Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

FRADULENT HEADER SPOOF?

Status
Not open for further replies.
bacjac

bacjac

IS-IT--Management
Jan 3, 2004
5
0
0
US
I recieved this messge & attachment from someone which came from a computer I used to work @ 10 years ago. I remember it - it was my resume.

Look at the header info below:

Received: from mta6.srv.hcvlny.cv.net [167.206.5.72] by imail3.innnerhost.com with ESMTP
(SMTPD32-7.15) id AE82DB900A6; Sat, 17 Jan 2004 04:21:06 -0500
Received: from mail-hub.optonline.net
(ool-4356a2b9.dyn.optonline.net [67.86.162.185]) by mta6.srv.hcvlny.cv.net
(iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003))
with SMTP id <0HRM00AB1NCSCR@mta6.srv.hcvlny.cv.net> for
jimgreen@mcar.com; Sat, 17 Jan 2004 04:22:09 -0500 (EST)
Date: Sat, 17 Jan 2004 04:22:06 -0500 (EST)
Date-warning: Date header was inserted by mta6.srv.hcvlny.cv.net
From: JIM GREEN <jimgreen@optonline.net>
Subject: I am a professional,
Message-id: <0HRM00AB5NCTCR@mta6.srv.hcvlny.cv.net>
MIME-version: 1.0
X-Mailer: Microsoft Outlook Express 5.00.2615.200
Content-type: multipart/mixed; boundary=&quot;Boundary_(ID_tiO3QJM6esX64hwkrb5JNg)&quot;
X-Priority: 3
X-MSMail-priority: Normal
X-RCPT-TO: <jimgreen@mcar.com>
Status: U
X-UIDL: 348015605

----------------------

Does this header reflect spoofing syntax - I'm trying to find out where this came from and from what server (iPlanet?)

Also this originated from my optonlineaccount and I NEVER SENT IT @ 4:21 in the morning!!!!!!!!!!

Any Ideas - anyone???
THanks.

Cheers.
craKuhJAC
 
Sort by date Sort by votes
These header appear to be written by a windows mail server - incomplete header detail. However, the message appears to have come from
mta6.srv.hcvlny.cv.net

Which is Cablevision cable and internet service. They have a machine at IP 167.206.5.72 which sent the mail.

It is trivial to falisfy mail headers. And, since spammers have worked hard to avoid having their mail blocked, their latest ploy is to send email from a (hopefully) valid email name@validdomain so that the receiving mail server could backcheck with &quot;cv.net&quot; that such a host and MX record exists.

I wouldn't get worked up about this. It is quite common and known as a &quot;Joe job&quot;. Third party sends mail to first party claiming to be second party.

Spammers are scumbags. Why else do they hide?!





Surfinbox.com Business Internet Services - National Dialup, DSL, T-1 and more.
 
Upvote 0 Downvote
When you last left that machine, 10 years ago, did you leave your ISP connection DUN on the workstation, along with your resume stored on the hard disk drive?

I suspect whoever the new user was, they were &quot;tweaking&quot; you that leaving behind such valuable information was unwise of you.

I view the event as a gentle reminder that the new user of your old computer is removing things that you should have removed 10 years ago.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

litchi
  • Locked
  • Question
host headers
Replies
0
Views
252
litchi
litchi
chieftan
  • Locked
  • Question
Sonicwall E5500 and IP Spoofing
Replies
1
Views
44
cajuntank
cajuntank
jaguar222
  • Locked
  • Question
Email headers, IP addresses and MAC addresses
Replies
4
Views
333
Noway2
Noway2
peter360
  • Locked
  • Question
acknowledgement number in tcp header
Replies
1
Views
33
peter360
peter360
Shakey9
  • Locked
  • Question
IPv4 Header unused fields
Replies
2
Views
69
SamBones
SamBones

Part and Inventory Search

Sponsor

Back
Top