Tracing Mail - Myweb @ CW Post
advertisement
Tracing email Headers Return-path: <delebelgore08@hotmail.com> Received: from mta23.srv.hcvlny.cv.net (mta23.srv.hcvlny.cv.net [167.206.5.184]) by mstr2.srv.hcvlny.cv.net (Sun Java System Messaging Server 6.2-4.03 (built Sep 22 2005)) with ESMTP id <0IQP000AVPO05S10@mstr2.srv.hcvlny.cv.net> for cmalinow@optonline.net; Tue, 29 Nov 2005 05:40:50 -0500 (EST) Received: from hotmail.com (bay114-dav14.bay114.hotmail.com [65.54.169.86]) by mta23.srv.hcvlny.cv.net (Sun Java System Messaging Server 6.2-4.03 (built Sep 22 2005)) with ESMTP id <0IQP00ADOPO0MBP2@mta23.srv.hcvlny.cv.net> for cmalinow@optonline.net (ORCPT cmalinow@optonline.net); Tue, 29 Nov 2005 05:40:49 -0500 (EST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 29 Nov 2005 02:40:48 -0800 Received: from 212.100.250.216 by BAY114-DAV14.phx.gbl with DAV; Tue, 29 Nov 2005 10:40:48 +0000 Date: Tue, 29 Nov 2005 11:47:47 +0100 From: Dele Belgore <delebelgore08@hotmail.com> Subject: Dear Malinowski (Urgent/Confidential Request) X-Originating-IP: [212.100.250.216] X-Sender: delebelgore08@hotmail.com Bcc: Reply-to: Dele Belgore <deleandchambers@hotmail.com> Message-id: <BAY114-DAV144ED0D969FB3B0E52C7CEBB4B0@phx.gbl> MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4939.300 X-Mailer: Microsoft Outlook Express 5.50.4922.1500 Content-type: multipart/alternative; boundary="Boundary_(ID_PSl9uVHx8QZ3EPypzGbkVQ)" X-Priority: 3 X-MSMail-priority: Normal X-Originating-Email: [delebelgore08@hotmail.com] Original-recipient: rfc822;cmalinow@optonline.net X-OriginalArrivalTime: 29 Nov 2005 10:40:48.0512 (UTC) FILETIME=[5C60D800:01C5F4D1] Checking IP addresses IP (and other info) can be spoofed at nodes where the suspect may have control What information might be revealed from an email? Despite spoofing attempts? What happens if a remailer or anonymizer is used? IP address blocks www.iana.org/assignments/ipv4-address-space ARIN APNIC 058.x.x.x thru 061.x.x.x 202.x.x.x thru 203.x.x.x 210.x.x.x thru 211.x.x.x 218.x.x.x thru 222.x.x.x RIPE 063.x.x.x thru 072.x.x.x 199.x.x.x 204.x.x.x thru 209.x.x.x 216.x.x.x 062.x.x.x 081.x.x.x thru 088.x.x.x 193.x.x.x thru 195.x.x.x 212.x.x.x thru 213.x.x.x 217.x.x.x LACNIC 200.x.x.x thru 201.x.x.x Domain Names Top level domains (TLD) assigned by ICANN (Internet Corp on Assigned Names and Numbers) Responsible for IANA dig Gets IP for the hostname Name Server (opt) Record type (opt) tower:~$ dig @ns.adnc.com FreeSoft.org mx [1] ; <<>> DiG 2.1 <<>> @ns.adnc.com FreeSoft.org mx [2] ; (1 server found) [3] ;; res options: init recurs defnam dnsrch [4] ;; got answer: [5] ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10 [6] ;; flags: qr aa rd ra; Ques: 1, Ans: 1, Auth: 2, Addit: 2 [7] ;; QUESTIONS: [8] ;; FreeSoft.org, type = MX, class = IN [9] [10] ;; ANSWERS: [11] FreeSoft.org. 86400 MX 100 mail.adnc.com. [12] dig [13] ;; AUTHORITY RECORDS: [14] FreeSoft.org. 86400 NS ns.adnc.com. [15] FreeSoft.org. 86400 NS ns2.adnc.com. [16] [17] ;; ADDITIONAL RECORDS: [18] ns.adnc.com. 86400 A 205.216.138.22 [19] ns2.adnc.com. 86400 A 205.216.138.24 [20] [21] ;; Total query time: 464 msec [22] ;; FROM: tower to SERVER: ns.adnc.com 205.216.138.22 [23] ;; WHEN: Tue Mar 19 20:31:58 1996 [24] ;; MSG SIZE sent: 30 rcvd: 126 dig $ dig @ns.adnc.com mail.adnc.com [1] ; <<>> DiG 2.1 <<>> @ns.adnc.com mail.adnc.com [2] ; (1 server found) [3] ;; res options: init recurs defnam dnsrch [4] ;; got answer: [5] ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10 [6] ;; flags: qr aa rd ra; Ques: 1, Ans: 2, Auth: 3, Addit: 3 [7] ;; QUESTIONS: [8] ;; mail.adnc.com, type = A, class = IN [9] [10] ;; ANSWERS: [11] mail.adnc.com. 86400 CNAME gemini.adnc.com. [12] gemini.adnc.com. 86400 A 205.216.138.22 dig % dig +short mail.adnc.com 205.216.138.22 whois http:www.networksolutions.com/en_US/whois/index.html http://verisign-grs.com/cgi-bin/whois http://www.easywhois.com traceroute www.wvi.com/cgi-bin/trace
