July 26th, 2003, 10:07 AM
E-mail Ip locator
I was wondering if it is at all possible to track down an IP of an e-mail that was send to me with a virus attached to it. Or, if at all possible, is there some sort of command or prog that can relay a IP to you of the specific e-mail IP. I know this is possible...but I want the box IP. Not the pop3, or smtp server IP. Help!
If the scatman can do it so can you.
July 26th, 2003, 10:11 AM
You should be able to gleen some info from the header....if that doesn't give you what you want, NeoTrace Pro will let you enter an email addy and pull the registant info for the email server which would give you access the the admins email addy...drop him/her a line and complain...might or might not work, but it beats doing nothing.
It isn't paranoia when you KNOW they're out to get you...
July 26th, 2003, 11:19 AM
Are you using your own SMTP server, is this your domain ?
if so, there are many thech's that can be used to get the IP, but if this is
a free email address or an address that gets emails from a non-local SMTP server
it will be a little harder...
Ruslan K. Abu Zant
eReg(c) Internet Services
http://ereg.info/ | http://gold-directory.com/ | http://xui.info/
July 26th, 2003, 03:51 PM
Not sure, but, In some public Emails, such as Hotmail and stuff...you can set it up so that every email that you get, it would show at the header all the information you need, such as IP, Domain and a lot of other information. Then u could get the IP address and do a Neotrace as mentioned above. I dunno if this makes much sense sorry...but i'm a hurry *at work* lol. Good Luck
July 26th, 2003, 04:00 PM
When you view the full headers of your email The Ip of the sender will be either the first or last Received From line depending on how your email program displays it. This would be the ip address you would use when you do your neotrace or other ip lookup such as AO's ip locater. The other addresses are merely stops along the way. But if need be that your email was a forged email you could use the other ip addresses to contact the admins of the server incase they have an open port that allowed the person to send you the virus.
#!/usr/local/bin/perl -s-- -export-a-crypto-system-sig -RSA-in-3-lines-PERL
($k,$n)=@ARGV;$m=unpack(H.$w,$m.\"\\0\"x$w),$_=`echo \"16do$w 2+4Oi0$d*-^1[d2%
,$_)while read(STDIN,$m,($w=2*$d-1+length($n||die\"$0 [-d] k n\\n\")&~1)/2)
July 26th, 2003, 11:47 PM
How bout this....I got the IP from the header...but, is this IP the actual IP of this persons box. The reason I ask is this...lets say 192.168.0.2 sends a mail. The mail then goes to the router...192.168.0.1 ------- the router has a public address of 66.68.x.x ... the question is...does the header contain the 192.168.0.2 .................or the router public 'WAN' IP. Hmmmm questions questions HELP.
If the scatman can do it so can you.
July 27th, 2003, 02:22 AM
For consideration: many of the newer virii have their own SMTP engine and spoof addresses from the victims PAB.
So the information may not be accurate. I had some one accuse me of having a W32 virus...I run linux.
August 1st, 2003, 04:25 PM
Originating Box IP
Many headers do contain both the IP of the originating mail server and the originating box itself. The key is to determine which is which.
Usually you'll find them listed in something resembling this format:
Received: from xxx.xxx.xxx.xxx (HELO hostname) by smtp.mailservername.com (xxx.xxx.xxx.xxx) with SMTP; date.date.date:time.time
This is not guaranteed and can be spoofed but if it was sent out over a normal mailserver (not a viral server hidden on the box itself) then there's a good chance this information will allow you to find the source.
Hope this helps!
Mental Fitness Depends On Physical Fitness - Improve Coding With Weights!
August 1st, 2003, 04:43 PM
From memory, if you download sam spade's application - www.samspage.org/ssw there is part of the ap that will examine and report on email headers.
It will tell you if the info you are looking at is reliable
Last time I used it I found it useful.
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com