RE: [MS_Exchange] Spoofing?

  • From: Mike Dufoe <dufoem@xxxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Tue, 4 Mar 2003 11:04:35 -0500

You can also use www.samspade.org <http://www.samspade.org> 
 
They have some nice tools on their site.
 
 
Mike

-----Original Message-----
From: Chris Wall [mailto:Chris.Wall@xxxxxxxxxxxxxxxxxxx]
Sent: Tuesday, March 04, 2003 10:56 AM
To: [ExchangeList]
Subject: [exchangelist] RE: [MS_Exchange] Spoofing?


http://www.MSExchange.org/

Thanks to everyone who responded.
 
Thanks for the link below as well.  That is a nice site.
 
Chris

-----Original Message-----
From: Robson, John [mailto:john.robson@xxxxxxxxxxxxx] 
Sent: Tuesday, March 04, 2003 10:18 AM
To: 'MS_Exchange@xxxxxxxxxxxxxxx'; ExchangeList (exchangelist@xxxxxxxxxxxxx)
Subject: RE: [MS_Exchange] Spoofing?


Try the following link, this will tell you where to contact.

John

http://www.network-tools.com/default.asp?prog=express
<http://www.network-tools.com/default.asp?prog=express&Netnic=whois.arin.net
&> &Netnic=whois.arin.net&
host=h002078cc3b91.ne.client2.attbi.com


-----Original Message-----
From: Chris Wall [mailto:chris@xxxxxxxxxxxxxxxxxxx]
Sent: 04 March 2003 14:50
To: Exchange Group on Yahoo (MS_Exchange@xxxxxxxxxxx); ExchangeList
(exchangelist@xxxxxxxxxxxxx)
Subject: [MS_Exchange] Spoofing?
Importance: High


Hello everyone,

   My organization has a mailbox called 'HostMaster' and last night someone
sent a message titled 'test, please ignore' to the Hostmaster mailbox.  What
is weird, is that the message says that it is from itself
(HostMaster@xxxxxxxxxxxxxxxxxxx <mailto:HostMaster@xxxxxxxxxxxxxxxxxxx> ).
Only one person has permissions to this mailbox and he did not send it. 

   The To: field and CC: field in the message are blank.  This indicates
that the message was sent using a BCC: field.  Is there anyway that I can
see what was put in the BCC: field?  Better yet, I have provided the header
information from the e-mail:

Received: from mbserv002.globalknowledge.com ([172.16.56.25]) by
mbserv002.globalknowledge.com with 
SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13)
id 1XBJ8D65; Mon, 3 Mar 2003 18:40:28 -0500
Received: FROM h002078cc3b91.ne.client2.attbi.com BY
mbserv002.globalknowledge.com ; 
Mon Mar 03 18:40:11 2003 -0500
subject: Test, Ignore..

   
    MBSERV002 'reflects' our internal bridgehead here.  Is there any
information here that would help me to determine who sent this message.  If
it were sent from within our company, SMTP would not be involved.  Only the
X400 connectors would have been used....   is the
'h002078cc3b91.ne.client2.attbi.com' the culprit here?  If so what is my
next step in finding out who this is or at least reporting them to some type
of authority?

Thanks for any info.  I am new at this.

Thanks,
Chris Wall


[Non-text portions of this message have been removed]


Yahoo! Groups Sponsor
ADVERTISEMENT




To unsubscribe from this group, send an email to:
MS_Exchange-unsubscribe@xxxxxxxxxxx



Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service. 


Yahoo! Groups Sponsor   

ADVERTISEMENT
 
<http://rd.yahoo.com/M=245454.2994396.4323964.2848452/D=egroupweb/S=17082988
46:HM/A=1457554/R=0/*http://ipunda.com/clk/beibunmaisuiyuiwabei>        
 
<http://us.adserver.yahoo.com/l?M=245454.2994396.4323964.2848452/D=egroupmai
l/S=:HM/A=1457554/rand=679663090>       

To unsubscribe from this group, send an email to:
MS_Exchange-unsubscribe@xxxxxxxxxxx



Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service
<http://docs.yahoo.com/info/terms/> . 


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
dufoem@xxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub') 

Other related posts: