Tracing email - Long Island University
Download
Report
Transcript Tracing email - Long Island University
Tracing email
Headers
Return-path: <[email protected]>
Received: from mta23.srv.hcvlny.cv.net
(mta23.srv.hcvlny.cv.net [167.206.5.184]) by mstr2.srv.hcvlny.cv.net
(Sun Java System Messaging Server 6.2-4.03 (built Sep 22 2005))
with ESMTP id <[email protected]> for
[email protected]; Tue, 29 Nov 2005 05:40:50 -0500 (EST)
Received: from hotmail.com (bay114-dav14.bay114.hotmail.com [65.54.169.86])
by mta23.srv.hcvlny.cv.net
(Sun Java System Messaging Server 6.2-4.03 (built Sep 22 2005))
with ESMTP id <[email protected]> for
[email protected] (ORCPT [email protected]); Tue,
29 Nov 2005 05:40:49 -0500 (EST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue,
29 Nov 2005 02:40:48 -0800
Received: from 212.100.250.216 by BAY114-DAV14.phx.gbl with DAV; Tue,
29 Nov 2005 10:40:48 +0000
Date: Tue, 29 Nov 2005 11:47:47 +0100
From: Dele Belgore <[email protected]>
Subject: Dear Malinowski (Urgent/Confidential Request)
X-Originating-IP: [212.100.250.216]
X-Sender: [email protected]
Bcc:
Reply-to: Dele Belgore <[email protected]>
Message-id: <[email protected]>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4939.300
X-Mailer: Microsoft Outlook Express 5.50.4922.1500
Content-type: multipart/alternative;
boundary="Boundary_(ID_PSl9uVHx8QZ3EPypzGbkVQ)"
X-Priority: 3
X-MSMail-priority: Normal
X-Originating-Email: [[email protected]]
Original-recipient: rfc822;[email protected]
X-OriginalArrivalTime: 29 Nov 2005 10:40:48.0512 (UTC)
FILETIME=[5C60D800:01C5F4D1]
Checking IP addresses
IP (and other info) can be spoofed at
nodes where the suspect may have
control
What information might be revealed
from an email?
Despite spoofing attempts?
What happens if a remailer or
anonymizer is used?
IP address blocks
www.iana.org/assignments/ipv4-address-space
ARIN
APNIC
058.x.x.x thru 061.x.x.x
202.x.x.x thru 203.x.x.x
210.x.x.x thru 211.x.x.x
218.x.x.x thru 222.x.x.x
RIPE
063.x.x.x thru 072.x.x.x
199.x.x.x
204.x.x.x thru 209.x.x.x
216.x.x.x
062.x.x.x
081.x.x.x thru 088.x.x.x
193.x.x.x thru 195.x.x.x
212.x.x.x thru 213.x.x.x
217.x.x.x
LACNIC
200.x.x.x thru 201.x.x.x
Domain Names
Top level domains (TLD) assigned by
ICANN (Internet Corp on Assigned
Names and Numbers)
Responsible for IANA
dig
Gets IP for the hostname
Name Server
(opt)
Record type
(opt)
tower:~$ dig @ns.adnc.com FreeSoft.org mx
[1] ; <<>> DiG 2.1 <<>> @ns.adnc.com FreeSoft.org mx
[2] ; (1 server found)
[3] ;; res options: init recurs defnam dnsrch
[4] ;; got answer:
[5] ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:
10
[6] ;; flags: qr aa rd ra; Ques: 1, Ans: 1, Auth: 2, Addit: 2
[7] ;; QUESTIONS:
[8] ;; FreeSoft.org, type = MX, class = IN
[9]
[10] ;; ANSWERS:
[11] FreeSoft.org. 86400 MX 100 mail.adnc.com.
[12]
dig
[13] ;; AUTHORITY RECORDS:
[14] FreeSoft.org. 86400 NS ns.adnc.com.
[15] FreeSoft.org. 86400 NS ns2.adnc.com.
[16]
[17] ;; ADDITIONAL RECORDS:
[18] ns.adnc.com. 86400 A 205.216.138.22
[19] ns2.adnc.com. 86400 A 205.216.138.24
[20]
[21] ;; Total query time: 464 msec
[22] ;; FROM: tower to SERVER: ns.adnc.com
205.216.138.22
[23] ;; WHEN: Tue Mar 19 20:31:58 1996
[24] ;; MSG SIZE sent: 30 rcvd: 126
dig
$ dig @ns.adnc.com mail.adnc.com
[1] ; <<>> DiG 2.1 <<>> @ns.adnc.com mail.adnc.com
[2] ; (1 server found)
[3] ;; res options: init recurs defnam dnsrch
[4] ;; got answer:
[5] ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:
10
[6] ;; flags: qr aa rd ra; Ques: 1, Ans: 2, Auth: 3, Addit: 3
[7] ;; QUESTIONS:
[8] ;; mail.adnc.com, type = A, class = IN
[9]
[10] ;; ANSWERS:
[11] mail.adnc.com. 86400 CNAME gemini.adnc.com.
[12] gemini.adnc.com. 86400 A 205.216.138.22
dig
% dig +short mail.adnc.com
205.216.138.22
whois
http:www.networksolutions.com/en_US/whois/index.html
http://verisign-grs.com/cgi-bin/whois
http://www.easywhois.com
traceroute
www.wvi.com/cgi-bin/trace