Re: Everything gone!

James H. Cloos Jr. (cloos@jhcloos.com)
19 Mar 2003 16:18:59 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: David Mansfield: "Re: [ANNOUNCE] cvsps support for parsing BK->CVS kernel tree logs"
Previous message: Sam Ravnborg: "Re: [patch] 2.5.65-mjb1: lkcd: EXTRA_TARGETS is obsolete"

>>>>> "Richard" == Richard B Johnson <root@chaos.analogic.com> writes:

Richard> How did [they] do this?

If you look at the Received headers in the faked message, it actually
came to kernel.org from alog0102.analogic.com, from Analogic's
208.224.220.0/22 netblock, not from quark.analogic.com (in Analogic's
204.178.40.0/21 block) as it claimed:

Received: from alog0102.analogic.com ([208.224.220.117]:12804 "EHLO
quark.analogic.com") by vger.kernel.org with ESMTP
id <S263082AbTCSPfa>; Wed, 19 Mar 2003 10:35:30 -0500

If an analogic box was cracked, look at 208.224.220.117, not at quark.

The routing suggests they would not have been able to spoof the IP,
unless they did so over eg an 802.11 link at whatever site
208.224.220.0/22 is used.

-JimC

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Mansfield: "Re: [ANNOUNCE] cvsps support for parsing BK->CVS kernel tree logs"
Previous message: Sam Ravnborg: "Re: [patch] 2.5.65-mjb1: lkcd: EXTRA_TARGETS is obsolete"