 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Today, Ron Peterson gleaned this insight: > "Matthew J. Brodeur" wrote: > > > > First of all, without the specifics of the spam messages and knowledge > > of Harvard.Net's mail server setup it's possible that this was just a case > > of mail forging. Someone could have seen your address and decided to use > > it to get around the sender check on the mail server. On many servers you > > wouldn't need a password to do that, just some knowledge of SMTP commands. > > > > If this was sniffing the most likely case is the POP3 access across the > > internet. > > Here's the skinny from HarvardNet. They recieved notification from > someone that some kind of SPAM originated from their network. They were > sent the SPAM headers. > > Then they compare the IP address in the SPAM header to logfile of who > was logged in and assigned that IP address (via DHCP) at the time the > message's timestamp says the message was sent. Which was me. One question that still remains is, were YOU logged in at that time? It could still be a forged IP address. There's no reason at all to think that the mail came from your computer. Spammers do this all the time. But even if it did, if you were booted into linux and you have sendmail running, they could have used you as a spam relay while you were connected. It's rather unlikely that you wouldn't have noticed it if that was the case though, as this very likely would have made your machine really busy. unless the spammer was using you only for a small quantity of mail, your disk drive would have been busy for a good amount of time, which should have seemed wierd to you. But, there's still the possibility that a) the address was completely forged or b) the spammer used your machine to relay only a small amount of mail. This is what makes tracking spam so hard. If you WERE logged on at that time, check your logs for mail being relayed at that time. Furthermore, if you are running sendmail on your laptop, STOP! You don't need it, and it will only make you vulnerable to attack and/or spam (relaying). Use your ISP's SMTP relay instead of your local machine (chances are good you're already doing that anyway). -- --------------------------------------------------------------- Derek D. Martin | Unix/Linux Geek ddm at MissionCriticalLinux.com | derek at cerberus.ne.mediaone.net --------------------------------------------------------------- - Subcription/unsubscription/info requests: send e-mail with "subscribe", "unsubscribe", or "info" on the first line of the message body to discuss-request at blu.org (Subject line is ignored).
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
