On 1/14/10 12:31 AM, Steven Bellovin wrote:
On Jan 13, 2010, at 5:26 PM, mshel...@cox.net wrote:
From a single detection of one hostile email you can often expand the picture
to many mail recipients. A little open source research identifies the common
community the recipients belong to. It's pretty straight forward.
The magic phrase is "traffic analysis" -- look at the accounts of known targets
of interest, and see the usernames, IP addresses, etc., of their correspondents. Recurse
as needed.
I am unsure about the term straight-forward, as even the easy cases take
a lot of time.
Gadi
--Steve Bellovin, http://www.cs.columbia.edu/~smb
--
Gadi Evron,
g...@linuxbox.org.
Blog: http://gevron.livejournal.com/