spoofed email tracing
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: spoofed email tracing

  1. #1
    Junior Member
    Join Date
    Apr 2004
    Posts
    1

    spoofed email tracing

    I have a client who is receiving death threats by a pretty savvy cyberwiz using AOL' choose your own ISP...spoofed every step of the way...private use, black holes...can't get back farther than the proxy server?

    ANY HELP/tips???

  2. #2
    Senior Member Info Tech Geek's Avatar
    Join Date
    Jan 2003
    Location
    Vernon, CT
    Posts
    828
    Contact the authorities, they may have someone who can assist you with collecting the information you need and the steps to go about reporting it. The main information you are looking for should be stored in the header and all e-mails should be forwarded to abuse@thereISP.com. If you think this is just a prank or someone harrassing him, I would just block all emails from this individual.

  3. #3
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    ..who is receiving death threats by a pretty savvy cyberwiz using AOL' choose your own ISP...
    Perhaps there is something I don't quite understand but why not file a complaint with AOL? I would suspect that it is against their AUP and they should be able to help especially if you get law enforcement involved.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  4. #4
    AFLAAACKKK!!
    Join Date
    Apr 2004
    Posts
    1,065
    So far what were your techniques to go about trying to trace him? My advice is to look at the header of the email and get the IP. Then do a WHO IS lookup and a tracert in the command prompt on the IP address. If you get two different ISP's, which was my problem when tracking down spammers, go to both of the ISP's websites and look for contact information and send a complaint with an attachment of the email the moron sent you to both ISP's. They will tell you if they need any more info or whatever in order for them to do anything.
    Hope this helped
    I am the uber duck!!1
    Proxy Tools

  5. #5
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    here i sent a message from aol to myself. neither the ipaddress of the computer or the account im using appear in the header. only thr user name im using and the domain are there. there is also a Message-ID: <79.2748ceae.2db421b9@aol.com> wich im sure aol could use to id the account this came from at that given time.


    Received: from imo-m27.mx.aol.com ([64.12.137.8]) by myserver.COM with Microsoft SMTPSVC(5.0.2195.6713);
    Sun, 18 Apr 2004 14:30:20 -0400
    Received: from myhomeaolaccount@aol.com
    by imo-m27.mx.aol.com (mail_out_v37_r1.2.) id 2.79.2748ceae (4206)
    for <myaccount@myserver.com>; Sun, 18 Apr 2004 14:23:53 -0400 (EDT)
    From: myhomeaolaccount@aol.com
    Message-ID: <79.2748ceae.2db421b9@aol.com>
    Date: Sun, 18 Apr 2004 14:23:53 EDT
    Subject: Fwd: Microsoft Security Bulletin Re-releases, April 2004
    To: myaccount@myserver.com
    MIME-Version: 1.0
    Content-Type: multipart/mixed; boundary="part1_79.2748ceae.2db421b9_boundary"
    X-Mailer: 8.0 for Windows sub 6024
    Return-Path: myhomeaolaccount@aol.com
    X-OriginalArrivalTime: 18 Apr 2004 18:30:20.0608 (UTC) FILETIME=[34890C00:01C42573]

    <names have been changed to protect whoever>


    BUT...if this were a bogus/stolen account, which i would think it would be, your chance of aol catching them is slim to none. it would be to cost prohibitive. you could call the fbi and if your life is important enought they could query their handy dandy stick their E-ears into everyones messages database, match it to intel's non existant id tag then see where else that non existant tag appears. hypothetically speaking of course.

    let me ask...do they respond to replys?
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  6. #6
    AFLAAACKKK!!
    Join Date
    Apr 2004
    Posts
    1,065
    Isnt that IP address yours in the "received from" line? Yeh, I think it is, when you type "ipconfig/all" in the command prompt, you get your computers ip address, so if you are trying to match that IP address with the IP address in the header it wont match. But your computer's IP address is not important in this case. We want your routers IP address, which is shown in the header you just showed us. Tracing that IP address would still lead you to a valid ISP.
    I am the uber duck!!1
    Proxy Tools

  7. #7
    Senior Member OverdueSpy's Avatar
    Join Date
    Nov 2002
    Posts
    556
    You may find these sites helpful.
    The first lists a slew of different e-mail clients and how to display the associated header information. http://www.abika.com/Reports/Samples...eaderguide.htm
    This one is a quick overview of deciphering an e-mail headder.
    http://www.usus.org/elements/tracing.htm
    The mentally handicaped are persecuted in this great country, and I say rightfully so! These people are NUTS!!!!

  8. #8
    BS, EnCE, ACE, Cellebrite 11001001's Avatar
    Join Date
    Mar 2002
    Location
    Just West of Beantown, though nobody from Beantown actually calls it "Beantown."
    Posts
    1,228
    Question: If it's spoofed the whole way down, can you be sure it's originating from an AOL account?

    If you can verify that they are using AOL, contact the local law enforcement. They can get subscriber information from AOL, and find out who owns the screen name. (Billing logs)
    That's Officer 11001001 to you...
    Now you see me | Now you don't
    "Relax, Bender; It was just a dream. There's no such thing as two." ~ Fry
    sometimes my computer goes down on me

  9. #9
    Like everybody else here said, report this to law enforcement. I have a feeling you won't really catch who did it if they know what they are doing. That AOL account could very well be stolen and with plenty of exploitable SMTP servers and proxies it could be a while or never. Maybe if your friend changed their account and avoided posting the new account in connection with their name.

    -Cheers-

  10. #10
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    My experience with the fine folks at the AOL NOC has been nothing short of useless. The *only* time they get their asses in gear is if a request comes in from federal, state, or local law enforcement. The sad reality here is that if you pursue this as a private citizen, you'll be ignored. I have several contacts inside AOL's northern VA facility and all of them have the same story. AOL receives *thousands and thousands* of complaints a day and they run them through a home grown script that applies some criteria checks to the e-mails. If a hit occurs, it gets kicked off to an analyst. Now, if you are law enforcement, you have a private phone# and e-mail address that is serviced immediately.

    Anyway, not much help in tracking down your spoofer but I do want you to know that your chances of finding the person are stacked heavily against you.

    Sorry I don't have better news.



    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •