::incrediblearena::
Thank you...for visiting our site.
hope u enjoy it.
for further info just mail : gkd_619@rediffmail.com
::incrediblearena::
Would you like to react to this message? Create an account in a few clicks or log in to continue.


This is a Official forum of www.incrediblearena.co.nr
 
HomeSearchRegisterLog inGallery
Log in
Username:
Password:
Log in automatically: 
:: I forgot my password
Similar topics
    Poll
    Why you want to be a Hacker
    Money
    Backtracking EMAIL Messages I_vote_lcap25%Backtracking EMAIL Messages I_vote_rcap
     25% [ 16 ]
    Revenge
    Backtracking EMAIL Messages I_vote_lcap19%Backtracking EMAIL Messages I_vote_rcap
     19% [ 12 ]
    Security developer
    Backtracking EMAIL Messages I_vote_lcap27%Backtracking EMAIL Messages I_vote_rcap
     27% [ 17 ]
    Want 2 be a g33k god
    Backtracking EMAIL Messages I_vote_lcap22%Backtracking EMAIL Messages I_vote_rcap
     22% [ 14 ]
    etc etc
    Backtracking EMAIL Messages I_vote_lcap8%Backtracking EMAIL Messages I_vote_rcap
     8% [ 5 ]
    Total Votes : 64
    Latest topics
    » SilverMU season 6
    Backtracking EMAIL Messages EmptyFri Apr 29, 2011 3:12 pm by ArcSky

    » WINDOWS 8 M1 [Leaked] [Dwnld]
    Backtracking EMAIL Messages EmptySun Apr 17, 2011 1:46 am by admin

    » thousands of working email id's
    Backtracking EMAIL Messages EmptyThu Jan 27, 2011 12:38 am by admin

    » zuckerberg-fan-page-hack [news]
    Backtracking EMAIL Messages EmptyWed Jan 26, 2011 10:54 pm by admin

    » Dhobi Ghat (Direct Download)
    Backtracking EMAIL Messages EmptyWed Jan 26, 2011 1:18 am by admin

    » Saw All Parts [Resume Support High Speed Downloads]
    Backtracking EMAIL Messages EmptyWed Jan 26, 2011 1:03 am by admin

    » USB Hidden Copier
    Backtracking EMAIL Messages EmptyWed Jan 26, 2011 12:56 am by admin

    » Free e-books
    Backtracking EMAIL Messages EmptyTue Jan 25, 2011 11:22 pm by admin

    » Free Reliance Internet [Simple & eazy]
    Backtracking EMAIL Messages EmptyTue Jan 25, 2011 11:08 pm by admin

    PCARENA
    Visitor
    web track

     

     Backtracking EMAIL Messages

    Go down 
    AuthorMessage
    gkd_619
    Super Moderator
    Super Moderator
    gkd_619

    Male
    Number of posts : 34
    Age : 36
    Location : internet
    Job/hobbies : Trying My Best
    Humor : I M Wht I M
    Points : 13464
    Registration date : 2008-04-05

    Backtracking EMAIL Messages Empty
    PostSubject: Backtracking EMAIL Messages   Backtracking EMAIL Messages EmptySat Aug 30, 2008 2:07 am

    Tracking email back to its source: Twisted Evil
    cause i hate spammers... Evil or Very Mad

    Ask most people how they determine who sent them an email message and the response is almost universally, "By the From line." Unfortunately this symptomatic of the current confusion among internet users as to where particular messages come from and who is spreading spam and viruses. The "From" header is little more than a courtesy to the person receiving the message. People spreading spam and viruses are rarely courteous. In short, if there is any question about where a particular email message came from the safe bet is to assume the "From" header is forged.

    So how do you determine where a message actually came from? You have to understand how email messages are put together in order to backtrack an email message. SMTP is a text based protocol for transferring messages across the internet. A series of headers are placed in front of the data portion of the message. By examining the headers you can usually backtrack a message to the source network, sometimes the source host. A more detailed essay on reading email headers can be found .

    If you are using Outlook or Outlook Express you can view the headers by right clicking on the message and selecting properties or options.

    Below are listed the headers of an actual spam message I received. I've changed my email address and the name of my server for obvious reasons. I've also double spaced the headers to make them more readable.


    Return-Path: <s359dyxtt@yahoo.com>

    X-Original-To: [You must be registered and logged in to see this link.]

    Delivered-To: [You must be registered and logged in to see this link.]

    Received: from 12-218-172-108.client.mchsi.com (12-218-172-108.client.mchsi.com [12.218.172.108])
    by mailhost.example.com (Postfix) with SMTP id 1F9B8511C7
    for <davar@example.com>; Sun, 16 Nov 2003 09:50:37 -0800 (PST)

    Received: from (HELO 0udjou) [193.12.169.0] by 12-218-172-108.client.mchsi.com with ESMTP id <536806-74276>; Sun, 16 Nov 2003 19:42:31 +0200

    Message-ID: <n5-l067n7z$46-z$-n@eo2.32574>

    From: "Maricela Paulson" <s359dyxtt@yahoo.com>

    Reply-To: "Maricela Paulson" <s359dyxtt@yahoo.com>

    To: [You must be registered and logged in to see this link.]

    Subject: STOP-PAYING For Your PAY-PER-VIEW, Movie Channels, Mature Channels...isha

    Date: Sun, 16 Nov 2003 19:42:31 +0200

    X-Mailer: Internet Mail Service (5.5.2650.21)

    X-Priority: 3

    MIME-Version: 1.0

    Content-Type: multipart/alternative; boundary="MIMEStream=_0+211404_90873633350646_4032088448"


    According to the From header this message is from Maricela Paulson at [You must be registered and logged in to see this link.]. I could just fire off a message to [You must be registered and logged in to see this link.], but that would be waste of time. This message didn't come from yahoo's email service.

    The header most likely to be useful in determining the actual source of an email message is the Received header. According to the top-most Received header this message was received from the host 12-218-172-108.client.mchsi.com with the ip address of 21.218.172.108 by my server mailhost.example.com. An important item to consider is at what point in the chain does the email system become untrusted? I consider anything beyond my own email server to be an unreliable source of information. Because this header was generated by my email server it is reasonable for me to accept it at face value.

    The next Received header (which is chronologically the first) shows the remote email server accepting the message from the host 0udjou with the ip 193.12.169.0. Those of you who know anything about IP will realize that that is not a valid host IP address. In addition, any hostname that ends in client.mchsi.com is unlikely to be an authorized email server. This has every sign of being a cracked client system.


    Here's is where we start digging. By default Windows is somewhat lacking in network diagnostic tools; however, you can use the tools at to do your own checking.

    davar@nqh9k:[/home/davar] $whois 12.218.172.108

    AT&T WorldNet Services ATT (NET-12-0-0-0-1)
    12.0.0.0 - 12.255.255.255
    Mediacom Communications Corp MEDIACOMCC-12-218-168-0-FLANDREAU-MN (NET-12-218-168-0-1)
    12.218.168.0 - 12.218.175.255

    # ARIN WHOIS database, last updated 2003-12-31 19:15
    # Enter ? for additional hints on searching ARIN's WHOIS database.

    I can also verify the hostname of the remote server by using nslookup, although in this particular instance, my email server has already provided both the IP address and the hostname.

    davar@nqh9k:[/home/davar] $nslookup 12.218.172.108

    Server: localhost
    Address: 127.0.0.1

    Name: 12-218-172-108.client.mchsi.com
    Address: 12.218.172.108

    Ok, whois shows that Mediacom Communications owns that netblock and nslookup confirms the address to hostname mapping of the remote server,12-218-172-108.client.mchsi.com. If I preface a www in front of the domain name portion and plug that into my web browser, [You must be registered and logged in to see this link.] I get Mediacom's web site.

    There are few things more embarrassing to me than firing off an angry message to someone who is supposedly responsible for a problem, and being wrong. By double checking who owns the remote host's IP address using two different tools (whois and nslookup) I minimize the chance of making myself look like an idiot.

    A quick glance at the web site and it appears they are an ISP. Now if I copy the entire message including the headers into a new email message and send it to [You must be registered and logged in to see this link.] with a short message explaining the situation, they may do something about it.

    But what about Maricela Paulson? There really is no way to determine who sent a message, the best you can hope for is to find out what host sent it. Even in the case of a PGP signed messages there is no guarantee that one particular person actually pressed the send button. Obviously determining who the actual sender of an email message is much more involved than reading the From header. Hopefully this example may be of some use to other forum regulars.
    Back to top Go down
    http://www.gkd619.co.nr
     
    Backtracking EMAIL Messages
    Back to top 
    Page 1 of 1
     Similar topics
    -
    » 1000000000+ Email Addresses With Bulk Email Sender

    Permissions in this forum:You cannot reply to topics in this forum
    ::incrediblearena:: :: HARDCORE ARENA :: HACKING ARENA-
    Jump to: