Looks like the 211.101.130.229 is really the host name of the sending
machine. That hostname box on a windows PC can take any input including a
number. And the domain name box is left blank, so what you get is what looks
like an IP address, when it is probably just a number keyed into the
hostname box made to look like the PC's IP address.
A lot less sohpisticated than true IP forging.
Just a guess though....
--
Scot
----- Original Message -----
From: "M. DeWar" <[EMAIL PROTECTED]>
To: "imail" <[EMAIL PROTECTED]>
Sent: Thursday, April 26, 2001 2:21 PM
Subject: [IMail Forum] spammers actual addy
> Received: from 211.101.130.229 [64.228.99.24] by gndtech.com
>
> is the real ip it came from the 211.101.130.229 or the 64.228.99.24
> ?
> being that the second ip is listed in the brackets does that mean
> the first ip is forged ?
>
> thanks
> md
>
> Please visit http://www.ipswitch.com/support/mailing-lists.html
> to be removed from this list.
>
> An Archive of this list is available at:
> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
>
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
