[2276] in WWW Security List Archive
Re: Email Hack: Help.
daemon@ATHENA.MIT.EDU (David Tauzell)
Thu Jun 27 00:54:39 1996
Date: Wed, 26 Jun 1996 22:15:38 -0500 (CDT)
From: David Tauzell <tauzell@math.umn.edu>
To: Doug Breault <dbreault@ns.sprintout.com>
cc: World Wide Web Security <WWW-SECURITY@ns2.rutgers.edu>
In-Reply-To: <Pine.BSD/.3.91.960624123356.12305A-100000@ns.sprintout.com>
Errors-To: owner-www-security@ns2.rutgers.edu
Hi, we had a similar problem about two months ago. Carefully
examinination of the sendmail logs combined with web server logs showed
that it was probable the person was using Netscape on a Window's box to
fake email (this is quite easy with web browsers). We also traced the
connection to a university in Canada. Anyway, we reported the incident to
postmaster at that university and we recieved a reply a few days later
saying that they had apprehended the abuser. The point is... check your
logs and send out a few friendly letters and you might be able to find the
guy (or gal).
---
David Tauzell Math Dept. Systems Staff
Office Phone: 625-4895
