. . . From the firewalls list (also on greatcircle,) the
following was posted. I assumed that the info had been imparted in
this list, but from recent posts here, perhaps not. It confirmed my
suspicion about the VM header in the address stream.
cheers,
fj..
===========================================================================
Franklin R. Jones, K.A.C. Unix OS & Network Specialist
Paranet, Inc.
consultant to: USWest Service Assurance 7900 E. Union Ave,Suite 1100
frjones@sa.mnet.uswest.com Denver, Colorado 80237
===========================================================================
------- Forwarded Message
Return-Path: firewalls-owner@GreatCircle.COM
Return-Path: <firewalls-owner@GreatCircle.COM>
Received: from westhub (westhub.mnet.uswest.com) by lms1 (5.x/SMI-SVR4)
id AA17360; Mon, 24 Jul 1995 20:49:15 -0600
Received: by westhub.mnet.uswest.com (M-Net Hub.950111)
Received: from relay4.UU.NET (relay4.UU.NET [192.48.96.14]) by uswat.advtech.uswest.com (8.6.12/8.6.12) with ESMTP id UAA22491 for <frjones@sa.mnet.uswest.com>; Mon, 24 Jul 1995 20:48:47 -0600
Received: from miles.greatcircle.com by relay4.UU.NET with ESMTP
id QQyzvu02438; Mon, 24 Jul 1995 22:44:25 -0400
Received: (majordom@localhost) by miles.greatcircle.com (8.6.9/Miles-950430-1) id SAA09529 for firewalls-outgoing; Mon, 24 Jul 1995 18:12:30 -0700
Received: from hopi.dtcc.edu (hopi.dtcc.edu [138.123.84.240]) by miles.greatcircle.com (8.6.9/Miles-950430-1) with SMTP id OAA17013 for <firewalls@greatcircle.com>; Sun, 23 Jul 1995 14:40:43 -0700
Received: by hopi.dtcc.edu (5.4R3.10/200.1.1.4)
id AA28117; Sun, 23 Jul 1995 17:39:33 -0400
Date: Sun, 23 Jul 1995 17:39:32 -0400 (EDT)
From: Ken Weaverling <weave@hopi.dtcc.edu>
To: firewalls@GreatCircle.COM
Subject: Olga mystery solved
In-Reply-To: <v02120c54ac35f32414cd@[198.102.244.36]>
Message-Id: <Pine.D-G.3.91.950723172408.27787A-100000@hopi.dtcc.edu>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: firewalls-owner@GreatCircle.COM
Precedence: bulk
content-length: 1546
On Fri, 21 Jul 1995, Brent Chapman wrote:
> >was physics1.byu.edu and utepvm.ep.utexas.edu doing? (Yes, yes, I noticed
> >that the utexas system is running IBM VM - all bets are off).
>
> That I can't help you with...
In an attempt to squelch the noise here lately, I offer the following news:
The mystery behind the identity of the Olga poster has been solved.
Complete details are in news.admin.net-abuse.misc.
In summary:
IBM VM systems are brain dead and believe anything you tell them in
the HELO conversation of sendmail, and insert that into received-by:
headers without verification. The mail never touched BYU, so lay off the
postmaster there.
The message originally came from the University of Utah, from an account
owned by R. Brock. This was determined by mailing list managers of
majordomo sites confirming who sent LISTS commands to these sites around
June 29. This user came up time and time again.
What STILL has to be determined is whether or not Mr. Brock did this
himself or the account was broken into. Regardles, U of U is aware of
it, and you can rest assured they are looking into it.
But don't expect further satisfaction. U.S. educational institutions are
prohibited by law from disclosing what -- if any -- disciplinary measures
are taken against students.
NOW, can we get back to discussions regarding firewalls -- PLEASE!!!
- --
Ken Weaverling weave@dtcc.edu |*|
Manager of Computer Services |*|
Stanton/Wilmington Campuses of |*|
Delaware Technical & Community College |*|
------- End of Forwarded Message
References:
|
|
