Re: Suspected Intruder

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2005-01-06 at 15:49 +0000, Paul Howarth wrote:
> Don Flinn wrote:
> > I suspect that an intruder may be using my node to send e-mail, because
> > I have received some notices from my e-mail daemon that such and such
> > was not available when I never sent e-mail to that person/address.
> > 
> > How do I check if someone is logged in/using my machine?  I'm running
> > FC3.
> 
> Please post the full headers of one of these notices. It's possible that 
> you're just getting backscatter due to a virus somewhere else forging 
> your address as the sender.
> 
> Paul.
> 

Paul

Here is the info from the Mail Daemon (For clarity my name is not
Monika :-).  Some others on this mailing list also speculated that
someone is spoofing my address and have not compromised my machine.
Thanks to all for your suggestions.

Don

------ Mail daemon message follows ------------
Reporting-MTA: dns; rly-nc05.mx.aol.com
Arrival-Date: Thu, 30 Dec 2004 10:50:31 -0500 (EST)

Final-Recipient: RFC822; beachboy99@xxxxxxxxxxxx
Action: failed
Status: 5.1.1
Remote-MTA: DNS; air-nc02.mail.aol.com
Diagnostic-Code: SMTP; 550 MAILBOX NOT FOUND
Last-Attempt-Date: Thu, 30 Dec 2004 10:50:55 -0500 (EST)


Received: from  31.red-212-40-232.user.auna.net
(31.red-212-40-232.user.auna.net [212.40.232.31]) by rly-nc05.mx.aol.com
(v103.7) with ESMTP id MAILRELAYINNC56-68c41d423a72b4; Thu, 30 Dec 2004
10:50:18 -0500
Date: Thu, 30 Dec 2004 15:43:33 +0000
From: Monika <flinn@xxxxxxxxxxxx>
To: beachboy99@xxxxxxxxxxxx
Subject: =?Windows-1251?B?1OXp5fDi5fDq6CDu8iDv8O7o5+Lu5Ojy5ev/IO/uIO3o5
+ro7CD25e3g7C4=?=
MIME-Version: 1.0
Content-Type: multipart/related;
 boundary="----------6BE01FA8FBDE43307081C8A850"
X-AOL-IP: 212.40.232.31
X-AOL-SCOLL-SCORE: 0:2:31266268:1342177
X-AOL-SCOLL-URL_COUNT: 0
Message-ID: <200412301050.68c41d423a72b4@xxxxxxxxxxxxxxxxxxx>


-- 
Don Flinn
President, Flint Security LLC
Tel: 781-856-7230
Fax: 781-631-7693
http://flintsecurity.com


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux