Re: A very nice game (an example)
On Wed, 24 Apr 2002 13:44:34 -0700, Doug McKean wrote: For those interested in how to track down something like this, take a look at the header information. You'l see a bunch of Received: xx lines. Lots of tricks involved here, including possibility of forged headers. Those interested may want to look at www.camblab.com/nugget/nugget.htm Jeffrey Race --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Ron Pickard: emc-p...@hypercom.com Dave Heald: davehe...@attbi.com For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: http://ieeepstc.mindcruiser.com/ Click on browse and then emc-pstc mailing list
Re: A very nice game (an example)
From: T.Sato vef00...@nifty.ne.jp # BTW, a good anti-virus solution is to stop using Microsoft Windows # (at least Microsoft's mailers)! :-) I suppress the preview pane for viewing the contents of my mail and use only two panes, one for mail folders and the other for the list of emails in the selected folder. To check emails, I right click on the subject line of the email, select Properties, select Details, then select Message Source. That opens up the entire email in its own separate window to include all header info and the entire message in the body. I can read the message and check addresses without ever opening up the mail. I generally don't open any attachments unless I know the person or have had the attachment checked. There's a very easy way which costs nothing to have some very complete and effective virus checking. Go to any one of the more high profile free email websites to open an account. I find they're very good at checking for virii. Also, that way if you are anywhere which has web access, you can keep up with any of your emails. And keep the personal email account back home strictly for private personal and discretionary communiqués. Regards, Doug McKean --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Ron Pickard: emc-p...@hypercom.com Dave Heald: davehe...@attbi.com For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: http://ieeepstc.mindcruiser.com/ Click on browse and then emc-pstc mailing list
Re: A very nice game (an example)
On Wed, 24 Apr 2002 13:44:34 -0700, Doug McKean dmck...@corp.auspex.com wrote: For those interested in how to track down something like this, take a look at the header information. You'l see a bunch of Received: xx lines. In this case there were 6 of them ... Now, take a look at the Message-Id: line further down. I get Message-Id: 20020424215907.d25ca22...@coer.zju.edu.cn This one is little more difficult for some hackers to hide. I suggest not to believe domain name (QFDN part) in Message-ID line. It is very easy to hide - see Message-ID of this message. Received: lines would be more reliable as far as the mail didn't posted through remailers, but we (except the administrators of the mailing list, possibly) can't use them to find the origination of the mails distributed through emc-pstc mailing list. # BTW, a good anti-virus solution is to stop using Microsoft Windows # (at least Microsoft's mailers)! :-) Regards, Tom -- Tomonori Sato vef00...@nifty.ne.jp URL: http://member.nifty.ne.jp/tsato/ xvkbd-2.3 (virtual keyboard for X) available --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Ron Pickard: emc-p...@hypercom.com Dave Heald: davehe...@attbi.com For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: http://ieeepstc.mindcruiser.com/ Click on browse and then emc-pstc mailing list
Re: A very nice game (an example)
For those interested in how to track down something like this, take a look at the header information. You'l see a bunch of Received: xx lines. In this case there were 6 of them in the email I received. To start with the first received, go to the *bottom* one. That's where this post first entered the net but isn't necessarily the originating point of the email. To cross check this, also take a look at the From: line. I get Received: (from daemon@localhost) by ruebert.ieee.org (Switch-2.1.0/Switch-2.1.0) id g3O9LbE23259 for emc-pstc-resent; Wed, 24 Apr 2002 05:21:37 -0400 (EDT) From: jmw j...@jmwa.demon.co.uk Now, take a look at the Message-Id: line further down. I get Message-Id: 20020424215907.d25ca22...@coer.zju.edu.cn This one is little more difficult for some hackers to hide. We can see there's some discrepancies in the domain name. Notably coer.zju.edu.cn and jmwa.demon.co.uk To start tracking this down, I use several websites for searching. One is Amnesi at http://www.amnesi.com/ The other is DNS411 at http://www.dns411.com/ The Amnesi one is very powerful. Searching under coer.zju.edu.cn, we find that it crosses to the IP address 210.32.156.246 The people hosting that domain name is is Zhejiang University at Hangzhou, Zhejiang 310027, China. They cover IP addresses 210.32.128.0 to 210.32.159.255 If we apply a www in front of the coer.zju.edu.cn, we (surprise! surprise!) end up at a Chinese firm titled Centre for Optical Electromagnetic Research. or a place which uses the acronym 'COER '. We still don't know where the email came from. I would bet though that one or the other of these places would be able to track it down. It would be this point I would send off a gently worded email to webmasters, postmasters and abuse at both places. I would take the base domain name, and then at the front of it add Webmaster@domainname Postmaster@domainname abuse@domainname I assure you, one of these will be a valid address for your complaint. First, I would Reply to the email and delete the email addresses which come up in the reply. This keeps track of the email throughout all the platforms it traveled. I would not delete the subject line. Second, I would state the incidence in very brief terms at the top of my email. Webmasters have enough to do than wade through long quoted material to find the message. Keep it brief and extremely polite. Third, I would copy and paste under my message to the webmaster ALL of the header information to the email under my message. Then, finally, I would copy and paste under the header information all the information in the body of the email. I am asking all of you NOT to do this with this particular post we had. Our webmasters are perfectly capable of doing this and taking care of the business. I'm merely presenting a way each of you can in your private emails can take care of offending emails. I can testify to the fact that if you follow this procedure, it can be most effective. Regards, Doug McKean --- This message is from the IEEE EMC Society Product Safety Technical Committee emc-pstc discussion list. Visit our web site at: http://www.ewh.ieee.org/soc/emcs/pstc/ To cancel your subscription, send mail to: majord...@ieee.org with the single line: unsubscribe emc-pstc For help, send mail to the list administrators: Ron Pickard: emc-p...@hypercom.com Dave Heald: davehe...@attbi.com For policy questions, send mail to: Richard Nute: ri...@ieee.org Jim Bacher: j.bac...@ieee.org All emc-pstc postings are archived and searchable on the web at: http://ieeepstc.mindcruiser.com/ Click on browse and then emc-pstc mailing list
