[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Snowhite and the Seven Dwarfs - The REAL story!
From: |
Martin Hamilton |
Subject: |
Re: Snowhite and the Seven Dwarfs - The REAL story! |
Date: |
Tue, 16 Jan 2001 06:42:01 -0500 |
User-agent: |
Mutt/1.2.5i |
Hi - I'm afraid we don't have the resources to do sp*m canning and virus
checking on the GNU mailhubs, and the mailer log files have already
rotated for 3rd January, so any evidence is gone :-(
Cheers,
Martin
On Wed, Jan 03, 2001 at 09:57:31AM +0900, Chiaki Ishikawa wrote:
> X-PMC-CI-e-mail-id: 14378
>
> This joke stuff which presumably carries with it a
> trojan (or a virus) software for Win platform has
> been going on so many times. Enough is enough.
> (Just check joke.exe or snowwhite joke.exe at
> http://www.googole.com
> sysid worm seems to be the common name given
> to it.)
>
> Will someone at gnu.org who can look at
> their mail system log PLEASE COMPLAIN to the
> ISP from where these postings come?
>
> Many big ISPs take very responsible attitude
> by canceling the subscriber membership immediately
> if the clearly recorded log info for
> spamming/port probing/other abuse is presented.
>
> I ask the people at gnu.org because
> the header line(s) produced can only be checked
> by the mail host where these joke postings were first
> received.
>
>
>
> > id 14DBJN-0004Hc-00; Mon, 01 Jan 2001 15:12:05 -0500
> >Received: from adsl-80-132-16.msy.bellsouth.net ([65.80.132.16]
> >helo=mikes-computer)
> >
>
> If I were to believe the header line above,
> the post came from bellsouth.
> But only someone at gnu.org (fencepost.gnu.org)
> can verify the authenticity of the particular
> header line. (I mean, to the receiving end of these
> mailing list distribution, anything
> before the fencepost.gnu.org header line (and itself)
> might as well be forged. We have no way of knowing...)
> Only people at fencepost.gnu.org can confirm
> if the above header line is generated by fencepost.gnu.org
> and can be trusted.
>
> Oh well, I am writing to gnu.org since
> I believe in the following header line which
> is produced locally.
>
> >Received: from unknown(199.232.76.164) by sparc11 via
> >smap/slg/sizecheck/clearerr (V1.3)
>
> I have no idea why 199.232.76.164 was not resolved
> by my local mail gateway quickly.
> Since 199.232.76.162 is NS1.GNU.ORG from my whois lookup,
> I think 199.232.76.164 is probably part of gnu.org.
> I just checked my local DNS and indeed
> 199.232.76.164 is fencepost.gnu.org.
>
> : www:/new-home/ ; nslookup 199.232.76.164
> ...
> Name: fencepost.gnu.org
> Address: 199.232.76.164
> Aliases: 164.76.232.199.in-addr.arpa
>
> I am
> commenting on the following abridged post:
>
> --- begin quote
> Received: from sparc11.personal-media.co.jp (sparc11 [192.9.200.11])
> by sparc18.personal-media.co.jp
> (8.9.1a/3.7W-no-mx-sparc18-map-size-limit-with-ipaddress-hack) with ESMTP id
> FAA19261;
> Tue, 2 Jan 2001 05:13:00 +0900 (JST)
> Received: (from address@hidden)
> by sparc11.personal-media.co.jp (8.9.1a/3.7W-u48-mx-size-limit-fork) id
> FAA13734
> for <address@hidden>; Tue, 2 Jan 2001 05:12:55 +0900 (JST)
> Received: from unknown(199.232.76.164) by sparc11 via
> smap/slg/sizecheck/clearerr (V1.3)
> with ESMTP id sma013732; Tue Jan 2 05:12:44 2001
> Received: from localhost ([127.0.0.1] helo=fencepost.gnu.org)
> by fencepost.gnu.org with esmtp (Exim 3.16 #1 (Debian))
> id 14DBJN-0004Hc-00; Mon, 01 Jan 2001 15:12:05 -0500
> Received: from adsl-80-132-16.msy.bellsouth.net ([65.80.132.16]
> helo=mikes-computer)
> by fencepost.gnu.org with smtp (Exim 3.16 #1 (Debian))
> id 14DBIJ-0004Gq-00
> for <address@hidden>; Mon, 01 Jan 2001 15:11:00 -0500
> From: Hahaha <address@hidden>
> Subject: Snowhite and the Seven Dwarfs - The REAL story!
> MIME-Version: 1.0
> Content-Type: multipart/mixed; boundary="--VEZ0DAFWXA741QFWHUFOPIF8HEV"
> Message-Id: <address@hidden>
> Sender: address@hidden
> Errors-To: address@hidden
> X-BeenThere: address@hidden
> X-Mailman-Version: 2.0
> Precedence: bulk
> List-Help: <mailto:address@hidden>
> List-Post: <mailto:address@hidden>
> List-Subscribe: <http://mail.gnu.org/mailman/listinfo/bug-glibc>,
> <mailto:address@hidden>
> List-Id: Bug reports for the GNU standard C library <bug-glibc.gnu.org>
> List-Unsubscribe: <http://mail.gnu.org/mailman/listinfo/bug-glibc>,
> <mailto:address@hidden>
> List-Archive: <http://mail.gnu.org/pipermail/bug-glibc/>
> Date: Mon, 01 Jan 2001 15:11:00 -0500
>
> ----VEZ0DAFWXA741QFWHUFOPIF8HEV
> Content-Type: text/plain; charset="us-ascii"
>
> Today, Snowhite was turning 18. The 7 Dwarfs always where very educated and
> polite with Snowhite. When they go out work at mornign, they promissed a
> *huge* surprise. Snowhite was anxious. Suddlently, the door open, and the
> Seven
> Dwarfs enter...
>
>
> ----VEZ0DAFWXA741QFWHUFOPIF8HEV
> Content-Type: application/octet-stream; name="joke.exe"
> Content-Transfer-Encoding: base64
> Content-Disposition: attachment; filename="joke.exe"
>
> ... contents omitted ...
>
> ----VEZ0DAFWXA741QFWHUFOPIF8HEV--
>
>
> --- end quote
>
>
>
> --
> Ishikawa, Chiaki address@hidden or
> (family name, given name) address@hidden
> Personal Media Corp. ** Remove .NoSpam at the end before use **
> Shinagawa, Tokyo, Japan 142-0051
>
>
- Snowhite and the Seven Dwarfs - The REAL story!, Hahaha, 2001/01/01
- Re: Snowhite and the Seven Dwarfs - The REAL story!, Chiaki Ishikawa, 2001/01/02
- Re: Snowhite and the Seven Dwarfs - The REAL story!,
Martin Hamilton <=
- Re: Snowhite and the Seven Dwarfs - The REAL story!, Chiaki Ishikawa, 2001/01/16
- Re: Snowhite and the Seven Dwarfs - The REAL story!, Chiaki Ishikawa, 2001/01/16
- Re: Snowhite and the Seven Dwarfs - The REAL story!, Martin Hamilton, 2001/01/23
- Re: Snowhite and the Seven Dwarfs - The REAL story!, Chiaki Ishikawa, 2001/01/24
- Re: Snowhite and the Seven Dwarfs - The REAL story!, Martin Hamilton, 2001/01/24
- Re: Snowhite and the Seven Dwarfs - The REAL story!, Chiaki Ishikawa, 2001/01/24