Re: Another request for passwords

[dougmc () comco com (Doug McLaren)]

In article <199410232140.QAA14685 () pentagon io com> you write:
| Justin J. Lister wrote:
| >>Seems like someone is knocking on io.com now.
| >Dont think so, more like someone has obtained few mailing lists or
| >account names from irc (or the likes).
| 
| actually, from the number of people that received the mail here,
| i believe that whoever it was just used finger @io.com.

I got it too, mailed to dougmc () slip-x-y ots utexas edu.
My roommate did too.
We were both on IRC from the address mailed at the time.

The same thing happened with the last 'send me your password file'
request a few days ago.  I think it's fairly safe to assume that at
least a large number of those emailed were on IRC at the time, tho'
it's possible that they also fingered io.com and mailed them as well.
Or perhaps all your people who got it on io.com were on IRC at the
time.

As far as neat sendmail headers, the one I got had this :

   From vanepp () sfu ca  Sat Oct 22 23:30:14 1994
   Received: from trance.helix.net (root () helix net [142.231.37.2]) by algol (8.6.9/8.6.9) with ESMTP id XAA28350 for 
<dougmc () slip-4-15 ots utexas edu>; Sat, 22 Oct 1994 23:30:11 -0500
   Received: from  (girling () helix net [142.231.37.2]) by trance.helix.net (8.6.9/Trance.helix.net 8.6.9) with SMTP 
id VAA08021 for dougmc () slip-4-15 ots utexas edu; Sat, 22 Oct 1994 21:34:25 -0700

Isn't identd fun ?  Sure, it's possible that this was spoofed, or is
just plain incorrect, but I'd bet $ that the bozo just screwed up.
Looks like he telneted to the sendmail port on his own machine ...

-- 
Doug McLaren, dougmc () comco com, 512-467-0618, ext 28