Date: Tue, 06 Sep 2011 12:57:29 +0200 From: Fabian Wenk <fabian@wenks.ch> To: freebsd-security@freebsd.org Subject: Re: Which algorithm is used for IP fragmentation ID? Message-ID: <4E65FC99.4050307@wenks.ch> In-Reply-To: <4E63E705.9010707@wenks.ch> References: <4e627e90.1250640a.5c76.2907SMTPIN_ADDED@mx.google.com> <CAASvXNs3Wv3xenLVqU1hdErSQFH0OYZ_nevKovB0Ns9XqqPt9w@mail.gmail.com> <20110904181948.549f3c93@gumby.homeunix.com> <4E63E705.9010707@wenks.ch>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Just for your information. On 04.09.2011 23:00, Fabian Wenk wrote: > Do you see some other e-mail address (or hostname / IP address) in > the header lines of the e-mail? Or do you see the URL where the > "click here" is pointing to (better do not click on them)? Ian had answered privately to me with the details. According to it, this e-mail tries to trick the reader into clicking a link (if the image is not visible, which would be loaded from a remote URL) to probably verify the e-mail address of the receiver. Luckily the URLs are (probably wrongfully) pointing to click.freebsd.org which does not exists. The e-mail use a faked sender address which is set to freebsd-security@freebsd.org, but according to the header lines the e-mail was not sent from a system belonging to the FreeBSD project. I have sent an e-mail with all the details to the admins of the mailing list, as I suspect we have a rouge subscriber in the list. bye Fabian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E65FC99.4050307>