Professional Documents
Culture Documents
Internet Hosts
Leave A Reply
Now some of you may think that headers are too simple
or boring to waste time on. However, a few weeks ago I
asked the 3000+ readers of the Happy Hacker list if
anyone could tell me exactly what email tricks I was
playing in the process of mailing out the Digests. But not
one person replied with a complete answer -- or even
75% of the answer -- or even suspected that for months
almost all Happy Hacker mailings have doubled as
protests. The targets: ISPs offering download sites for
email bomber programs. Conclusion: it is time to talk
headers!
In this Guide we will learn:
what is a header
why headers are fun
how to see full headers
what all that stuff in your headers means
how to get the names of Internet host computers from
your headers
the foundation for understanding the forging of email
and Usenet posts, catching the people who forge
headers, and the theory behind those email bomber
programs that can bring an entire Internet Service
Provider (ISP) to its knees
This is a Guide you can make at least some use of without
getting a shell account or installing some form of Unix on
your home computer. All you need is to be able to send
and receive email, and you are in business. However, if
you do have a shell account, you can do much more with
(950413.SGI.8.6.12/951211.SGI) part
identifies the software name and version running that
POP server.
Newbie note: POP stands for Post Office Protocol. Your
POP server is the
computer that holds your email until you want to read it.
Usually your the
email program on your home computer or shell account
computer will connect
to port 110 on your POP server to get your email.
A similar, but more general protocol is IMAP, for
Interactive Mail Access
Protocol. Trust me, you will be a big hit at parties if you
can hold forth
on the differences between POP and IMAP, you big hunk
of a hacker, you!
(Hint: for more info, RTFRFCs.)
Now we examine the second line of the header:
Received: from ifi.foobar.no by o200.fooway.net via
ESMTP
(950413.SGI.8.6.12/951211.SGI)for
<hacker@techbroker.com> id OAA18967; Fri,
1 March 2002
Well, gee, I didn't promise that this header would be
*totally* ordinary. This line tells us that a computer
named ifi.foobar.no passed this email to the POP server
on o200.fooway.net for someone with the email address
of hacker@techbroker.com. This is because I am piping all
email to hacker@techbroker.com into the account
techbr@fooway.net. Under Unix this is done by setting up
>nslookup ifi.foobar.no
Server: Fubarino.com
Address: 198.6.71.10
Non-authoritative answer:
Name: ifi.foobar.no
Address: 129.xxx.64.2
Notice the different numerical IP addresses between
ifi.foobar.no and gyllir.ifi.foobar.no. Hmmm, I begin to
think that the domain ifi.foobar.no may be a pretty big
deal. Probing around with dig and traceroute leads me to
discover lots more computers in that domain. Probing
with nslookup in the mode "set type=any" tells me yet
more.
Author:- Tabish Ali Rizvi (tab_here@hotmail.com)
Nick:-
Neo
UNKNOWN COMPILATION