Mailinglist Archive: opensuse-security (220 mails)

< Previous Next >
Re: [suse-security] fw.suse.com compromised?
  • From: John Andersen <jsa@xxxxxxxxxxxxxx>
  • Date: Sat, 1 Nov 2003 00:08:03 -0900
  • Message-id: <200311010008.03338.jsa@xxxxxxxxxxxxxx>
On Friday 31 October 2003 23:53, Chris Donaldson wrote:
> Kastus wrote:
> >Hello,
> >
> >I just received a james virus message originated at fw.suse.com
> > (209.3.226.225) I checked both mail log and firewall log, connection was
> > from 209.3.226.225
> >
> >Did anybody else receive that? Does it mean that fw.suse.com was
> >compromised?
> >
> >Thanks, -Kastus
>
> Generally that just means someone just spoofed the from header on the
> email and not comprimised anything... It's a pretty simple process and
> spammers have a habit of doing it fairly regularly.
>
> --
> Chris

Chris, you didn't read what Kastus said. He check the firewall log
and the mail log. Thats significantly harder to fake than a mail header.

--
_____________________________________
John Andersen

< Previous Next >
List Navigation
References