I think I was sniffed?

linuxguy at ici.net linuxguy at ici.net
Mon Jul 10 20:14:36 EDT 2000


Another likely possibility is that HarvardNet got comproimised one way
or another...  Change your password.  Reload your laptop.  Discard all
your data files and start a new life under an assumed name.  It's time
to move on...
 
Ron Peterson wrote:
> "Matthew J. Brodeur" wrote:
> > 
> >    First of all, without the specifics of the spam messages and knowledge
> > of Harvard.Net's mail server setup it's possible that this was just a case
> > of mail forging.  Someone could have seen your address and decided to use
> > it to get around the sender check on the mail server.  On many servers you
> > wouldn't need a password to do that, just some knowledge of SMTP commands.
> > 
> >    If this was sniffing the most likely case is the POP3 access across the
> > internet.
> 
> Here's the skinny from HarvardNet.  They recieved notification from
> someone that some kind of SPAM originated from their network.  They were
> sent the SPAM headers.
> 
> Then they compare the IP address in the SPAM header to logfile of who
> was logged in and assigned that IP address (via DHCP) at the time the
> message's timestamp says the message was sent.  Which was me.
> 
> So, unless someone has another theory, looks like someone got my
> password.  Yuck.  I'm assuming someone sniffed my POP login, but just to
> be safe, I'll be doing some security auditing also.
> 
> If I ever said anything that annoyed anyone, I apologize.  Only
> politically correct vannila comments from now on.  Please be nice, and
> don't crack my computer... ;)
> 
> -- 
> 
> Ron Peterson
> Systems Manager
> Wallace Floyd Design Group
> 273 Summer Street
> Boston, MA  02210
> 617.350.7400 tel
> 617.350.0051 fax
> rpeterson at wallacefloyd.com
> -
> Subcription/unsubscription/info requests: send e-mail with
> "subscribe", "unsubscribe", or "info" on the first line of the
> message body to discuss-request at blu.org (Subject line is ignored).
> 


-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).



More information about the Discuss mailing list