[rescue] NOTIFI ABOOT YER EMAIL ACCOUNT :)
dand at pcisys.net
Wed Mar 17 16:29:09 CST 2004
On Wed, 17 Mar 2004, Bill Bradford wrote:
> > So who on the list usually posts from tor.radiant.net?
> Nobody - all that matters is the "from: " address and the "to:".
Sure, but the From: is forged so that doesn't help us.
Wouldn't the infected person's outbound email usually still resemble this:
> 44F473A1A6: client=66-163-16-11.ip.tor.radiant.net[220.127.116.11]
It probably wouldn't be the exact IP (dhcp and all) but it would
presumably be the same pool of addresses, right?
Assuming it's a listmember (who else would have that matching
to: and from: in their saved email?) someone who posts from
*.tor.radiant.net is certainly suspect.
Or am I totally missing something?
# Dan Duncan (kd4igw) dand at pcisys.net http://pcisys.net/~dand
# There are very few personal problems that cannot be solved through a
# suitable application of high explosives.
More information about the rescue