tracking scammers by IP number
Edward Lewis
Ed.Lewis at neustar.biz
Thu Dec 28 16:48:32 UTC 2006
This is the first time I've responded to something involving Russian
princesses, I swear. ;)
At 22:53 +0800 12/28/06, Alexander Harvey wrote:
>For the last few days I have been corresponding with a person who calls
>him/herself 'Natalya,' uses a yahoo email address, claims to be in Omsk,
>Russia, but whose email headers show in fact his/her messages are coming
>from various servers in the US.
>
>My question is this: beyond collecting IP numbers for my own curiosity &
>watching on a map the various originating locations of these messages, what
>can I do to have these people actually put into a lovely US prison?
Well, it is a bit hard for me to grok the situation, and this is the
bind-users list. So I'll say something generic. (I wonder if you
are doing this to collect more IP addresses from members on the list.)
First, you can't always trust the data you are handed. Headers can
be forged, mail can be bounced around, etc. As the Internet has
evolved, I've learned that you can tell less and less remotely about
a configuration than you used to be able to. For example, anycast of
DNS makes what once looked like a weak set up much more robust.
Second, the best way to get information about something on the other
side if the network is to plain ask the other side. If you suspect
that the other side is playing maliciously, you have to be stealthy
in getting a confession. For "how to do this" watch a lot of Columbo
TV mysteries (http://en.wikipedia.org/wiki/Columbo) (yes there is a
Wiki for everything). In 1988-1989 I caught a hacker by playing
"dumb."
The hacker story - a kid was phoning folks (before the days of caller
ID) claiming to be the sys admin at the college and asking for
passwords (which he got). Eventually he called me, I pretended not
to know my password and that I had it written at home. I asked him
if I could call him back - and he gave me his phone number. Once he
realized what he had done, the game was over.
The best recommendation is to leave law enforcement to the experts.
They not only will have access to data you will never get (through
court orders), they have experience in doing this, and especially,
they know how to handle the evidence they collect. If you try this
and botch something, it could come back to haunt you by labelling you
a stalker. And that's if you were on the right track.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis +1-571-434-5468
NeuStar
Dessert - aka Service Pack 1 for lunch.
More information about the bind-users
mailing list