>From [EMAIL PROTECTED] Sun Nov 16 15:36:43 1997 >Received: (qmail 23401 invoked by uid 38); 16 Nov 1997 23:32:27 -0000 >Resent-Date: 16 Nov 1997 23:32:27 -0000 >Resent-Cc: recipient list not shown: ; >X-Envelope-Sender: [EMAIL PROTECTED] >Received: (qmail 23323 invoked from network); 16 Nov 1997 23:32:24 -0000 >Received: from uhura.cc.rochester.edu ([EMAIL PROTECTED]@128.151.224.17) > by 205.229.104.5 with SMTP; 16 Nov 1997 23:32:24 -0000 >Received: from gatekeeper ([EMAIL PROTECTED] [128.151.220.153]) > by uhura.cc.rochester.edu (8.8.5/8.8.5) with SMTP id SAA19870 > for <debian-user@lists.debian.org>; Sun, 16 Nov 1997 18:36:01 -0500 (EST) >Message-Id: <[EMAIL PROTECTED]> >X-Sender: [EMAIL PROTECTED] >X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) >Date: Sun, 16 Nov 1997 18:36:15 -0500 >To: debian-user@lists.debian.org >From: Chi Wong <[EMAIL PROTECTED]> >Subject: Tracing Spoof IP's >Mime-Version: 1.0 >Content-Type: text/plain; charset="us-ascii" >Resent-Message-ID: <"xKMkwC.A.usF.LK4b0"@debian> >Resent-From: debian-user@lists.debian.org >X-Mailing-List: <debian-user@lists.debian.org> archive/latest/18536 >X-Loop: debian-user@lists.debian.org >Precedence: list >Resent-Sender: [EMAIL PROTECTED] > >Is there a way to detect / trace where the spoof ip addresses are coming >from? Or is it an impoosible task? Best way I have found, is to use tcpdump, install, then cd /usr/sbin and ./tcpdump. Not full-proof, But I can get the real addy of a Spoofed hit, 90% of the time....Regards...Rik...aka..Debian1 >TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to >[EMAIL PROTECTED] . >Trouble? e-mail to [EMAIL PROTECTED] . > >
______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .