[lbo-talk] Re:

budge budge at el-pleasant.org
Fri Jul 23 07:29:29 PDT 2004

Previous message: [lbo-talk] Re:
Next message: [lbo-talk] Balkan sobranies
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Search LBO-Talk Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort

On Fri, 23 Jul 2004 at 8:11am snit snat wrote:
>
> I'm still trying to figure out how that got by, though I
> haven't spent a lot of time on it. You've got the list set
> to reject messages over 22k or something, so it should
> reject an attachment since they're usually bigger than
> 22k. OTOH, this attachment may just be small enough to
> slip by. I didn't take a look at it and am now too lazy to
> retrieve it so i can look at the code.

this attachment turned out to be 0 bytes long, so it must have been sent by an incompetent virus writer :-)

> At any rate, blocking Dano's email address should work, but the infected
> machine doesn't belong to Dano. The machine sending the malware is from
> ILSTU.edu and it's spoofing Dano's address. I'll write Carrol to see if he
> knows he needs to clean up his machine--if indeed it's Carrol's machine.
>
> This was in the headers of the malware laden mail, time stamped CST:
> Received: from crdavis.net (isu134152.ilstu.edu [138.87.134.152])
> Date: Thu, 22 Jul 2004 15:15:11 -0600

which i'm guessing is some end user peecee (dorm?) on the campus. carrol's mails are injected into ilstu's system from 1918 addys (10.100.x.x.) which i'm gussing is a nat pool they assign to dialup users because the next hop is in routable space with DNS smtp[1,2,3].ilstu.edu.

-- no Onan

Truth is the most valuable thing we have - so let us economize it.

-- Mark Twain

Previous message: [lbo-talk] Re:
Next message: [lbo-talk] Balkan sobranies
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the lbo-talk mailing list