Re: Is this to say email source is not all it is cracked up to be?
From: George Hester (hesterloli@hotmail.com)
Date: 02/21/03
- Next message: Renato Yukio Kawamura: "Port 24576 activity"
- Previous message: George Hester: "Re: Is this to say email source is not all it is cracked up to be?"
- In reply to: Karl Levinson [x y] mvp: "Re: Is this to say email source is not all it is cracked up to be?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "George Hester" <hesterloli@hotmail.com> Date: Thu, 20 Feb 2003 18:06:56 -0500
Thanks Karl that was exactly what I was looking for. It is what I thought. I believe it is easier for an ISP to deny they are the source of the problem then do anything about it. I remember when I was foolhardy enough to believe Verizon could provide a ISP service that allowed me to use the Internet the way I had back when I had Time Warner. They were hurt by Nimda and their response was to close most ports on their customers machines. They got so bad at trying to "fix" the problem that their newsservers no longer worked.
So I suppose the way it is is the way it will always be. But it's always nice to read the truth of the matter. Thanks again.
-- George Hester __________________________________ "Karl Levinson [x y] mvp" <levinson_k@excite.com> wrote in message news:O0KZ#UJ2CHA.2156@TK2MSFTNGP10.phx.gbl... > Well, the government can do it, but you and I can't. The law enforcment > arms of the US government [police, FBI, CIA, Secret Service, etc.] can > strongarm and otherwise convince major ISPs like AOL to install data > sniffers/crunchers like Carnivore when they clearly don't want to do so, and > they can get court subpoenas to force an ISP to research what IP address > connected to their mail server, but you can't. The problem usually isn't > that no one knows what the IP address is, but that you don't have enough > power to force the relevant ISP to look it up. > > One of the aggravating factors is that there are and always will be millions > of unsecured computers all over the world waiting for people to control them > remotely. A typical exploit here is not exactly forging the IP address, but > in telnetting or otherwise connecting to a wide open computer in another > country, and using that computer to attack and control another computer, and > so on, so that you have to force each ISP in the chain to help you look up > what IP address was controlling that computer at the time, until you run > into an ISP that can't or won't help. It's important to note that this > isn't even a vulnerability of SMTP... none of this is logged in the email > headers by design, because these aren't SMTP connections. So really, while > SMTP email headers can be forged, IMHO this isn't the largest problem here. > > Another aggravating factor is that there are web-based email systems out > there where you can post email, and the source IP address given for the > email is the IP address of the web server providing this service. It's > pretty similar to the way when people post to this newsgroup using the web > interface at www.microsoft.com/support... their IP address is always listes > as the Microsoft nonroutable 10.x.x.x address. You and I can never know who > really posted that message, but Microsoft does. Some of the sites that > provide free email services like this provide them as "anonymizers," and > these sites will avoid having to give out the IP address of the person that > sent the message. > > [SMTP headers are not really that hard to investigate, it's not magic. > Although a hacker can add bogus IP addresses and server names to the bottom > of the list, sooner or later one of the IP addresses in the list of servers > is a real one that actually passed the email in question. You can try to > determine this by, among other things, doing a ping -a on the IP given, > and pinging the server name given, and see if they seem to be related or > unrelated or nonexistant. That's when you run into the previously mentioned > problems where you have to contact that ISP to see if they will tell you > from their SMTP server logs what IP address was used to send the email. > Note again that SMTP is logging the IP address of the person who sent it, > even though YOU don't have easy access to that information.] > > Lastly, once they find the person, there may not be laws in that person's > country to prosecute. Even with the authors of major viruses, they are > frequently unable to prosecute or do anything due to lack of relevant laws > in that country. > > > "George Hester" <hesterloli@hotmail.com> wrote in message > news:eLtyR3H2CHA.1624@TK2MSFTNGP09.phx.gbl... > Yes I thought of that with the post office. The UnaBomber went for a very > long time. But it does seem to me that forged IP addresses are one sure way > to make sure no government has a prayer in tracking down email to their > source. Actually I do not believe that but I guess many do. Thanks for > your insight. > > >
- Next message: Renato Yukio Kawamura: "Port 24576 activity"
- Previous message: George Hester: "Re: Is this to say email source is not all it is cracked up to be?"
- In reply to: Karl Levinson [x y] mvp: "Re: Is this to say email source is not all it is cracked up to be?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
