nanog mailing list archives
Re: more news from Google
From: Gadi Evron <ge () linuxbox org>
Date: Sat, 16 Jan 2010 00:27:34 +0200
On 1/14/10 12:31 AM, Steven Bellovin wrote:
On Jan 13, 2010, at 5:26 PM, msheldon () cox net wrote:From a single detection of one hostile email you can often expand the picture to many mail recipients. A little open source research identifies the common community the recipients belong to. It's pretty straight forward.The magic phrase is "traffic analysis" -- look at the accounts of known targets of interest, and see the usernames, IP addresses, etc., of their correspondents. Recurse as needed.
I am unsure about the term straight-forward, as even the easy cases take a lot of time.
Gadi
--Steve Bellovin, http://www.cs.columbia.edu/~smb
-- Gadi Evron, ge () linuxbox org. Blog: http://gevron.livejournal.com/
Current thread:
- Re: more news from Google, (continued)
- Re: more news from Google Joel Jaeggli (Jan 13)
- Re: more news from Google Leo Bicknell (Jan 13)
- RE: more news from Google Nathan Eisenberg (Jan 13)
- Re: more news from Google Fred Baker (Jan 15)
- Re: more news from Google Randy Bush (Jan 15)
- Re: more news from Google Adam Fields (Jan 15)
- RE: more news from Google Stefan Fouant (Jan 13)
- Re: more news from Google msheldon (Jan 13)
- Re: more news from Google Steven Bellovin (Jan 13)
- Re: more news from Google Joe Greco (Jan 13)
- Re: more news from Google Gadi Evron (Jan 15)
- Re: more news from Google Steven Bellovin (Jan 13)