Gary Funck wrote:
>
> It is best to post the entire message as an attachment. In this case,
> I'd bet that the apparent Ebay link goes somewheree elese (do "view source"
> on the message).
Original message attached -- pretty much the same I think, as that
pasted was from a straight 'cat /var/mail/bhoover', but your 'dig' is
interesting.
Bryan
>
> As far as 66.135.209.220 goes:
>
> # dig -x 220.209.135.66 +recursive
>
> ; <<>> DiG 9.2.1 <<>> -x 220.209.135.66 +recursive
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5517
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
>
> ;; QUESTION SECTION:
> ;66.135.209.220.in-addr.arpa. IN PTR
>
> ;; ANSWER SECTION:
> 66.135.209.220.in-addr.arpa. 85659 IN PTR
> actkyo142066.adsl.ppp.infoweb.ne.jp.
>
> [snip]
>
> Compare this to a legit IP (pointing to a machine named 'data') in ebay.com:
>
> # dig -x 66.135.195.180 +recursive
>
> ; <<>> DiG 9.2.1 <<>> -x 66.135.195.180 +recursive
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33955
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 1
>
> ;; QUESTION SECTION:
> ;180.195.135.66.in-addr.arpa. IN PTR
>
> ;; ANSWER SECTION:
> 180.195.135.66.in-addr.arpa. 3600 IN PTR data.ebay.com.
> [snip]
>
> Thus, it looks as if the spoofed ebay message originated at:
> actkyo142066.adsl.ppp.infoweb.ne.jp
>
> -------------------------------------------------------
> This SF.net email is sponsored by: IBM Linux Tutorials.
> Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
> Free Linux Tutorials. Learn everything from the bash shell to sys admin.
> Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
--
My thinking is a passion. I am very good at rooting out truffles for
others; I myself take no pleasure in them. I root out the problems with
my snout, but all I can do with them is toss them back over my head. -
(Soren Kierkegaard - Either/Or)
http://www.wecs.com/content.htm
This signature file is generated by Pick-a-Tag !
Written by Jeroen van Vaarsel
http://www.google.com/search?hl=en&ie=ISO-8859-1&q=pick-a-tag
>From [EMAIL PROTECTED] Fri Dec 26 13:46:58 2003
Return-Path: <[EMAIL PROTECTED]>
Delivered-To: bhoover-wecs:[EMAIL PROTECTED]
X-Envelope-To: [EMAIL PROTECTED]
Received: (qmail 78353 invoked from network); 26 Dec 2003 13:46:58 -0000
Received: from mxsmfpool23.ebay.com (HELO mx47.smf.ebay.com) (66.135.209.220)
by coll.pair.com with SMTP; 26 Dec 2003 13:46:58 -0000
Received: from sjcbat01 (sjcbat01.sjc.ebay.com [10.6.37.40])
by mx47.smf.ebay.com (8.12.3/8.12.3) with SMTP id hBQDkRRt025990
for <[EMAIL PROTECTED]>; Fri, 26 Dec 2003 05:46:28 -0800
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
From: [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Subject: Changed eBay User ID
Date: Fri, 26 Dec 2003 05:46:27 PST
X-Spam-DCC: WEiAPG: coll.pair.com 1072; Body=1 Fuz1=1 Fuz2=126
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on
coll.pair.com
X-Spam-Level:
X-Spam-Status: No, hits=0.2 required=4.0 tests=BAYES_44,NO_REAL_NAME
autolearn=no version=2.60
X-Spam-Pyzor: Reported 0 times.
X-Spam-Report:
* 0.2 NO_REAL_NAME From: does not include a real name
* -0.0 BAYES_44 BODY: Bayesian spam probability is 44 to 50%
* [score: 0.4954]
Status: RO
Dear [EMAIL PROTECTED]
eBay is constantly working to provide a safer and easier trading experience for our
members. In our ongoing efforts to prevent unsolicited and possibly fraudulent email,
we have decided to allow only User IDs that do not include an email address. This
policy takes effect immediately.
Your User ID includes an email address, and must now be changed. To avoid any
interruption in your ability to trade on eBay, we have chosen a temporary User ID for
you:
New User ID: bhoover6iqa
Your password and email address on file have not been changed. You will not receive a
'Changed ID' icon because of this change.
If you would like to change your temporary User ID, please sign in at
http://pages.ebay.com/ with your new User ID. Then use the 'Change User ID' feature
(Preferences area of My eBay) to choose your new eBay User ID. If you have any
questions, you can learn more about the 'Change User ID' feature and how it works in
our Help section.
For more information on this policy regarding User IDs, refer to 'User ID Policy' in
Help at http://pages.ebay.com/.
Regards,
EBay
--------------------------------------------------------------
Copyright © 2003 eBay Inc. All Rights Reserved.
eBay will not request personal data (password, credit card/bank numbers) in an email.
Designated trademarks and brands are the property of their respective owners.
eBay and the eBay logo are trademarks of eBay Inc.
