any known users of NetRange 172.16.0.0 - 172.31.255.255
Joe
joej at rocknyou.com
Fri Sep 27 04:08:24 UTC 2002
Depending on the content of the headers, this address
can be "injected" into the flow of the email. This is very
easy to do. The important thing to look at regarding the
headers from such an email are the last few transactions
I would suspect that the first few lines read IPs that are
familiar to you, that is your smtp server handling an email from
some foriegn source, than past that another foriegn source
IP. The begining IP address (this 172.17.x.x) probably starts
the whole thing out and has actually been forged or placed
there from some virtual lan that NATs out to its internet provider.
Remember that reading the headers is a bit backwards. The top is
the latest, while the headers close to the Subject or From To lines
are the origin.
Hope this offers some insite.
-Joe
More information about the NANOG
mailing list