Someone sent me a worm-infected file by Email. I presume sender's address is faked, but when I open source, i get this, amongst other things:

Return-Path: <>
Delivered-To: bos_deus@hol.gr
Received: (qmail 12295 invoked from network); 7 Mar 2001 12:48:17 -0000
Received: from ppp-115-15.20-151.libero.it (HELO a3n1v8) (151.20.15.115)
by isis.hol.gr with SMTP; 7 Mar 2001 12:48:17 -0000
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="--VEXEJG1Q3GLENWX"

Is this enough to deduce what's the originating server? Can that be faked too?

Here you go:

inetnum: 151.20.0.0 - 151.21.255.255
netname: LIBERO-INFOSTRADA
descr: Free Internet Dial-up Services
descr: Via Lorenteggio 257 - 20152 Milano
country: IT
admin-c: AN2056-RIPE
tech-c: AN2056-RIPE
rev-srv: ns1.libero.it
rev-srv: ns2.libero.it
status: ASSIGNED PA
notify: abuse@iol.it
notify: abuse@libero.it
mnt-by: AS1267-MNT
changed: hostmaster@iunet.it 19991126
changed: hostmaster@iunet.it 20001024
source: RIPE

route: 151.20.0.0/16
descr: INFOSTRADA
origin: AS1267
mnt-by: AS1267-MNT
changed: hostmaster@iunet.it 19991125
source: RIPE

person: Abuse Notification
address: Via Lorenteggio 257
address: I-20152 Milano
address: Italy
phone: +39 02 41331
e-mail: abuse@iol.it
e-mail: abuse@libero.it
nic-hdl: AN2056-RIPE
changed: hostmaster@iunet.it 19991125
source: RIPE

Great utility for tracing stuff called "Network Tracer" availible here; http://www.pc-help.org/trace.htm
Hope that helps.
Dave

Many thanks Dave. Hopefully the Italians care http://www.sysopt.com/forum/smile.gif