|
| Author |
Messages |
|
lameduck
SH
Posts:44
 |
| 09/23/2007 8:27 PM |
|
Re: [working-gundog] Return of the gunfighter!
Can any one on this list tell me how or if you can
find out what the computers address is on e-mails to outlook express. I can see
the numbers where hits come from on the counter. My interest is mainly can, or
how can I tell if the messages from a certain individual are coming from the
same computer. Such as I can send mail from here or I can go to another computer
here and I can go somewhere else and log on to the internet and check my mail
and send and receive from that remote place and use the same ole lameduck@lameduck.com How can
someone tell if I move around or knows If I did.
Ron
Ron
|
|
|
|
|
cwalt
MH
Posts:180
|
| 09/24/2007 7:48 AM |
|
| ----- Original Message -----
From: "Ron Stanfield, Lameduck.com"
To:
Sent: Sunday, September 23, 2007 10:10 PM
Subject: [working-gundog] Computer Question
Can any one on this list tell me how or if you can find out what the
computers address is on e-mails to outlook express. I can see the numbers
where hits come from on the counter. My interest is mainly can, or how can I
tell if the messages from a certain individual are coming from the same
computer. Such as I can send mail from here or I can go to another computer
here and I can go somewhere else and log on to the internet and check my
mail and send and receive from that remote place and use the same ole
lameduck@lameduck.com How can someone tell if I move around or knows If I
did.
Ron
Not certain exactly what you're asking but I'll offer a suggestion....
right click on an e-mail message... select ....properties / details /
message source. You can click on your own e-mail to a group and find your
own computer's number. For example your message shows the following
information:
Cj
Return-Path:
Delivered-To: cwalt@gwi.net
Received: (qmail 9351 invoked from network); 24 Sep 2007 02:18:48 -0000
Received: from exprod5mx230.postini.com (HELO psmtp.com) (64.18.0.116)
by mx.gwi.net with SMTP; 24 Sep 2007 02:18:48 -0000
Received: from source (.90.111.242]) by exprod5mx230.postini.com
(⏌.18.4.10]) with SMTP;
Sun, 23 Sep 2007 22:18:47 EDT
Received: from jupiter2.whc.net (unverified .90.111.25]) by
usamail.whc.net
(Vircom SMTPRS 2.1.255) with ESMTP id for
;
Sun, 23 Sep 2007 20:33:17 -0600
Received: from postal.wtconnect.com (postal.wtconnect.com ⏌.40.221.15])
by smtp4.whc.net (8.14.1/8.13.6/kbp) with SMTP
id for ;
Sun, 23 Sep 2007 20:18:05 -0600 (MDT)
Received: (qmail 5568 invoked from network); 24 Sep 2007 02:10:19 -0000
Received: from unknown (HELO youref1392cee2) (64.40.209.165)
by postal.wtconnect.com with SMTP; Sun, 23 Sep 2007 21:10:19 -0500
Message-ID: <007c01c7fe50$12677f80$0301000a@youref1392cee2>
From: "Ron Stanfield, Lameduck.com"
To:
References:
<006301c7fd52$2fc6ece0$2101a8c0@Briz>
Subject: [working-gundog] Computer Question
Date: Sun, 23 Sep 2007 21:10:25 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0079_01C7FE26.294A0E40"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
X-Spam-Status: No, hits=0.001 required=5
X-Scanned-By: MIMEDefang 2.63 on 204.90.111.225
Reply-To: working-gundog@web.whc.net
Sender: working-gundog-request@web.whc.net
X-pstn-levels: (S: 2.35604/99.89156 R:95.9108 P:95.9108 M:94.9308
C:98.6951 )
X-pstn-settings: 5 (2.0000:2.0000) s gt3 gt2 gt1 r p m c
X-pstn-addresses: from forward (user good)
/146]
This is a multi-part message in MIME format.
------=_NextPart_000_0079_01C7FE26.294A0E40
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Re: [working-gundog] Return of the gunfighter!Can any one on this list =
tell me how or if you can find out what the computers address is on =
e-mails to outlook express. I can see the numbers where hits come from =
on the counter. My interest is mainly can, or how can I tell if the =
messages from a certain individual are coming from the same computer. =
Such as I can send mail from here or I can go to another computer here =
and I can go somewhere else and log on to the internet and check my mail =
and send and receive from that remote place and use the same ole =
lameduck@lameduck.com How can someone tell if I move around or knows If =
I did.
Ron
Ron
|
|
|
|
|
azwhitemtndogs3
Posts:16
|
| 09/24/2007 8:26 AM |
|
You look for the ITS address. Someone with more techy knowledge will have to tell you how to do that. My son can do that on my computer all the time. He's techy.
Cj wrote: ----- Original Message -----
From: "Ron Stanfield, Lameduck.com"
To:
Sent: Sunday, September 23, 2007 10:10 PM
Subject: [working-gundog] Computer Question
Can any one on this list tell me how or if you can find out what the
computers address is on e-mails to outlook express. I can see the numbers
where hits come from on the counter. My interest is mainly can, or how can I
tell if the messages from a certain individual are coming from the same
computer. Such as I can send mail from here or I can go to another computer
here and I can go
somewhere else and log on to the internet and check my
mail and send and receive from that remote place and use the same ole
lameduck@lameduck.com How can someone tell if I move around or knows If I
did.
Ron
Not certain exactly what you're asking but I'll offer a suggestion....
right click on an e-mail message... select ....properties / details /
message source. You can click on your own e-mail to a group and find your
own computer's number. For example your message shows the following
information:
Cj
Return-Path:
Delivered-To: cwalt@gwi.net
Received: (qmail 9351 invoked from network); 24 Sep 2007 02:18:48 -0000
Received: from exprod5mx230.postini.com (HELO psmtp.com) (64.18.0.116)
by mx.gwi.net with SMTP; 24 Sep 2007 02:18:48 -0000
Received: from source (.90.111.242]) by exprod5mx230.postini.com
(⏌.18.4.10]) with SMTP;
Sun, 23 Sep 2007 22:18:47 EDT
Received: from
jupiter2.whc.net (unverified .90.111.25]) by
usamail.whc.net
(Vircom SMTPRS 2.1.255) with ESMTP id for
;
Sun, 23 Sep 2007 20:33:17 -0600
Received: from postal.wtconnect.com (postal.wtconnect.com ⏌.40.221.15])
by smtp4.whc.net (8.14.1/8.13.6/kbp) with SMTP
id for ;
Sun, 23 Sep 2007 20:18:05 -0600 (MDT)
Received: (qmail 5568 invoked from network); 24 Sep 2007 02:10:19 -0000
Received: from unknown (HELO youref1392cee2) (64.40.209.165)
by postal.wtconnect.com with SMTP; Sun, 23 Sep 2007 21:10:19 -0500
Message-ID: <007c01c7fe50$12677f80$0301000a@youref1392cee2>
From: "Ron Stanfield, Lameduck.com"
To:
References:
<006301c7fd52$2fc6ece0$2101a8c0@Briz>
Subject: [working-gundog] Computer
Question
Date: Sun, 23 Sep 2007 21:10:25 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0079_01C7FE26.294A0E40"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
X-Spam-Status: No, hits=0.001 required=5
X-Scanned-By: MIMEDefang 2.63 on 204.90.111.225
Reply-To: working-gundog@web.whc.net
Sender: working-gundog-request@web.whc.net
X-pstn-levels: (S: 2.35604/99.89156 R:95.9108 P:95.9108 M:94.9308
C:98.6951 )
X-pstn-settings: 5 (2.0000:2.0000) s gt3 gt2 gt1 r p m c
X-pstn-addresses: from forward (user good)
/146]
This is a multi-part message in MIME format.
------=_NextPart_000_0079_01C7FE26.294A0E40
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Re: [working-gundog] Return of the
gunfighter!Can any one on this list =
tell me how or if you can find out what the computers address is on =
e-mails to outlook express. I can see the numbers where hits come from =
on the counter. My interest is mainly can, or how can I tell if the =
messages from a certain individual are coming from the same computer. =
Such as I can send mail from here or I can go to another computer here =
and I can go somewhere else and log on to the internet and check my mail =
and send and receive from that remote place and use the same ole =
lameduck@lameduck.com How can someone tell if I move around or knows If =
I did.
Ron
Ron
Phyllis @ Mesa, AZ
|
|
|
|
|
jerry
JH
Posts:31
|
| 09/24/2007 8:49 AM |
|
As cj pointed out, clicking on properties shows you the message "source".
If you look at the
header information, which appears above the actual message, you'll see where
the email came
from. Starting from the BOTTOM of the header info you'll note the word, "Received:
" along
with some information which includes an IP address. In your case, the IP
address is as follows:
"64.40.209.165". This address is registered to Telstar Communications (in
a city in TX). Reading
the information bottom to top, you can see other "Received: " lines. These
show the hops the
email took to get to the recipient. In many cases you can determine an email's
origin in this manner.
However, hackers can "spoof" these addresses. Also, it's the work of a moment
to change the "From: "
field to anything you want.
There is a lot more to this, but the above (and cj's response) are a good
start...
Jerry
Ron Stanfield, Lameduck.com wrote:
Re: [working-gundog] Return of the gunfighter!
Can any one on this list tell me how or
if you can find out what the computers address is on e-mails to outlook
express. I can see the numbers where hits come from on the counter. My interest
is mainly can, or how can I tell if the messages from a certain individual
are coming from the same computer. Such as I can send mail from here or
I can go to another computer here and I can go somewhere else and log on
to the internet and check my mail and send and receive from that remote
place and use the same ole lameduck@lameduck.com How
can someone tell if I move around or knows If I did.
Ron
Ron
|
|
|
|
|
jmurr
MH
Posts:158
|
| 09/24/2007 11:23 AM |
|
| I started to say something last night but didn't have the time.
Now that Jerry has determined that your email came from a server at Telstar (I
think that's what he said) we know you are not running a computer at your place
continuously as a server. (I think). I believe this means you should be able to
access your email account using OE from any computer anywhere... I think that may
have been your question - or one of them? But, when you do this from a computer
other than the one "at home" which you usually use you will remove the received
messages from the server at Telstar unless you are able to set an option which
leaves them there. This means, when you go "home" your messages will not be
available to download to the "home" computer without setting options properly. An
alternative may be to read the messages with a webmail program somewhere. I
believe one can do this at Yahoo through a Yahoo email account and Telstar may have
a webmail application running which you can access. That is precisely what I am
doing now - using the webmail application on acsalasca.com to read, delete junk,
and reply to your email from my daughter's machine.
On many accounts the last number of the IP address changes every time one logs a
particular computer onto the net. Since you have a "personal" domain name
(lameduck.com) I think your IP address - those four numbers separated by periods -
will be static and never change. Mine, however, is dynamic and the last segment
will generally be different each time I log on. So, if you want to know whether
emails you do not appreciate receiving are all coming from the same person - answer
is - no, if that person uses a bunch of different computers and ISP accounts.
There may be ways one person on one computer can accomplish this feat as well but I
don't know how that is done.
Hope all this helps.
Jere
> As cj pointed out, clicking on properties shows you the message
> "source". If you look at the
> header information, which appears above the actual message, you'll see where the
> email came
> from. Starting from the BOTTOM of the header info you'll note the word, "Received:
> " along
> with some information which includes an IP address. In your case, the IP address
> is as follows:
> "64.40.209.165". This address is registered to Telstar Communications (in a city
> in TX). Reading
> the information bottom to top, you can see other "Received: " lines. These show
> the hops the
> email took to get to the recipient. In many cases you can determine an email's
> origin in this manner.
> However, hackers can "spoof" these addresses. Also, it's the work of a moment to
> change the "From: "
> field to anything you want.
>
> There is a lot more to this, but the above (and cj's response) are a good start...
>
> Jerry
>
> Ron Stanfield, Lameduck.com wrote:
> Re: [working-gundog] Return of the gunfighter! Can any one
> on this list tell me how or if you can find out what the computers address is
> on e-mails to outlook express. I can see the numbers where hits come from on
> the counter. My interest is mainly can, or how can I tell if the messages from
> a certain individual are coming from the same computer. Such as I can send
> mail from here or I can go to another computer here and I can go somewhere
> else and log on to the internet and check my mail and send and receive from
> that remote place and use the same ole lameduck@lameduck.com How can someone
> tell if I move around or knows If I did. Ron Ron
|
|
|
|
|
jerry
JH
Posts:31
|
| 09/24/2007 11:46 AM |
|
Jere Murray wrote:
So, if you want to know whether
emails you do not appreciate receiving are all coming from the same person - answer
is - no, if that person uses a bunch of different computers and ISP accounts.
There may be ways one person on one computer can accomplish this feat as well but I
don't know how that is done.
Well said, Jere. It really isn't possible to refine the origin of an email that came
from an ISP to an individual without access to the ISP's internal records. Telstar, for
example, as well as all other ISPs, own a range of IP addresses. Telstar might have the
range of 64.40.209.00 to 64.40.209.255. If they were a very large provider, it might even
be 64.40.000.000 to 64.40.255.255, which is a lot of addresses! So every time someone logs
on to their ISP to send an email, they could conceivable have any one of those addresses
assigned to them temporarily.
|
|
|
|
|
jmurr
MH
Posts:158
|
| 09/24/2007 2:56 PM |
|
| Of course, if all the unwanted emails are coming from a single ISP; the chances
that they are all coming from an single individual using that ISP are higher than
if they are coming from different ISPs. One way to find out some of the pertinent
stuff is to use the search at http://www.networksolutions.com/whois/index.jsp
Jerry, are there ways to make one's emails look like they are coming from various
places around the world or is there always a valid sequence of addresses in the
email header? I have heard of ways to disguise the email address but the question
is can the ISP address be disguised?
Jere
> Jere Murray wrote:
> So, if you want to know whether emails you do not appreciate receiving are all
> coming from the same person - answer is - no, if that person uses a bunch of
> different computers and ISP accounts. There may be ways one person on one
> computer can accomplish this feat as well but I don't know how that is done.
> Well said, Jere. It really isn't possible to refine the origin of an email that
> came from an ISP to an individual without access to the ISP's internal records.
> Telstar, for example, as well as all other ISPs, own a range of IP addresses.
> Telstar might have the range of 64.40.209.00 to 64.40.209.255. If they were a
> very large provider, it might even be 64.40.000.000 to 64.40.255.255, which is
> a lot of addresses! So every time someone logs on to their ISP to send an
> email, they could conceivable have any one of those addresses assigned to them
> temporarily.
>
|
|
|
|
|
jerry
JH
Posts:31
|
| 09/24/2007 4:26 PM |
|
Jere Murray wrote:
Jerry, are there ways to make one's emails look like they are coming from various
places around the world or is there always a valid sequence of addresses in the
email header? I have heard of ways to disguise the email address but the question
is can the ISP address be disguised?
Yes, absolutely. There are lots of hacks to make your email look like it
came from somewhere else. Do a
search on email spoofing for more information than you really wanted to
know! Aside from spoofing, spam
is often distributed by computers which have been infected with a virus.
These machines are known as "bots"
and the victims often aren't even aware that their machines are infected.
A large bot-net can send millions of
spams all over the place as well as execute huge Denial Of Service attacks
on computer targets.
It's a dark world out there...
Jere
Jere Murray wrote:
So, if you want to know whether emails you do not appreciate receiving are all
coming from the same person - answer is - no, if that person uses a bunch of
different computers and ISP accounts. There may be ways one person on one
computer can accomplish this feat as well but I don't know how that is done.
Well said, Jere. It really isn't possible to refine the origin of an email that
came from an ISP to an individual without access to the ISP's internal records.
Telstar, for example, as well as all other ISPs, own a range of IP addresses.
Telstar might have the range of 64.40.209.00 to 64.40.209.255. If they were a
very large provider, it might even be 64.40.000.000 to 64.40.255.255, which is
a lot of addresses! So every time someone logs on to their ISP to send an
email, they could conceivable have any one of those addresses assigned to them
temporarily.
|
|
|
|
|
jmurr
MH
Posts:158
|
| 09/24/2007 7:33 PM |
|
| Jerry, AHHH so, I had checked "anonymizer" and found some stuff but no way to
avoid the "proper" logging of the culprits ISP address. Now I see at least one
way.
Thanks,
Any more questions, Ron?
Jere
> Jere Murray wrote:
> Jerry, are there ways to make one's emails look like they are coming from
> various places around the world or is there always a valid sequence of
> addresses in the email header? I have heard of ways to disguise the email
> address but the question is can the ISP address be disguised? Yes, absolutely.
> There are lots of hacks to make your email look like it came from somewhere
> else. Do a
> search on email spoofing for more information than you really wanted to know!
> Aside from spoofing, spam
> is often distributed by computers which have been infected with a virus. These
> machines are known as "bots"
> and the victims often aren't even aware that their machines are infected. A large
> bot-net can send millions of
> spams all over the place as well as execute huge Denial Of Service attacks on
> computer targets.
>
> It's a dark world out there...
>
> Jere Jere Murray wrote: So, if you want to know
> whether emails you do not appreciate receiving are all coming from the same
> person - answer is - no, if that person uses a bunch of different computers
> and ISP accounts. There may be ways one person on one computer can
> accomplish this feat as well but I don't know how that is done. Well said,
> Jere. It really isn't possible to refine the origin of an email that came
> from an ISP to an individual without access to the ISP's internal records.
> Telstar, for example, as well as all other ISPs, own a range of IP
> addresses. Telstar might have the range of 64.40.209.00 to 64.40.209.255. If
> they were a very large provider, it might even be 64.40.000.000 to
> 64.40.255.255, which is a lot of addresses! So every time someone logs on to
> their ISP to send an email, they could conceivable have any one of those
> addresses assigned to them temporarily.
> --
> Mlink Mlink.com, LLC Knowledge is Power Jerry
> Nicholson, President, CHFI PO Box 101 Canaan, NH 03741
> 603.523.8398 www.mlink.com www.mdcforensics.com
>
|
|
|
|
|
lameduck
SH
Posts:44
|
| 09/24/2007 11:00 PM |
|
| No. Not right now. I have learned more than I'm capable of retaining in one
day.
Thank You
Ron
----- Original Message -----
From: "Jere Murray"
To:
Sent: Monday, September 24, 2007 8:24 PM
Subject: Re: [working-gundog] Computer Question
> Jerry, AHHH so, I had checked "anonymizer" and found some stuff but no
> way to
> avoid the "proper" logging of the culprits ISP address. Now I see at
> least one
> way.
>
> Thanks,
>
> Any more questions, Ron?
>
> Jere
>
>> Jere Murray wrote:
>> Jerry, are there ways to make one's emails look like they are coming
>> from
>> various places around the world or is there always a valid sequence of
>> addresses in the email header? I have heard of ways to disguise the
>> email
>> address but the question is can the ISP address be disguised? Yes,
>> absolutely.
>> There are lots of hacks to make your email look like it came from
>> somewhere
>> else. Do a
>> search on email spoofing for more information than you really wanted to
>> know!
>> Aside from spoofing, spam
>> is often distributed by computers which have been infected with a virus.
>> These
>> machines are known as "bots"
>> and the victims often aren't even aware that their machines are
>> infected. A large
>> bot-net can send millions of
>> spams all over the place as well as execute huge Denial Of Service
>> attacks on
>> computer targets.
>>
>> It's a dark world out there...
>>
>> Jere Jere Murray wrote: So, if you want
>> to know
>> whether emails you do not appreciate receiving are all coming from the
>> same
>> person - answer is - no, if that person uses a bunch of different
>> computers
>> and ISP accounts. There may be ways one person on one computer can
>> accomplish this feat as well but I don't know how that is done. Well
>> said,
>> Jere. It really isn't possible to refine the origin of an email that came
>> from an ISP to an individual without access to the ISP's internal
>> records.
>> Telstar, for example, as well as all other ISPs, own a range of IP
>> addresses. Telstar might have the range of 64.40.209.00 to 64.40.209.255.
>> If
>> they were a very large provider, it might even be 64.40.000.000 to
>> 64.40.255.255, which is a lot of addresses! So every time someone logs on
>> to
>> their ISP to send an email, they could conceivable have any one of those
>> addresses assigned to them temporarily.
>> --
>> Mlink Mlink.com, LLC Knowledge is Power
>> Jerry
>> Nicholson, President, CHFI PO Box 101 Canaan, NH 03741
>> 603.523.8398 www.mlink.com www.mdcforensics.com
>>
>
>
>
>
|
|
|
|
|
azwhitemtndogs3
Posts:16
|
| 09/25/2007 9:04 AM |
|
Jere, My son is a networking engineer and works in security. I can ask him.
Jere Murray wrote: Of course, if all the unwanted emails are coming from a single ISP; the chances
that they are all coming from an single individual using that ISP are higher than
if they are coming from different ISPs. One way to find out some of the pertinent
stuff is to use the search at http://www.networksolutions.com/whois/index.jsp
Jerry, are there ways to make one's emails look like they are coming from various
places around the world or is there always a valid sequence of addresses in the
email header? I have heard of ways to disguise the email address but the question
is can the ISP address be disguised?
Jere
> Jere Murray wrote:
> So, if you want to know
whether emails you do not appreciate receiving are all
> coming from the same person - answer is - no, if that person uses a bunch of
> different computers and ISP accounts. There may be ways one person on one
> computer can accomplish this feat as well but I don't know how that is done.
> Well said, Jere. It really isn't possible to refine the origin of an email that
> came from an ISP to an individual without access to the ISP's internal records.
> Telstar, for example, as well as all other ISPs, own a range of IP addresses.
> Telstar might have the range of 64.40.209.00 to 64.40.209.255. If they were a
> very large provider, it might even be 64.40.000.000 to 64.40.255.255, which is
> a lot of addresses! So every time someone logs on to their ISP to send an
> email, they could conceivable have any one of those addresses assigned to them
> temporarily.
>
Phyllis @
Mesa, AZ
|
|
|
|
|
jmurr
MH
Posts:158
|
| 09/25/2007 12:59 PM |
|
| Hi Phyllis, it would be interesting to see what he says. He probably won't want
the details put out on a public place like this though anyone with a little
knowlege and willing to climb a learning curve can find out on the net.
I have already found one way - by actually "creeping" into someone elses computer
through the email port one can make emails look like they are coming from the
attacked computer. This takes a level of sophistication beyond the average
computer user, but it is possible.
Jere
> Jere,
> My son is a networking engineer and works in security. I can ask him.
|
|
|
|
|
jerry
JH
Posts:31
|
| 09/25/2007 1:05 PM |
|
Jere Murray wrote:
I have already found one way - by actually "creeping" into someone elses computer
through the email port one can make emails look like they are coming from the
attacked computer. This takes a level of sophistication beyond the average
computer user, but it is possible.
It's actually pretty easy to write your own email client, using the SMTP
protocol. Once you've done that
you can "originate" emails from many email servers across the internet.
That "creeping" you mentioned is why absolutely everybody ought to be running
a firewall as well
as anti-spyware and anti-virus software. Without a firewall you WILL be hacked,
eventually.
|
|
|
|
|
|
| You are not authorized to post a reply. |
|
|
|
ActiveForums 3.7
|
You must be logged in to use this module.
|