[Coco] Re: Not sure about the Barden issue
John E. Malmberg
wb8tyw at qsl.net
Tue Jul 27 23:07:03 EDT 2004
Dennis Bathory-Kitsz wrote:
> At 04:05 PM 7/27/04 -0400, James Dessart wrote:
>
>>They all seem to have been submitted from the same IP address...
>>including the original email sent to the list.
>
> I overlooked the X-Originating-IP line the first time, which was Charter
> Communications, identifying the cable customer. I have filed an abuse notice.
> The original mail came from Hotmail, however, so I'm guessing it's still
> legit.
The original mail from Hotmail also came from the same computer through
the HTTP interface to Hotmail.
If they hacked Boisy's shell account, then they had to use a web browser
to do the sending. For a shell account, that would be LYNX.
But there is another clue that gives things away, the text format of the
e-mail is "format/flowed", which as far as I know is only set by
Netscape Navigator and Mozilla.
To use Mozilla or Navigator, would indicate that an x-11 outgoing
session was created. On my system setup, the I.P. address of the
display would show up in at least one log. Which means that it still
may be possible to track who did the breakin.
-John
wb8tyw(at)qsl.net
Personal Opinion Only
More information about the Coco
mailing list