67017@fulton.seas.Virginia.EDU>
>To: ghio@kaiwan.com
>Request-Remailing-To: alt.59.79.99@comlab.ox.ac.uk
>
>##
>Followups-To: news.admin.policy
>Reply-To: <support@netcom.com>
>Subject: Netcom is being SCAPEGOATED
>
...drivel removed...
In the Received: header, fulton.seas.Virginia.EDU identifies the message as
coming from nym@netcom14.netcom.com
My question is, How did it do this??? Did it use identd? I tried making a
fake mail thru that site and it did not show my username...but neither kaiwan
nor andrew have identd installed. nova.unix.portal.com did the same thing:
>Received: from <netcom12.netcom.com> (nym@netcom2.netcom.com [192.100.81.108])
>by nova.unix.portal.com (8.6.7/8.6.5) with SMTP id SAA22450 for
><ghio@kaiwan.com >; Mon, 18 Jul 1994 18:09:22 -0700
Comments?
Return to July 1994
Return to “Matthew Ghio <ghio@kaiwan.com>”
1994-07-19 (Mon, 18 Jul 94 19:45:34 PDT) - Tracing port 25 mail forgery - Matthew Ghio <ghio@kaiwan.com>