[52366] in North American Network Operators' Group
Re: any known users of NetRange 172.16.0.0 - 172.31.255.255
daemon@ATHENA.MIT.EDU (Joe)
Fri Sep 27 00:09:32 2002
From: "Joe" <joej@rocknyou.com>
To: <nanog@merit.edu>
Date: Fri, 27 Sep 2002 00:08:24 -0400
Errors-To: owner-nanog-outgoing@merit.edu
Depending on the content of the headers, this address
can be "injected" into the flow of the email. This is very
easy to do. The important thing to look at regarding the
headers from such an email are the last few transactions
I would suspect that the first few lines read IPs that are
familiar to you, that is your smtp server handling an email from
some foriegn source, than past that another foriegn source
IP. The begining IP address (this 172.17.x.x) probably starts
the whole thing out and has actually been forged or placed
there from some virtual lan that NATs out to its internet provider.
Remember that reading the headers is a bit backwards. The top is
the latest, while the headers close to the Subject or From To lines
are the origin.
Hope this offers some insite.
-Joe
