[2277] in WWW Security List Archive
Re: Email Hack: Help.
daemon@ATHENA.MIT.EDU (T Kruger)
Thu Jun 27 01:47:20 1996
Date: Wed, 26 Jun 1996 23:01:03 -0700
From: T Kruger <krugertl@apci.net>
Reply-To: krugertl@apci.net
To: Web Security <www-security@ns2.rutgers.edu>,
Doug Breault <dbreault@ns.sprintout.com>
Errors-To: owner-www-security@ns2.rutgers.edu
Doug Breault wrote:
>
> Hello Everyone,
>
> We've got a problem here with a hacker. There's some punk
> apparently hacking a mail server somewhere and sending BS postings all over
> the net regarding get rich quick schemes, etc - from a non-existent
> account on our server. They've done it twice so far, from two different
> non-existent accounts.
>
> 1. Is there any authority who we can call about this type of incident?
> 2. What are the methods one uses to do fake these FROM fields? And is
> there a way to prevent it?
> 3. What are the limits of prosecution available, is it typical US justice
> where even if they're caught red handed, nothing is done?
>
> In addition, the culprit is apparently from Canada (from one of the
> mail-me-some-cash addresses contained in the get-rich-quick letter)...which
> is a long drive, but not so long that I won't make it to solve this
> problem if necessary.
>
> All information will be greatly appreciated.
> Best regards,
> Doug
***********
Unless you're using some type of email authentication scheme, there is
little to nothing you can do to stop bogus E-mail with a spoofed FROM.
Routers will route, they don't care about source, only destination.
Assuming that your own Email address is being spoofed, you can't exactly
firewall yourself from the system. It is fairly simple to spoof SMTP and
it is only by the good grace of those on the Internet that the problem
isn't worse.
Good Luck.
Tim Kruger
