Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Wed, 19 Mar 2003 16:08:15 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Wed, 19 Mar 2003 16:08:15 -0500 Received: from ore.jhcloos.com ([64.240.156.239]:2053 "EHLO ore.jhcloos.com") by vger.kernel.org with ESMTP id ; Wed, 19 Mar 2003 16:08:14 -0500 To: "Richard B. Johnson" Cc: linux-kernel@vger.kernel.org Subject: Re: Everything gone! References: From: "James H. Cloos Jr." In-Reply-To: Date: 19 Mar 2003 16:18:59 -0500 Message-ID: User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.1 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1003 Lines: 20 >>>>> "Richard" == Richard B Johnson writes: Richard> How did [they] do this? If you look at the Received headers in the faked message, it actually came to kernel.org from alog0102.analogic.com, from Analogic's 208.224.220.0/22 netblock, not from quark.analogic.com (in Analogic's 204.178.40.0/21 block) as it claimed: Received: from alog0102.analogic.com ([208.224.220.117]:12804 "EHLO quark.analogic.com") by vger.kernel.org with ESMTP id ; Wed, 19 Mar 2003 10:35:30 -0500 If an analogic box was cracked, look at 208.224.220.117, not at quark. The routing suggests they would not have been able to spoof the IP, unless they did so over eg an 802.11 link at whatever site 208.224.220.0/22 is used. -JimC - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/