Looking at the headers of spam that came into our spam account, I noticed this header:
Received: from 67.17.218.5 [218.69.212.203] by mail.crescentdigital.com � (SMTPD32-6.06) id A39D801DE; Tue, 10 Aug 2004 19:00:45 -0400 Received: from 18.142.129.10 by 218.69.212.203; Tue, 10 Aug 2004 21:54:09 -0100 I did a whois on the 218.69.212.203 ip and it's traced back to networks in China, but the Received line below that I found interesting. The 18.142.129.10 IP is traced back to MIT. Looks like someone at MIT has hacked into the China server and is using that server to send out spam; and probably getting paid for it too. Kinda Funny.. linux:~ # whois 218.69.212.203 inetnum: 218.67.128.0 - 218.69.255.255 netname: CNCGROUP-TJ country: CN descr: CNCGROUP Tianjin province network address: No.156,Fu-Xing-Men-Nei Street, address: Beijing,100031,P.R.China linux:~ # whois 18.142.129.10 OrgName: Massachusetts Institute of Technology OrgID: MIT-2 Address: Room W92-190 Address: 77 Massachusetts Avenue City: Cambridge StateProv: MA PostalCode: 02139-4307 Country: US NetRange: 18.0.0.0 - 18.255.255.255 CIDR: 18.0.0.0/8 NetName: MIT --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
