Bugger ... Re: [LINK] Hi
reagan at whatever.net.au
Mon Jan 19 12:48:23 EST 2004
On Mon, 2004-01-19 at 10:45, Jim Birch wrote:
> Not sure how much of this stuff you know (don't be offended) but anyway...
> 1. I wouldn't be totally sure it didn't come from your machine. The
> first mail server to handle the message was bat.melbpc.org.au Who is
> allowed to relay to the net via that server? First guess is this is
> you or someone else who talks to Link at your domain (melbpc.org.au) as
> the infected machine knows Link's email address.
Wrong. bat.melbpc.org.au was the last mail server to handle the message
(ie, the final destination) This really isn't very suprising, as
Stephen received the message on his MelbPC account. The first injection
point was a machine calling itself IBM-HP786NMYGBG on IP address
220.127.116.11 which is assigned to Network Services IBM GSA, in Sydney,
according to whois lookups. Sean Davies <seand at au1.ibm.com> is the
contact listed for that netblock.
More information about the Link