Security Basics mailing list archives
Re: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail
From: "KoRe MeLtDoWn" <koremeltdown () hotmail com>
Date: Wed, 28 May 2003 17:23:22 +0000
Hi there Stephen,What you need to do first off evaluate the is look at the email header, and look for the IP address that sent the email. Once it is determined which IP address created the email, do a reverse DNS on that IP address. This can be done quickly and effieciently at http://remote.12dt.com/rns/ without any hassles. if for example your reverse dns reveals a hostname of 210-54-108.dialup.xtra.co.nz then you would visit xtra.co.nz and determine weither or not they are an ISP. After this, you can gather contact email addresses for the ISP. You would then write to the ISP; though calling it if it is local may produce better results and inform them of the incident, including an EXACT dialog, the time it took place, informing them that it was one of your users that was the target, and give them a little reminder that what has taken place is highly illegal and needs to be acted apon internally or you have the right to take legal action. From here; your ISP is not legally oibliged to give you the information of the account holder that was using the said IP at the time the email was sent; HOWEVER they are legally abliged (in most civilised countries at least) to give contact details to law enforcement if such a request is to be made of them. If they refuse to give you the information personally (and they will) then your only other option of finding out who is responsible is to phone the police; whom will take criminal action against the offender. This would involve the usual cyber crime task forces etc tracking the person - they would essentially do what Ihave just explained, and possibly a little more :)
If you have any problems with any of the email header stuff drop me a line and I will get the information you need.
Good Luck. Kind regards, Hamish Stanaway Absolute Web Hosting / -= KoRe WoRkS Internet Security Owner/Operator Auckland New Zealand http://www.webhosting.net.nz/ http://www.buywebhosting.co.nz/ http://www.koreworks.com/
From: "steve baker" <stephenbbaker () hotmail com> To: security-basics () securityfocus comSubject: Distressing, possibly life threatening emails from free accounts (yahoo, hotmailDate: Tue, 27 May 2003 12:38:58 -0400 MIME-Version: 1.0 X-Originating-IP: [167.199.152.207] X-Originating-Email: [stephenbbaker () hotmail com]Received: from outgoing2.securityfocus.com ([205.206.231.26]) by mc6-f42.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Wed, 28 May 2003 10:00:56 -0700 Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])by outgoing2.securityfocus.com (Postfix) with QMQPid 354EA8F4EC; Wed, 28 May 2003 10:18:49 -0600 (MDT)Received: (qmail 5892 invoked from network); 27 May 2003 16:12:02 -0000 X-Message-Info: JGTYoYF78jEHjJx36Oi8+Q1OJDRSDidP Mailing-List: contact security-basics-help () securityfocus com; run by ezmlm Precedence: bulk List-Id: <security-basics.list-id.securityfocus.com> List-Post: <mailto:security-basics () securityfocus com> List-Help: <mailto:security-basics-help () securityfocus com> List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com> List-Subscribe: <mailto:security-basics-subscribe () securityfocus com> Delivered-To: mailing list security-basics () securityfocus com Delivered-To: moderator for security-basics () securityfocus com Message-ID: <BAY8-F117HfbBfbEc7m00018422 () hotmail com>X-OriginalArrivalTime: 27 May 2003 16:38:58.0943 (UTC) FILETIME=[78DFA0F0:01C3246E] Return-Path: security-basics-return-19744-koremeltdown=hotmail.com () securityfocus comOne of our users has received questionable and possibly life threateningemails from a yahoo account that was created recently. They have approachedus to find out as much as we can pertaining to the person sending it. Of course, we are not YAHOO so we cannot determine anything about the mail other than the content. How can we find out who sent this? _________________________________________________________________STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail--------------------------------------------------------------------------- ----------------------------------------------------------------------------
_________________________________________________________________MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail, (continued)
- Re: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail Todd (May 29)
- Re: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail David Fetter (May 29)
- Re: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail David J. Bianco (May 29)
- Re: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail Florian Streck (May 29)
- Re: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail Shaun Moore (May 29)
- Re: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail Bennett Todd (May 29)
- RE: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail Joe Osborn (May 29)
- RE: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail list (May 30)
- RE: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail Mike Heitz (May 29)
- Re: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail bsec (May 29)
- Re: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail KoRe MeLtDoWn (May 29)
- RE: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail John Canty (May 29)
- Re: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail Ken Horton (May 29)
- Re: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail khayes (May 30)
- Re: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail David Vertie (May 30)
- RE: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail Gross Barry D. (May 30)