Home page logo
/

basics logo Security Basics mailing list archives

Re: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail
From: "KoRe MeLtDoWn" <koremeltdown () hotmail com>
Date: Wed, 28 May 2003 17:23:22 +0000

Hi there Stephen,
What you need to do first off evaluate the is look at the email header, and look for the IP address that sent the email. Once it is determined which IP address created the email, do a reverse DNS on that IP address. This can be done quickly and effieciently at http://remote.12dt.com/rns/ without any hassles. if for example your reverse dns reveals a hostname of 210-54-108.dialup.xtra.co.nz then you would visit xtra.co.nz and determine weither or not they are an ISP. After this, you can gather contact email addresses for the ISP. You would then write to the ISP; though calling it if it is local may produce better results and inform them of the incident, including an EXACT dialog, the time it took place, informing them that it was one of your users that was the target, and give them a little reminder that what has taken place is highly illegal and needs to be acted apon internally or you have the right to take legal action. From here; your ISP is not legally oibliged to give you the information of the account holder that was using the said IP at the time the email was sent; HOWEVER they are legally abliged (in most civilised countries at least) to give contact details to law enforcement if such a request is to be made of them. If they refuse to give you the information personally (and they will) then your only other option of finding out who is responsible is to phone the police; whom will take criminal action against the offender. This would involve the usual cyber crime task forces etc tracking the person - they would essentially do what Ihave just explained, and possibly a little more :)

If you have any problems with any of the email header stuff drop me a line and I will get the information you need.
Good Luck.

Kind regards,


Hamish Stanaway

Absolute Web Hosting / -= KoRe WoRkS Internet Security
Owner/Operator
Auckland
New Zealand

http://www.webhosting.net.nz/
http://www.buywebhosting.co.nz/
http://www.koreworks.com/





From: "steve baker" <stephenbbaker () hotmail com>
To: security-basics () securityfocus com
Subject: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail
Date: Tue, 27 May 2003 12:38:58 -0400
MIME-Version: 1.0
X-Originating-IP: [167.199.152.207]
X-Originating-Email: [stephenbbaker () hotmail com]
Received: from outgoing2.securityfocus.com ([205.206.231.26]) by mc6-f42.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Wed, 28 May 2003 10:00:56 -0700 Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])by outgoing2.securityfocus.com (Postfix) with QMQPid 354EA8F4EC; Wed, 28 May 2003 10:18:49 -0600 (MDT)
Received: (qmail 5892 invoked from network); 27 May 2003 16:12:02 -0000
X-Message-Info: JGTYoYF78jEHjJx36Oi8+Q1OJDRSDidP
Mailing-List: contact security-basics-help () securityfocus com; run by ezmlm
Precedence: bulk
List-Id: <security-basics.list-id.securityfocus.com>
List-Post: <mailto:security-basics () securityfocus com>
List-Help: <mailto:security-basics-help () securityfocus com>
List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com>
List-Subscribe: <mailto:security-basics-subscribe () securityfocus com>
Delivered-To: mailing list security-basics () securityfocus com
Delivered-To: moderator for security-basics () securityfocus com
Message-ID: <BAY8-F117HfbBfbEc7m00018422 () hotmail com>
X-OriginalArrivalTime: 27 May 2003 16:38:58.0943 (UTC) FILETIME=[78DFA0F0:01C3246E] Return-Path: security-basics-return-19744-koremeltdown=hotmail.com () securityfocus com

One of our users has received questionable and possibly life threatening
emails from a yahoo account that was created recently. They have approached
us to find out as much as we can pertaining to the person sending it.

Of course, we are not YAHOO so we cannot determine anything about the mail
other than the content.

How can we find out who sent this?

_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail


---------------------------------------------------------------------------
----------------------------------------------------------------------------


_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus


---------------------------------------------------------------------------
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault