Which algorithm is used for IP fragmentation ID?
Fabian Wenk
fabian at wenks.ch
Tue Sep 6 10:57:31 UTC 2011
Hello
Just for your information.
On 04.09.2011 23:00, Fabian Wenk wrote:
> Do you see some other e-mail address (or hostname / IP address) in
> the header lines of the e-mail? Or do you see the URL where the
> "click here" is pointing to (better do not click on them)?
Ian had answered privately to me with the details. According to
it, this e-mail tries to trick the reader into clicking a link (if
the image is not visible, which would be loaded from a remote URL)
to probably verify the e-mail address of the receiver. Luckily the
URLs are (probably wrongfully) pointing to click.freebsd.org which
does not exists. The e-mail use a faked sender address which is
set to freebsd-security at freebsd.org, but according to the header
lines the e-mail was not sent from a system belonging to the
FreeBSD project.
I have sent an e-mail with all the details to the admins of the
mailing list, as I suspect we have a rouge subscriber in the list.
bye
Fabian
More information about the freebsd-security
mailing list