From owner-freebsd-security@FreeBSD.ORG Sun Sep 4 21:01:02 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B4E9E1065670 for ; Sun, 4 Sep 2011 21:01:02 +0000 (UTC) (envelope-from fabian@wenks.ch) Received: from batman.home4u.ch (batman.home4u.ch [IPv6:2001:8a8:1005:1::2]) by mx1.freebsd.org (Postfix) with ESMTP id 0D65E8FC08 for ; Sun, 4 Sep 2011 21:01:01 +0000 (UTC) X-Virus-Scanned: amavisd-new at home4u.ch Received: from flashback.wenks.ch (fabian@flashback.wenks.ch [62.12.173.4]) (authenticated bits=0) by batman.home4u.ch (8.14.4/8.14.4) with ESMTP id p84L0r8q037589 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for ; Sun, 4 Sep 2011 23:00:59 +0200 (CEST) (envelope-from fabian@wenks.ch) Message-ID: <4E63E705.9010707@wenks.ch> Date: Sun, 04 Sep 2011 23:00:53 +0200 From: Fabian Wenk User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.21) Gecko/20110830 Thunderbird/3.1.13 MIME-Version: 1.0 To: freebsd-security@freebsd.org References: <4e627e90.1250640a.5c76.2907SMTPIN_ADDED@mx.google.com> <20110904181948.549f3c93@gumby.homeunix.com> In-Reply-To: <20110904181948.549f3c93@gumby.homeunix.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Which algorithm is used for IP fragmentation ID? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Sep 2011 21:01:02 -0000 Hello Ian Sorry, that I can not help on your initial question, but something with the e-mail you got is very strange. On 04.09.2011 19:19, RW wrote: > On Sun, 4 Sep 2011 18:04:37 +0200 > ian ivy wrote: > >> Hello, >> Sorry, but link and images are unreached for me, so >> I do not have chance to review it. It seems that OpenDNS >> is blocking this site, probably due to some enabled filters. > > You replied to a spam. At first, it looks like an ordinary out of office message, but then it is more then a spam or something else which tries to trick the reader into clicking an URL, which eventually could hurt your computer. The answer you received had only be sent to you and not to the whole mailing list. It is strange, that it has the sender set to freebsd-security@freebsd.org. Do you see some other e-mail address (or hostname / IP address) in the header lines of the e-mail? Or do you see the URL where the "click here" is pointing to (better do not click on them)? If you could provide the details, then this "fake" subscriber can probably be removed and blocked by the list admins. It looks like this has some system, as I found the same question about this e-mail in archives of other mailing lists, eg. [1], [2] (several in the left pane) and [3] (even on full-disclosure, with faked sender address of the original sender). [1] http://www.mail-archive.com/django-users@googlegroups.com/msg125720.html [2] http://markmail.org/message/z2lxq5mf35cgow5l [3] http://lists.grok.org.uk/pipermail/full-disclosure/2011-August/082161.html bye Fabian