Re: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail
From: KoRe MeLtDoWn (koremeltdown_at_hotmail.com)
Date: 05/28/03
- Previous message: David J. Bianco: "Re: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail"
- Maybe in reply to: steve baker: "Distressing, possibly life threatening emails from free accounts (yahoo, hotmail"
- Next in thread: Jay Woody: "Re: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: stephenbbaker@hotmail.com, security-basics@securityfocus.com Date: Wed, 28 May 2003 17:23:22 +0000
Hi there Stephen,
What you need to do first off evaluate the is look at the email header, and
look for the IP address that sent the email. Once it is determined which IP
address created the email, do a reverse DNS on that IP address. This can be
done quickly and effieciently at http://remote.12dt.com/rns/ without any
hassles.
if for example your reverse dns reveals a hostname of
210-54-108.dialup.xtra.co.nz then you would visit xtra.co.nz and determine
weither or not they are an ISP. After this, you can gather contact email
addresses for the ISP.
You would then write to the ISP; though calling it if it is local may
produce better results and inform them of the incident, including an EXACT
dialog, the time it took place, informing them that it was one of your users
that was the target, and give them a little reminder that what has taken
place is highly illegal and needs to be acted apon internally or you have
the right to take legal action. From here; your ISP is not legally oibliged
to give you the information of the account holder that was using the said IP
at the time the email was sent; HOWEVER they are legally abliged (in most
civilised countries at least) to give contact details to law enforcement if
such a request is to be made of them. If they refuse to give you the
information personally (and they will) then your only other option of
finding out who is responsible is to phone the police; whom will take
criminal action against the offender. This would involve the usual cyber
crime task forces etc tracking the person - they would essentially do what
Ihave just explained, and possibly a little more :)
If you have any problems with any of the email header stuff drop me a line
and I will get the information you need.
Good Luck.
Kind regards,
Hamish Stanaway
Absolute Web Hosting / -= KoRe WoRkS Internet Security
Owner/Operator
Auckland
New Zealand
http://www.webhosting.net.nz/
http://www.buywebhosting.co.nz/
http://www.koreworks.com/
>From: "steve baker" <stephenbbaker@hotmail.com>
>To: security-basics@securityfocus.com
>Subject: Distressing, possibly life threatening emails from free accounts
>(yahoo, hotmail
>Date: Tue, 27 May 2003 12:38:58 -0400
>MIME-Version: 1.0
>X-Originating-IP: [167.199.152.207]
>X-Originating-Email: [stephenbbaker@hotmail.com]
>Received: from outgoing2.securityfocus.com ([205.206.231.26]) by
>mc6-f42.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Wed, 28 May
>2003 10:00:56 -0700
>Received: from lists.securityfocus.com (lists.securityfocus.com
>[205.206.231.19])by outgoing2.securityfocus.com (Postfix) with QMQPid
>354EA8F4EC; Wed, 28 May 2003 10:18:49 -0600 (MDT)
>Received: (qmail 5892 invoked from network); 27 May 2003 16:12:02 -0000
>X-Message-Info: JGTYoYF78jEHjJx36Oi8+Q1OJDRSDidP
>Mailing-List: contact security-basics-help@securityfocus.com; run by ezmlm
>Precedence: bulk
>List-Id: <security-basics.list-id.securityfocus.com>
>List-Post: <mailto:security-basics@securityfocus.com>
>List-Help: <mailto:security-basics-help@securityfocus.com>
>List-Unsubscribe: <mailto:security-basics-unsubscribe@securityfocus.com>
>List-Subscribe: <mailto:security-basics-subscribe@securityfocus.com>
>Delivered-To: mailing list security-basics@securityfocus.com
>Delivered-To: moderator for security-basics@securityfocus.com
>Message-ID: <BAY8-F117HfbBfbEc7m00018422@hotmail.com>
>X-OriginalArrivalTime: 27 May 2003 16:38:58.0943 (UTC)
>FILETIME=[78DFA0F0:01C3246E]
>Return-Path:
>security-basics-return-19744-koremeltdown=hotmail.com@securityfocus.com
>
>One of our users has received questionable and possibly life threatening
>emails from a yahoo account that was created recently. They have
>approached
>us to find out as much as we can pertaining to the person sending it.
>
>Of course, we are not YAHOO so we cannot determine anything about the mail
>other than the content.
>
>How can we find out who sent this?
>
>_________________________________________________________________
>STOP MORE SPAM with the new MSN 8 and get 2 months FREE*
>http://join.msn.com/?page=features/junkmail
>
>
>---------------------------------------------------------------------------
>----------------------------------------------------------------------------
>
_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.
http://join.msn.com/?page=features/virus
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Previous message: David J. Bianco: "Re: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail"
- Maybe in reply to: steve baker: "Distressing, possibly life threatening emails from free accounts (yahoo, hotmail"
- Next in thread: Jay Woody: "Re: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
