Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

IP masking?

  • 15-09-2000 9:17am
    #1
    Registered Users, Registered Users 2 Posts: 6,660 ✭✭✭


    A mate of mine has been having a problem with malicious email attacks. About evey month or so he gets a few thousand emails from a different address each time each with a virus attached. He's not stupid enough to open the emails or even view them but when this happens he can't receive any email. We contacted his ISP (Eircom) and asked them to look into it. They returned with the helpful "We could not locate the source of the attack. The individual involved is probably using an IP masking system".

    Is there someone else we should be reporting this to? Does anyone know of any way to track who's doing it? What is an IP masking system anyway?


Comments

  • Registered Users, Registered Users 2 Posts: 6,265 ✭✭✭MiCr0


    can u get one of the headers from the email and post it here, it might be some help

    MiCr0


  • Registered Users, Registered Users 2 Posts: 6,660 ✭✭✭Blitzkrieger


    They're always different too. Usually something like "this is soooo funny". If he didn't send 3,000 with the same subject someone migh fall for it.


  • Registered Users, Registered Users 2 Posts: 10,984 ✭✭✭✭Lump


    HE HE, Yea, you might be able to trace it though the servers on the header, But I would asume he would have bounced it off a couple of hundred and back again.


    John


  • Closed Accounts Posts: 7,488 ✭✭✭SantaHoe


    I pitty da fool, just get a new email addy :/


  • Registered Users, Registered Users 2 Posts: 3,316 ✭✭✭ButcherOfNog


    not the subject, the header ! smile.gif


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 18,484 ✭✭✭✭Stephen


    If possible, you could telnet into the mail server and delete the emails before downloading.


  • Registered Users, Registered Users 2 Posts: 4,162 ✭✭✭_CreeD_


    Admittedly I don't know much about this, but methinks Eircom have been a wee bit lazy.
    They should at least have been able to track the mails one stage up the line, ie. tell which router sent all the packets their way, then ask that system operator to trace them and so on.
    IP masking should just stop someone resolving the users domain name in an easy manner, not actually tracing the packets as they were routed.
    Now, all that could be complete poo, so feel free to blast me out of the water if you actually have a clue about TCP/IP routing and such stuff (as opposed to me....)


  • Closed Accounts Posts: 93 ✭✭PJ Hunt


    Apologies to anyone working for a hosting company here, but it seems to me that the only thing they are concerned with are getting their sub's every month.

    I recently had a major prob similiar to this...the reply I got was " due to time zone differences we could not etc etc "

    **** ... **** ... ****

    I've been with the same isp for a year till I dumped em for being absolutly THICK!! Damn tech support couldnt tell me what the TCP/IP numbers were for the dial up after I deleted them !!

    Several down times were attributed to " software problems "

    But I tell ya what...the software runnin the pc which prints the bills every month never went down... oh no...

    ‡PJ‡


  • Registered Users, Registered Users 2 Posts: 1,004 ✭✭✭Lord Khan


    Originally posted by Blitzkrieger:
    A mate of mine has been having a problem with malicious email attacks. About evey month or so he gets a few thousand emails from a different address each time each with a virus attached. He's not stupid enough to open the emails or even view them but when this happens he can't receive any email. We contacted his ISP (Eircom) and asked them to look into it. They returned with the helpful "We could not locate the source of the attack. The individual involved is probably using an IP masking system".

    Is there someone else we should be reporting this to? Does anyone know of any way to track who's doing it? What is an IP masking system anyway?

    Just means eircom is too lazy to do anything about it actually most ISP can't be arsed that way. there is no real defence to mailbombing unless you just use very strict rule system and only receive email from trusted addresses but this is a ***** as you have to add new rules for everybody you know.


  • Users Awaiting Email Confirmation Posts: 285 ✭✭sam


    my brother does that.

    and "tracing" email is pointless, you could bounce it off any smtp server on the net, and i dont think mail.geocities.com (for example) will look over its logs to see what ip mailed where at what time, etc.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 1,328 ✭✭✭Sev


    Well.. The IP of the guy that is sending u the email, should be in the email header. Then what u would need to do.. or what eircome would need to do.. is trace the ip addy, contact his ip, ask who was on at this time using this IP addy, and then their isp would ban them or something. Of course if he was smart he would be doing this through a proxy, or blind ip spoofing which is **** difficult over the internet if not impossible. So if you were to retreve his ip from the IP header.. it would be the wrong one neways frown.gif


  • Registered Users, Registered Users 2 Posts: 6,265 ✭✭✭MiCr0


    even if the mail was bounced off a couple of mail server's the originating ip address is still in the header
    in the example below is 206.180.234.71
    should be easy from there smile.gif


    Return-path: <a1pyrat@tdl.com>
    Envelope-to: dmeagher@eircom.net
    Delivery-date: Wed, 27 Sep 2000 01:09:12 +0100
    Received: from orca.ucd.ie ([137.43.4.16])
    by kodos.tinet.ie with smtp (Exim 2.05 #23)
    id 13e4me-0006NH-00
    for dmeagher@eircom.net; Wed, 27 Sep 2000 01:09:12 +0100
    Received: (qmail 22218 invoked by uid 7200); 27 Sep 2000 00:09:11 -0000
    Delivered-To: dmeagher@orca.ucd.ie
    Received: (qmail 22214 invoked from network); 27 Sep 2000 00:09:11 -0000
    Received: from tdl.com (root@206.180.224.3)
    by orca.ucd.ie with SMTP; 27 Sep 2000 00:09:11 -0000
    Received: from ward.tdl.com (pm5-71.tdl.com [206.180.234.71])
    by tdl.com (8.9.3/8.9.3) with SMTP id PAA07708;
    Tue, 26 Sep 2000 15:23:18 -0700
    Message-Id: <3.0.3.32.20000926152016.0109b88c@tdl.com>
    X-Sender: a1pyrat@tdl.com
    X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32)
    Date: Tue, 26 Sep 2000 15:20:16 -0700
    To: A1pyrat@tdl.com
    From: Chris Ward <a1pyrat@tdl.com>
    Subject: A businessman on his deathbed
    Mime-Version: 1.0
    Content-Type: text/enriched; charset="iso-8859-1"
    Content-Transfer-Encoding: quoted-printable


  • Registered Users, Registered Users 2 Posts: 6,660 ✭✭✭Blitzkrieger


    I've just read about a commercial product called iNet Privacy which is supposed to do just that frown.gif They block people from tracing traffic through their network. What else would it be used for except for illegal purposes. This sort of thing would make it impossible to trace without forcing iNet to allow access to their records wouldn't it?

    He's decided to change his email but reckons he'll miss out on a load of email because of it with people not updating his address.


  • Users Awaiting Email Confirmation Posts: 285 ✭✭sam


    MiCr0 if you want, i will send you an email and you can knock yourself out trying to get my correct IP address.


Advertisement