I think I was sniffed?

[rpeterson at wallacefloyd.com (Ron Peterson)]

"Matthew J. Brodeur" wrote:
> 
>    First of all, without the specifics of the spam messages and knowledge
> of Harvard.Net's mail server setup it's possible that this was just a case
> of mail forging.  Someone could have seen your address and decided to use
> it to get around the sender check on the mail server.  On many servers you
> wouldn't need a password to do that, just some knowledge of SMTP commands.
> 
>    If this was sniffing the most likely case is the POP3 access across the
> internet.

Here's the skinny from HarvardNet.  They recieved notification from
someone that some kind of SPAM originated from their network.  They were
sent the SPAM headers.

Then they compare the IP address in the SPAM header to logfile of who
was logged in and assigned that IP address (via DHCP) at the time the
message's timestamp says the message was sent.  Which was me.

So, unless someone has another theory, looks like someone got my
password.  Yuck.  I'm assuming someone sniffed my POP login, but just to
be safe, I'll be doing some security auditing also.

If I ever said anything that annoyed anyone, I apologize.  Only
politically correct vannila comments from now on.  Please be nice, and
don't crack my computer... ;)

-- 

Ron Peterson
Systems Manager
Wallace Floyd Design Group
273 Summer Street
Boston, MA  02210
617.350.7400 tel
617.350.0051 fax
rpeterson at wallacefloyd.com
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).