From owner-freebsd-hackers@FreeBSD.ORG  Sun Feb 29 16:50:38 2004
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3B51216A4D0
	for <hackers@freebsd.org>; Sun, 29 Feb 2004 16:50:38 -0800 (PST)
Received: from sccrmhc12.comcast.net (sccrmhc12.comcast.net [204.127.202.56])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E4A5F43D2F
	for <hackers@freebsd.org>; Sun, 29 Feb 2004 16:50:37 -0800 (PST)
	(envelope-from julian@elischer.org)
Received: from interjet.elischer.org ([24.7.73.28])
          by comcast.net (sccrmhc12) with ESMTP
          id <2004030100503601200gupite>; Mon, 1 Mar 2004 00:50:36 +0000
Received: from localhost (localhost.elischer.org [127.0.0.1])
	by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id QAA50016
	for <hackers@freebsd.org>; Sun, 29 Feb 2004 16:50:35 -0800 (PST)
Date: Sun, 29 Feb 2004 16:50:34 -0800 (PST)
From: Julian Elischer <julian@elischer.org>
To: hackers@freebsd.org
Message-ID: <Pine.BSF.4.21.0402291639340.27862-100000@InterJet.elischer.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Subject: SPAM/virii apparently from freeBSD addresses.
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Mar 2004 00:50:38 -0000


Somewhere out there there is a ?Virus?/?Hacker?/?Spammer?
getting really annoying..

take this one for example:.. It has a legit FreeBSD from 
address of someone I'd read, and a subject line that I've seen before on
this list, and all sorts of other forgery stuff.

>From julian@elischer.org Sun Feb 29 16:29:03 2004 -0800
Status: R
X-Status:
X-Keywords:
Return-Path: <jake@freebsd.org>
Received: from mx2.freebsd.org (mx2.freebsd.org [216.136.204.119])
        by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id QAA49824
        for <julian@elischer.org>; Sun, 29 Feb 2004 16:29:00 -0800 (PST)
From: jake@freebsd.org
Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18])
        by mx2.freebsd.org (Postfix) with ESMTP id A83295576A
        for <julian@elischer.org>; Sun, 29 Feb 2004 16:28:59 -0800 (PST)
        (envelope-from jake@freebsd.org)
Received: by hub.freebsd.org (Postfix)
        id A421316A4CF; Sun, 29 Feb 2004 16:28:59 -0800 (PST)
Delivered-To: julian@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
        by hub.freebsd.org (Postfix) with ESMTP id A10F516A4CE
        for <julian@freebsd.org>; Sun, 29 Feb 2004 16:28:59 -0800 (PST)
Received: from freebsd.org (unknown [210.66.161.77])
        by mx1.FreeBSD.org (Postfix) with SMTP id 419AB43D39
        for <julian@freebsd.org>; Sun, 29 Feb 2004 16:28:50 -0800 (PST)
        (envelope-from jake@freebsd.org)
To: julian@freebsd.org
Subject: stolen
Date: Mon, 1 Mar 2004 08:29:23 +0800
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="04136376"
Message-Id: <20040301002850.419AB43D39@mx1.FreeBSD.org>
[...] (spam deleted)

This damned thing is obviously using a real mail as a template..
the only thing that it hasn't been able to spoof is the 
originating IP address.. in taiwan somewhere.


[InterJet.elischer.org] 346 traceroute 210.66.161.77
traceroute to 210.66.161.77 (210.66.161.77), 30 hops max, 40 byte
packets
 1  10.144.192.1 (10.144.192.1)  13.072 ms  10.885 ms  10.212 ms
 2  12.244.97.97 (12.244.97.97)  11.357 ms  9.902 ms  11.117 ms
 3  12.244.67.86 (12.244.67.86)  13.140 ms  23.507 ms  11.977 ms
 4  12.124.35.57 (12.124.35.57)  16.431 ms  25.404 ms  38.147 ms
 5  gbr6-p80.sffca.ip.att.net (12.123.13.154)  20.889 ms  16.106 ms
15.797 ms
 6  tbr2-p013601.sffca.ip.att.net (12.122.11.93)  26.930 ms  15.280 ms
16.038 m
s
 7  ggr2-p390.sffca.ip.att.net (12.123.13.194)  14.605 ms  31.905 ms
39.139 ms
 8  p16-0-1-1.r20.plalca01.us.bb.verio.net (129.250.9.73)  21.166 ms
36.620 ms
 16.578 ms
 9  xe-0-2-0.r21.plalca01.us.bb.verio.net (129.250.4.231)  24.247 ms
22.128 ms
 22.849 ms
10  p64-0-0-0.r21.mlpsca01.us.bb.verio.net (129.250.5.49)  35.048 ms
27.652 ms
 24.794 ms
11  p16-6-0-0.r80.mlpsca01.us.bb.verio.net (129.250.3.24)  17.962 ms
18.794 ms
 23.245 ms
12  p16-0-2-0.r20.tokyjp01.jp.bb.verio.net (129.250.4.154)  131.523 ms
131.186
ms  139.967 ms
13  ge-0-0-0.r00.tokyjp01.jp.bb.verio.net (129.250.3.121)  152.421 ms
146.529 m
s  145.884 ms
14  p4-0-2-0.r00.taiptw01.tw.bb.verio.net (129.250.4.214)  198.825 ms
190.690 m
s  185.596 ms
15  ge-0-0-0.a01.taiptw01.tw.ra.verio.net (61.58.32.35)  182.409 ms
184.256 ms
 185.005 ms
16  61.58.33.106 (61.58.33.106)  179.527 ms  175.598 ms  182.063 ms
17  R59-169.seed.net.tw (139.175.59.169)  184.325 ms  177.720 ms
176.060 ms
18  R56-210.seed.net.tw (139.175.56.210)  181.436 ms  177.463 ms
176.991 ms
19  R58-178.seed.net.tw (139.175.58.178)  178.742 ms  183.660 ms
179.474 ms
20  sh38-33.seed.net.tw (139.175.38.33)  183.048 ms  181.770 ms  186.065
ms
21  h170-192-72-33.seed.net.tw (192.72.33.170)  189.714 ms  185.537 ms
196.507
ms
22  *^C
[InterJet.elischer.org]