|
-
April 25th, 2004, 08:34 PM
#24
Heretic's answer actually depends upon the ISP. Read the mail headers from the bottom up. You will often find that the first, (ie, last), "received from" will be prior to an actual mail server, (actual mail servers usually are reverse DNSable, (think I just invented a word  ), thus it will show in the by portion of the received from line as both an IP and a FQDN. For example:-
Received From 192.168.1.1 by 208.xxx.xxx.xxx (mailserver.theirISP.com) at ............
It might have a private address, (192.168 etc.), as the received from address which tells you the ISP NAT's the traffic an the sending host is not publicly available but often the host is publicly available.
In increasing cases ISP's are not reporting the originating station so Heretic is quite right but it always pays to read the mail headers. In the case of viruses you will almost always see the IP of the originating station because the receiving mail server, (your ISP's), treats it as a mail server itself and reports the IP. That should at least give you a clue as to who might have sent it.
Don\'t SYN us.... We\'ll SYN you..... 
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote