From: Owen Lagarde Newsgroups: comp.lang.c++,comp.os.msdos.djgpp,rec.games.programmer Subject: Re: any class-A idiot... Date: Mon, 29 Sep 1997 17:51:03 -0500 Organization: Nichols Research Lines: 39 Message-ID: <343030D7.1CBC@pegasus.wes.army.mil> References: <3412BD25 DOT 1F30 AT mho DOT net> <341714E9 DOT F6CC2E67 AT rpi DOT edu> <342754c2 DOT 0 AT 139 DOT 134 DOT 5 DOT 33> <608jvl$sii AT mozo DOT cc DOT purdue DOT edu> <875267668 DOT 836385 AT ash DOT mcs DOT net DOT au> <60hdjn$ser AT mozo DOT cc DOT purdue DOT edu> <342C4916 DOT 7200 AT cam DOT org> <875403042 DOT 94850 AT ash DOT mcs DOT net DOT au> <3432ce72 DOT 13188083 AT news1 DOT newscene DOT com> <875464223 DOT 362599 AT ash DOT mcs DOT net DOT au> <01bccc37$c182be90$b756dec2 AT algorithm> <342FAA0B DOT 65D5 AT cam DOT org> <01bcccf2$c97066f0$2b40cbc2 AT russnt> NNTP-Posting-Host: pegasus.wes.army.mil Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: djgpp AT delorie DOT com DJ-Gateway: from newsgroup comp.os.msdos.djgpp Precedence: bulk Russ Williams wrote: > Yes, but why is he appearing as 'unknown@'? Surely that should record > the username of whoever's logged into the dial-up... Then again, most > ISPs constantly seem to have problems with their software, so it could > be a "// TODO: implement me!" job. ;) I've seen two common instances of "unknown" in mail: 1) Send a message with a fake "from" header through a mail repeater to an address that is known to not exist. The bounce- back, if configured to not encapsulate in an error message, sends the unchanged message back to the "from" contents. Netscape mail does this quite well, but it's rare. 2) Hack up a text file formatted to appear as a mail message (via any un-intelligent mailer or even text editor) and write it to the mail port of any host that hasn't applied the maild() patch for this very loophole. The message goes with the contents of the fake header provided the mail deamon doesn't check it first. Even easier if you have access to the deamon and associated socket. The first is usually a mistake, and any class-A idiot with root on their linux or bsd box and a little admin knowledge can do the second. For that matter, there's a slew of methods using RCP or UDB utilities provided the first host to receive doesn't backtrack, check sender, require a local account, etc. Easily half of the boxes compliant with early sunos 4.1 and back fit that bill. -- Sincerely, Owen LaGarde CEWES HPC MSRC Customer Support 800-500-4722 info-hpc AT wes DOT hpc DOT mil "If I can do it, any idiot can." -- Me