From owner-freebsd-security@FreeBSD.ORG  Tue Sep  6 10:57:31 2011
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0DADC1065670
	for <freebsd-security@freebsd.org>;
	Tue,  6 Sep 2011 10:57:31 +0000 (UTC) (envelope-from fabian@wenks.ch)
Received: from batman.home4u.ch (batman.home4u.ch [IPv6:2001:8a8:1005:1::2])
	by mx1.freebsd.org (Postfix) with ESMTP id 9A15E8FC19
	for <freebsd-security@freebsd.org>;
	Tue,  6 Sep 2011 10:57:30 +0000 (UTC)
X-Virus-Scanned: amavisd-new at home4u.ch
Received: from flashback.wenks.ch (fabian@flashback.wenks.ch [62.12.173.4])
	(authenticated bits=0)
	by batman.home4u.ch (8.14.4/8.14.4) with ESMTP id p86AvTsi033875
	(version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO)
	for <freebsd-security@freebsd.org>;
	Tue, 6 Sep 2011 12:57:29 +0200 (CEST) (envelope-from fabian@wenks.ch)
Message-ID: <4E65FC99.4050307@wenks.ch>
Date: Tue, 06 Sep 2011 12:57:29 +0200
From: Fabian Wenk <fabian@wenks.ch>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US;
	rv:1.9.2.21) Gecko/20110830 Thunderbird/3.1.13
MIME-Version: 1.0
To: freebsd-security@freebsd.org
References: <4e627e90.1250640a.5c76.2907SMTPIN_ADDED@mx.google.com>	<CAASvXNs3Wv3xenLVqU1hdErSQFH0OYZ_nevKovB0Ns9XqqPt9w@mail.gmail.com>	<20110904181948.549f3c93@gumby.homeunix.com>
	<4E63E705.9010707@wenks.ch>
In-Reply-To: <4E63E705.9010707@wenks.ch>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: Which algorithm is used for IP fragmentation ID?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Sep 2011 10:57:31 -0000

Hello

Just for your information.

On 04.09.2011 23:00, Fabian Wenk wrote:
> Do you see some other e-mail address (or hostname / IP address) in
> the header lines of the e-mail? Or do you see the URL where the
> "click here" is pointing to (better do not click on them)?

Ian had answered privately to me with the details. According to 
it, this e-mail tries to trick the reader into clicking a link (if 
the image is not visible, which would be loaded from a remote URL) 
to probably verify the e-mail address of the receiver. Luckily the 
URLs are (probably wrongfully) pointing to click.freebsd.org which 
does not exists. The e-mail use a faked sender address which is 
set to freebsd-security@freebsd.org, but according to the header 
lines the e-mail was not sent from a system belonging to the 
FreeBSD project.

I have sent an e-mail with all the details to the admins of the 
mailing list, as I suspect we have a rouge subscriber in the list.


bye
Fabian