-
May 13th, 2005, 07:28 PM
#1
Junior Member
tracing a mail
How can i trace a email with this header??:
Return-Path: <anonymous@canpol.pl>
Received: from mx6.go2.pl (mx6.go2.pl [193.17.41.46])
by box21 SERVER; Fri, 13 May 2005 20:20:46 +0200
X-mf: first3.pl v0.6
Received: by mx6.go2.pl (Postfix)
id B213795053; Fri, 13 May 2005 20:00:30 +0200 (CEST)
Delivered-To: piotrek_no_1@o2.pl
Received: from mx6.go2.pl (localhost [127.0.0.1])
by mx6.go2.pl (Postfix) with ESMTP id A326C950CD
for <piotrek_no_1@o2.pl>; Fri, 13 May 2005 20:00:30 +0200 (CEST)
Received: from canpol.pl (canpol.pl [193.238.43.202])
by mx6.go2.pl (Postfix) with ESMTP
for <piotrek_no_1@o2.pl>; Fri, 13 May 2005 20:00:30 +0200 (CEST)
Received: (qmail 17921 invoked by uid 33); 13 May 2005 18:07:08 -0000
Date: 13 May 2005 18:07:08 -0000
Message-ID: <20050513180708.17920.qmail@canpol.pl>
To: piotrek_no_1@o2.pl
Subject: Smierc zlodziejom!!!
From: piotrek_no_1@o2.pl
Reply-To: piotrek_no_1@o2.pl
X-Mailer: PHP/4.3.10-2
<Text of the message>
please help me i would like to get this guys e_mail.tell me how
-
May 13th, 2005, 07:41 PM
#2
If its spam, theres a good chance it was sent through an open relay which makes it 100% impossible to track, unless you host the mail server that he was using. Even in that case you wouldn't be able to trace it back to an email address, only at most an originating IP. Email doesn't force you to give a valid return address. Its just like regular mail. If I want to snail mail you a nasty gram, I could put "The President of the US, 1600 Penn Ave" on the return address and there would be no way for you to find who really sent it.
-
May 13th, 2005, 07:44 PM
#3
Based on the subject line it looks like it's probably an e-mail from a computer infected with a Sober virus variant so any info is probably spoofed any way.
\"You got a mouth like an outboard motor..all the time putt putt putt\" - Foghorn Leghorn
-
May 13th, 2005, 07:46 PM
#4
Junior Member
i thught so...thanks for help anyway... **cking servers without authorisation!
-
May 13th, 2005, 07:46 PM
#5
Do you want to traceRout the email ... to know the source ..... you can Namp .... you can find a lot of tutorial ... IronGeek's tutorials are great and highly recommended .... but as and instance reply .. you can copy the sender's IP to the traceRout in the link below ... and also you can NsLookup it ....
http://www.all-nettools.com/toolbox
I don't think that this message has been sent to you directly .... they used something like mass mailing or re-mailers .... Or even some malware ...
cheers
\"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts\".....Spaf
Everytime I learn a new thing, I discover how ignorant I am.- ... Black Cluster
-
May 13th, 2005, 07:48 PM
#6
Junior Member
BTW i thought it's impossible to spoof in WINXP as raw sockets are blocked...?
-
May 13th, 2005, 09:41 PM
#7
Spoofing an email isn't spoofing the IP address, it's spoofing the headers to hide the original sender. Usually it doesn't work well if the recipient is competent enough to read the headers themselves though it works well with some of the larger ISP that don't put the IP address of the originating machine in the headers,
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
May 14th, 2005, 04:19 AM
#8
Originally posted here by piotrek_no_1
BTW i thought it's impossible to spoof in WINXP as raw sockets are blocked...?
No, you're wrong. The word "impossible" is the reason you're wrong.
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
-
May 14th, 2005, 09:23 AM
#9
Junior Member
yoe u're right impossible isn't a good word. I was looking for a way to do this on WINXP...maby you'll tell me?
-
May 14th, 2005, 03:33 PM
#10
Raw sockets are disabled with certain updates and patches. If you want to use tcp over raw sockets in Windows XP, you need to make certain these patches are removed.
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|