Have you examined the attachment type? It would be easy enough to deliver
the message
w/attachment directly to your MTA while entering invalid headers. Might
make for a decent worm.
Your headers should still show the source host as this is not generally an
option specified by the client.
Take a look at your attachment, lets see if it contains a trojan/backdoor
app.
-Grant
-----Original Message-----
From: Koaps
To: INCIDENTS_at_SECURITYFOCUS.COM
Sent: 1/11/2001 2:29 PM
Subject: Re: Finding out who owns particular IP addresses
I think all Emails have headers to some point
Are you using Outlook or something?
it might hide some header info
if u are in outlook express you can right click on a email and go to
properties
there is a details tab that should show you what server sent you the
email
if u are in outlook
open a email then go to view options
in the main window you should see the header and the server it came from
Even if you change a email to a fake from address
it should still show you what server delievered the email
sendmail will probably have a log of what server connected to it
But I'm still learning the joys of send mail
=)
L8rZ
\!/
(@ @)
----oOO-(_)-OOo--------
KoAps
----- Original Message -----
From: "Smith, Lonnie" <lonnie.smith_at_VICORP.COM>
To: <INCIDENTS_at_SECURITYFOCUS.COM>
Sent: Thursday, January 11, 2001 2:03 PM
Subject: Re: Finding out who owns particular IP addresses
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Is anyone aware of an email with absolutely no header? I received a
> email with an exe. attachment with no header at all. Wouldn't even
> show me the mail exchangers it went thru?
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
>
> iQA/AwUBOl4tyB3TooPmG5KtEQJjEgCgysb6lZABduu7hUxdQ7HJPsw95EsAoPL/
> PIdLqOqqxRGmwXf1LKBtTf07
> =w5HJ
> -----END PGP SIGNATURE-----
>
Received on Jan 12 2001
Intro
