IP Spoofing through Hotmail?
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: IP Spoofing through Hotmail?

  1. #1
    Junior Member
    Join Date
    Dec 2004
    Posts
    13

    IP Spoofing through Hotmail?

    Hi, I wanted to ask if it’s possible to spoof your IP trough Hotmail now, because lately I’m getting mails with “weird” headers.
    I only have this problem with the emails of this one particular person…so this seems kinda fishy to me.

    We have been mailing each other for a while now and usually it’s no problem for me to check his IP.
    However, when I tried look up the IP in his latest mails I had to notice that not only has it changed but what’s even more confusing, the Sender IP is now the same as the one from Hotmail (well not exactly the same, the last two or three digits are different but still they’re both Hotmail IPs…I’ve checked it).

    How is that possible? I thought every time you send an email, the mail service transmits your real IP and there’s no way to stop or influence that.
    I mean sure the “X-Originating-IP” can be manipulated but at least the “Received: from 64.4.56.210 by…” line should be hacking proof.
    Obviously, he didn’t use any proxies either, otherwise I would have get a fake IP and not the one from Hotmail.
    I wouldn’t be surprised if he is trying to spoof his IP really, since we had a discussion about this issue (anonymity on the net) once + he’s very secretive and like I said, I only have these kinda problems with his mails. I can still easily check the IP of other people with hotmail accounts.
    Also, he mentioned something about attending college lately…do you guys think that he could have done all this “spoofing shit” with/trough his university's server (I mean do you think that this has something to do with it?)?

    Here’s the header and thanks in forward for any replies (I’ve marked the lines where his real IP should be):



    Received: from [64.4.56.37] (helo=hotmail.com)
    by mx22.web.de with esmtp (WEB.DE 4.104 #268)
    id 1DAF3k-0001Gw-00
    for guy@unknown.com; Sat, 12 Mar 2005 23:26:12 +0100
    Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
    Sat, 12 Mar 2005 14:26:11 -0800
    Message-ID: <BAY101-F273DDFA8F08749140F6716C2540@phx.gbl>
    Received: from 64.4.56.210 by by101fd.bay101.hotmail.msn.com with HTTP;
    Sat, 12 Mar 2005 22:26:11 GMT
    X-Originating-IP: [64.4.56.210]
    X-Originating-Email: [XXXX@hotmail.com]
    X-Sender: XXXX@hotmail.com
    From: "XX XXX" <XXXX@hotmail.com>
    To: guy@unknown.com
    Bcc:
    Subject: hey
    Date: Sat, 12 Mar 2005 16:26:11 -0600
    Mime-Version: 1.0
    Content-Type: text/plain; format=flowed
    X-OriginalArrivalTime: 12 Mar 2005 22:26:11.0690 (UTC) FILETIME=[7EBACCA0:01C52752]
    Sender: XXXX@hotmail.com



    P.S.: I’m sure both IPs are from Hotmail (Redmont,Washington) "[64.4.56.37] (helo=hotmail.com)" and "Received: from 64.4.56.210 ", you can use any online IP locator to confirm this yourself .

  2. #2
    Senior Member
    Join Date
    Jul 2003
    Posts
    634
    it looks fairly normal to me, what exactly is wrong with it?

    Maybe he's using a proxy or just a webproxy. - although I still can't see whats wrong with it.

    you might find this link useful - http://www.stopspam.org/email/headers.html

    i2c

  3. #3
    Junior Member
    Join Date
    Dec 2004
    Posts
    13
    thanks for the link,
    the problem is that the Sender IP is now the same as the one from Hotmail, so I don't think he's using any proxies.
    I mean he couldn't have done this with a proxy server since proxies just "give" you a fake IP from anywhere but don't/can't "imitate" Hotmail IPs.

  4. #4
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Step back and look at the bigger picture. Has Hotmail always placed his computer IP in the header? Is he using an smtp program to create and send the mail through Hotmail, or is he using the hotmail.com website to create and send messages in the browser?

    I don't see why his IP would EVER be included in the header if he's using the webform. I am not immediately familiar with the RFC for email and headers and whatnot, but I would think that goes against the point of headers. There's a reason why law enforcement (in the US anyway) has to get warrants signed by a judge when tracking email from these free web-based email services; they have to go to the service with the warrant and have them dig up the IP from their logs.

    I would bet he was using an email client (Outlook Express or something) to send email, and has now started using the web interface.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    I think Zencoder may have the answer. I read a little while back that MS were no longer supporting the use of Outlook and Outlook Express for free accounts. They first stopped it for new accounts but were going to phase the others out by the end of April.

    That would now force the guy to use the Hotmail client.

  6. #6
    Senior Member
    Join Date
    May 2004
    Posts
    206
    I'm using Outlook Express with a free hotmail account, and I'm going to be pissed if it stops working, but as of now it still works fine.
    It is better to die on your feet than to live on your knees.

  7. #7
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi Jareds~,

    Sorry to be the bearer of sad tidings.......here is the link:

    http://www.infoworld.com/article/04/...outlook_1.html

    If you want to continue with it, it looks like you will have to pay

  8. #8
    Junior Member
    Join Date
    Dec 2004
    Posts
    13
    Originally posted here by nihil
    I think Zencoder may have the answer. I read a little while back that MS were no longer supporting the use of Outlook and Outlook Express for free accounts. They first stopped it for new accounts but were going to phase the others out by the end of April.

    That would now force the guy to use the Hotmail client.
    I've read this too.
    http://www.pcworld.com/news/article/...RSS,RSS,00.asp

    However, there are programs (like Hotmail Popper) that are supposed to by-pass this limitation:
    "If you are not subscribed to MSN Hotmail Plus, you can try one of the tools that allow you to access web-based email accounts via any POP or, sometimes, IMAP account such as Outlook Express. FreePOPs, for example, uses an alternative interface that works with free Hotmail accounts."
    http://email.about.com/od/windowswebmailtools/

    Then again, I found this quote on the Hotmail Popper Homepage, which sort of contradicts that statement above...hmm:
    "Please Note: Microsoft has recently decided that only paying members will be able access Hotmail using outside services such as Hotmail Popper.Hotmail Popper will continue working with a "Hotmail Plus" (or equivalent MSN) account."

  9. #9
    Junior Member
    Join Date
    Dec 2004
    Posts
    13
    Originally posted here by zencoder
    Step back and look at the bigger picture. Has Hotmail always placed his computer IP in the header?
    yes, definately.

    Is he using an smtp program to create and send the mail through Hotmail, or is he using the hotmail.com website to create and send messages in the browser?
    I'm guessing that he never used any email clients and still sends his messages via an internet browser.

    I don't see why his IP would EVER be included in the header if he's using the webform. I am not immediately familiar with the RFC for email and headers and whatnot, but I would think that goes against the point of headers. There's a reason why law enforcement (in the US anyway) has to get warrants signed by a judge when tracking email from these free web-based email services; they have to go to the service with the warrant and have them dig up the IP from their logs.
    you're probably mistaken because as I mentioned before the IP of every other person who sends me an email through hotmail is always included correctly in the header. Besides, I've sent a test mail to myself, using the web interface and as expected my real IP came up.

    These are the headers (with and without proxies):

    ------------------------------------------------------------------------------------------------------------------------
    Received: from [65.54.247.39] (helo=hotmail.com)
    by mx08.web.de with esmtp (WEB.DE 4.104 #268)
    id 1DCQkQ-0007Zv-00
    for unknown@web.de; Sat, 19 Mar 2005 00:19:18 +0100
    Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
    Fri, 18 Mar 2005 15:19:17 -0800
    Message-ID: <*edited*>
    Received: from 68.190.16.2 by by2fd.bay2.hotmail.msn.com with HTTP;
    Fri, 18 Mar 2005 23:19:17 GMT
    X-Originating-IP: [68.190.16.2]
    X-Originating-Email: [XXXX@hotmail.com]
    X-Sender: XXXX@hotmail.com
    From: "XX XXX" <XXXX@hotmail.com>
    To: unknown@web.de
    Bcc:
    Subject: with proxy
    Date: Fri, 18 Mar 2005 23:19:17 +0000
    Mime-Version: 1.0
    Content-Type: text/plain; format=flowed
    X-OriginalArrivalTime: 18 Mar 2005 23:19:17.0614 (UTC) FILETIME=[E82AB8E0:01C52C10]
    Sender: XXXX@hotmail.com
    ------------------------------------------------------------------------------------------------------------------------

    Received: from [65.54.247.12] (helo=hotmail.com)
    by mx03.web.de with esmtp (WEB.DE 4.104 #268)
    id 1DCQgT-0000Bg-00
    for unknown@web.de; Sat, 19 Mar 2005 00:15:13 +0100
    Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
    Fri, 18 Mar 2005 15:15:11 -0800
    Message-ID: <*edited*>
    Received: from 217.185.#.# by by2fd.bay2.hotmail.msn.com with HTTP;
    Fri, 18 Mar 2005 23:15:11 GMT
    X-Originating-IP: [217.185.#.#]
    X-Originating-Email: [XXXX@hotmail.com]
    X-Sender: XXXX@hotmail.com
    From: "XX XXX" <XXXX@hotmail.com>
    To: unknown@web.de
    Bcc:
    Subject: without proxy
    Date: Fri, 18 Mar 2005 23:15:11 +0000
    Mime-Version: 1.0
    Content-Type: text/plain; format=flowed
    X-OriginalArrivalTime: 18 Mar 2005 23:15:11.0967 (UTC) FILETIME=[55BFF6F0:01C52C10]
    Sender: XXXX@hotmail.com
    ------------------------------------------------------------------------------------------------------------------------

    The fact that the header with proxies on totally differs from the mail server's (hotmail) IP, pretty much excludes the thought that he could have used a proxy.

  10. #10
    Senior Member
    Join Date
    Jul 2004
    Posts
    469
    Do you know this "one particular person"? Maybe ask him what the deal is?

    Anyone know what IP range MSN gives out for its dialup customers? Its possible that this is just a dynamic address that was assigned to him when he dialed in from somewhere.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •