[Towertalk] Anyone know how to read these headers?

Bob Nielsen nielsen@oz.net
Fri, 26 Apr 2002 21:35:06 -0700


On Fri, Apr 26, 2002 at 09:23:31PM -0400, Bill Otten wrote:
> With all the discussion on the W32 Klez virii around, there was a suggestion
> to read the headers in order to see where a post might have come from. I
> don't know how to read through all this hieroglyphic header stuff but I
> thought perhaps it might serve as a clue for someone. Might lead to helping
> someone find out if they've a virus in their system, but I'd need some help
> with deciphering.....

> Received: from Fjfidcduy ([68.64.226.171]) by out020.verizon.net
>           (InterMail vM.5.01.04.05 201-253-122-122-105-20011231) with SMTP
>           id <20020427005426.NUVW1765.out020.verizon.net@Fjfidcduy>
>           for <hsz102@psu.edu>; Fri, 26 Apr 2002 19:54:26 -0500

This line shows that it originated from the IP address 68.64.226.171. 

$ host 68.64.226.171
Name: pa-steclge-u3-c4a-171.stcgpa.adelphia.net
Address: 68.64.226.171

and a whois search for adelphia.net shows:

Adelphia Communications Corp. (ADELPHIA2-DOM)
   Main at Water
   Coudersport, PA 16915
   US

   Domain Name: ADELPHIA.NET

   Administrative Contact, Billing Contact:
      Scott, Joelle  (JSE388)  joelle@ADELPHIA.NET
      Adelphia Business Solutions
      712 North Main Street
      Coudersport, PA 16915
      888-512-5111 (FAX) 814-274-7370
   Technical Contact:
      Hostmaster, Adelphia  (HA143-ORG)  hostmaster@ADELPHIA.NET
      Adelphia Communications Corp.
      Main at Water Street
      Coudersport, PA 16915
      US
      888-512-5111
      Fax- 814-274-0780

73,
Bob N7XY