I need advice on how to trace an e-mailed message.
Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: I need advice on how to trace an e-mailed message.

  1. #1
    Gray Haired Old Fart aeallison's Avatar
    Join Date
    Jul 2002
    Location
    Buffalo, Missouri USA
    Posts
    888

    Question I need advice on how to trace an e-mailed message.

    Hello,
    I am in need of a way to trace an e-mailed message back to its originating computer. I have recently opened an ISP in my small mid-western town. ( I brought fiber into this area and of course have exclusive rights to who can connect to it. ) Naturally, I have the fastest connection and the most bandwidth to offer my customers than the other two ISPs that are laughingly my competition. (They are still using analog phone lines and antique modem banks on PC's of all things for their servers...my equipment is ALL state of the art Cisco, Sun, Ascend, etc...) I opened this ISP to provide a quality service to my community, my competitors are fleecing their customers and slandering me in the process...and I have about had it!!!
    I have been targeted by them and have piles of logs to show their feeble attempts at comprimising my security. I am being bombarded by DOS attacks, e-mail trojans and the like. I need to obtain the MAC addresses of their equipment so the authorities can seize their equipment and expose them for what they really are. This has to be repeatable as well so I can show the authorities that I am not blowing smoke up their a--'s. I know all this to be true as none of my customers are getting these mailings only my partner and myself are being targeted, my anonymous e-mail addies have not been getting these attacks either, and I have them subscribed to the same forums and sites that my public addies are on, and they reside on the same servers.
    These atrocities need to be acted upon now and thouroghly, because if I let this slide I am only going to encourage them to keep it up. They have pis--d up the wrong tree this time, I am going to show them one way or the other that I am here to stay and they will have to like it! I opened this expecting competition, and welcome it as that only serves to improve the services that they offer by forcing them to improve and update their own equipment, I never dreamed they would declare war on me!!! These folks are being childish and unscrupulous opponents and deserve to pay dearly for their actions. For more info on their activities visit my web site at RIP Internet
    I have a question; are you the bug, or the windshield?

  2. #2
    Banned
    Join Date
    Jun 2002
    Posts
    458
    Well their MACs wont show up in an e-mail but you can find their IP in one as long as they aren't using an anonymous e-mail service. But they most likely are. Maybe you can hire a white hat to do some network security work for your ISP.

    Actually, grab an e-mail they sent you and post the header here, us AOers will try to find what we can, if enough work on it maybe we'll get the job done. So grab a few e-mails and post the headers and any other pertinent information you have. You may wish to block your own e-mail address from the header though.

  3. #3
    Hi mom!
    Join Date
    Aug 2001
    Posts
    1,103
    Remember, email headers can be forged, so they don't prove a thing.

    I think it's best for your business to just ignore the childish actions of your competitors. That'll gain you two things: first, you can spent your time working on, for and with your customers, thus raising the level of service you provide (and compete even better). Second, people don't like mud-fights. Going public with this will result in a drop of subscribers, I think. People are interested in quality and service, not in who got something first.
    I wish to express my gratitude to the people of Italy. Thank you for inventing pizza.

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    682
    well...a couple of things...first...take 2 steps back, a deep breath ...anger in these situtations...as understandable as it is...can lead you to do some silly things...the worst being trying to "get back at em" (ie: "one way or another...")

    sounds like you are doing the right things...log log log...you shouldn't need much more...but as much detail as possible. If you can convince the police that the attacks are costing more than $5000 i believe they are required to investigate...(correct me if that not right..)

    if you can get a hold of any kind of printed documentation to prove that they are slandering you or your business...well..get that and get a lawyer.

    as for being bombarded by trojans...ha...who isn't...not much you can do there except keep av up to date...

    but i guess my question would be...if their attempts are "feeble" well...consider it practice...and if your network and business practices are superior...you'll "win" anyway...it's just a matter of time...
    I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson

  5. #5
    Senior Member cheesegoduk's Avatar
    Join Date
    May 2002
    Posts
    224
    That would get annoying, Just be happy in the knowledge that people will probally flood to your isp and the others will go out of buiness ;-)

  6. #6
    Junior Member
    Join Date
    Jul 2002
    Posts
    19
    Correct me if i'm wrong but mailing trojans is rather childish so a check on the headers could give some information..

    Good Luck..

    ThaVolt
    The Fear Of Dead Keeps Us From Living, Not From Dying..

  7. #7
    Senior Member
    Join Date
    May 2002
    Posts
    168
    Definately if you make this public, it will cause a drop in subscribers, as you will be seen as a dodgy isp. I know you said none of your current subscribers get emails etc. but they might soon, it'll only be a matter of time. That could put people off subscribing as they'll be afraid it might happen to them, remember, they might not have firewall/av software installed.

    PranKster

    Originally posted here by Guus
    Remember, email headers can be forged, so they don't prove a thing.

    I think it's best for your business to just ignore the childish actions of your competitors. That'll gain you two things: first, you can spent your time working on, for and with your customers, thus raising the level of service you provide (and compete even better). Second, people don't like mud-fights. Going public with this will result in a drop of subscribers, I think. People are interested in quality and service, not in who got something first.
    he said they can be forged, so information from the headers is irrelevant, am I right?
    \"Why is the bomb always gettin\' the last word?\" - Will Smith - Lost & Found (2005)

  8. #8
    Senior Member roswell1329's Avatar
    Join Date
    Jan 2002
    Posts
    670
    One word:

    procmail



    Seriously, Zigar has it right. If you approach this with a revenge attitude, you'll likely get yourself into more trouble than your competitors. And Prankster is right from a public relations standpoint. Unnecessary publicity about this could have repercussions. These individuals don't sound too bright, so a glance at their mail headers may bear some fruit. If the IP's they are using are consistant, and don't resolve to a valid domain you could just configure your mail server or router to ignore those specific addresses or even that range. Just make sure that you're not getting valid traffic from that range beforehand!

    Other than that, since these guys are only targeting you (thankfully not your customers), just start sending those messages to the bit bucket. If you're familiar with procmail, you can even setup a procmail recipie that will generate a fake email auto-reply for un-recognized addresses that appears to be coming from your mail server that says your address has been removed from the system. Good for spammers, too!

    Although, if this is your business address, that might not be too smart. Hmm... I guess it's just best to trash them.
    /* You are not expected to understand this. */

  9. #9
    Junior Member
    Join Date
    Jul 2002
    Posts
    1

    Thumbs up

    Spams can be a pain in the backside. To circumvent this issue, I use the following two programs 'eMailTracking Pro' and 'VisualRoute'. These are neat little toys to drill down to the originating IPs. You already have the logs. So, give it a shot and you might have more specific data for the proper authorities.
    Hope this helps!
    Abbas

  10. #10
    Banned
    Join Date
    Mar 2002
    Posts
    968
    If you can convince the police that the attacks are costing more than $5000 i believe they are required to investigate...(correct me if that not right..)
    Zigar> It does depends on the country. Here in "our" country, the police is obligated to investigate anything that counts to losses. The only difference is that over 5000$ becomes a serious offense punishable by a term not exceeding 14 years.

    Going public, like many have said, could cause bad publicity for both you and them. People will want proof, and some people, as ignorant as they can be, will side with the competitors (ie: "your proof is tampered", "evidence is created"...)

    Going to the authorities is better. Once your side has been established by the authorities, they will provide the info that the public can know. Make sure to log as best as you can and check out JP's How to be a Profiler section on the main page...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •