[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Virus - How to find real source from forged header

Subject: Re: [cobalt-security] Virus - How to find real source from forged header
From: Jaana Jarve <netcat@xxxxxxxxx>
Date: Fri, 8 Nov 2002 13:03:33 +0200 (EET)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Fri, 8 Nov 2002, Achieve Website Design wrote:

> I apologise if this is slightly off topic, but it is an issue which is
> affecting my Raq4. I have been receiving the "Braid" virus from one source

don't fret.
this is more on topic (security-wise) than most of the posts on this list
have been recently.

> Anyway, the 'from header' states that the virus is coming from one of my
> email addresses, but I am 99% that this is forged. My question is, how can
> find out the real email address from which this virus is being sent.

you can't. you can find out the IP from which the virus is being
sent. then you can use appropriate tools to find out whom the address
belongs to and technical/abuse contact addresses if you need them. Look at
the Received: lines in the full header.

rgds,
netcat

References:
- [cobalt-security] Virus - How to find real source from forged header
  - From: Achieve Website Design

Prev by Date: [cobalt-security] Virus - How to find real source from forged header
Next by Date: RE: [cobalt-security] Virus - How to find real source from forged header
Previous by thread: [cobalt-security] Virus - How to find real source from forged header
Next by thread: Re: [cobalt-security] Virus - How to find real source from forged header

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index