Return-Path: <sentto-279987-2111-1000985077-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Thu, 20 Sep 2001 04:27:08 -0700 (PDT) Received: (qmail 9555 invoked by uid 510); 20 Sep 2001 11:25:18 -0000 Received: from n32.groups.yahoo.com (216.115.96.82) by 204.181.12.215 with SMTP; 20 Sep 2001 11:25:18 -0000 X-eGroups-Return: sentto-279987-2111-1000985077-fc=all.net@returns.onelist.com Received: from [10.1.1.221] by hn.egroups.com with NNFMP; 20 Sep 2001 11:24:55 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_3_2_2); 20 Sep 2001 11:24:37 -0000 Received: (qmail 512 invoked from network); 20 Sep 2001 11:24:36 -0000 Received: from unknown (10.1.10.142) by 10.1.1.221 with QMQP; 20 Sep 2001 11:24:36 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta3 with SMTP; 20 Sep 2001 11:24:54 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id EAA20222 for iwar@onelist.com; Thu, 20 Sep 2001 04:24:54 -0700 Message-Id: <200109201124.EAA20222@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Thu, 20 Sep 2001 04:24:54 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] As usual, some of the viruses have my return email address... Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit It is not that unusual for viruses to contain my email address as a return address, and the NIMDA is no exception. I got my first three bounce messages today. It would appear that either (1) a varient has been created that uses my return email address or (2) the normal virus behavior selects email addresses from the system under attack for use as new return addresses. The key is normally to look at the IP address used for the sender, however, the NIMDA virus also forges IP addresses... (it has not correlated one of my real IPs to my emails yet...) As an opinion, this all seems to me to go back to the problem I pointed out in my congressional testimony a year and a half ago and the same problem I have been complaining about for years - the lack of attribution in the Internet. In my opinion the ISPs have gone long enough with their refusal to prevent IP address forgery, and it's high time they changed their ways. FC --This communication is confidential to the parties it is intended to serve-- Fred Cohen Fred Cohen & Associates.........tel/fax:925-454-0171 fc@all.net The University of New Haven.....http://www.unhca.com/ http://all.net/ Sandia National Laboratories....tel:925-294-2087 ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:46 PDT