IP Addresses & All That Stuff
From RWDWiki
(→Conclusions) |
|||
| (38 intermediate revisions not shown) | |||
| Line 1: | Line 1: | ||
| - | <CENTER><i>A Mini-Tutorial contributed by Sandro43, Shadow & Dan</i></CENTER> | + | <CENTER><i>A Mini-Tutorial contributed by Sandro43, Shadow, Dewed & Dan</i></CENTER> |
A discussion occasionally arises in some RWD thread about <u><b>IP addresses</b></u> and <u><b>E-mail Headers</b></u>, usually when wondering about the possible origin of some dubious letter from an FSUW. | A discussion occasionally arises in some RWD thread about <u><b>IP addresses</b></u> and <u><b>E-mail Headers</b></u>, usually when wondering about the possible origin of some dubious letter from an FSUW. | ||
| Line 9: | Line 9: | ||
== What's IP? == | == What's IP? == | ||
| - | The '''IP''' acronym stands for '''Internet Protocol'''. A communications ''protocol'' is a set of conventions, rules, etc. governing the exchange of data between network entities, much like a language is - you have to share the <u>same</u> language to make yourself understood by someone else you are communicating with | + | The '''IP''' acronym stands for '''Internet Protocol'''. A communications ''protocol'' is a set of conventions, rules, etc. governing the exchange of data between network entities, much like a language is - you have to share the <u>same</u> language to make yourself understood by someone else you are communicating with. |
The '''Internet Protocol''' is the basis upon which all Internet communications occur, be they accessing an Internet website (TCP/IP), sending/receiving mail (SMTP/IP), making an Internet file transfer (FTP/IP), and so on. | The '''Internet Protocol''' is the basis upon which all Internet communications occur, be they accessing an Internet website (TCP/IP), sending/receiving mail (SMTP/IP), making an Internet file transfer (FTP/IP), and so on. | ||
| Line 27: | Line 27: | ||
<li>RIPE (Europe, the Middle East and parts of Africa and Asia) | <li>RIPE (Europe, the Middle East and parts of Africa and Asia) | ||
</ul> | </ul> | ||
| - | The Internet Provider will allocate '''one IP address''' to a user requesting to log on to the Internet on a first-come/first-served basis - i.e. a '''dynamic''' IP address, which means that the next time you log on, your IP address will probably be different from the one you are using now - although one always comprised within your Provider's assigned IP range. | + | The Internet Provider will allocate '''one IP address''' from its 'pool' to a user requesting to log on to the Internet on a first-come/first-served basis - i.e. a '''dynamic''' IP address, which means that the next time you log on, your IP address will probably be different from the one you are using now - although one always comprised within your Provider's assigned IP range. |
| - | <CENTER>[Image: | + | <CENTER>[[Image:Untitled-1.gif]]</CENTER> |
| - | Your PC needs this specific bit of numerical information because, in compliance with the IP Protocol, it HAS to be included into ANY packet that it will subsequently send out over the Internet, i.e. in any network activity. Once you log off the Internet and hence your Provider, the same IP address that identified you may well be assigned to a different user now requesting to log on. | + | Your PC needs this specific bit of numerical information because, in compliance with the IP Protocol, it HAS to be included into ANY packet that it will subsequently send out over the Internet, i.e. in any network activity. Once you log off the Internet and hence from your Provider, the same IP address that identified you may well be assigned to a different user now requesting to log on. |
You <i>could</i> access RWD by giving your browser the address <i><font color=blue><nowiki>http://67.222.30.14</nowiki></font></i>. However, this is obviously too cumbersome to contemplate and you will normally use <i><font color=blue><nowiki>http://www.russianwomendiscussion.com</nowiki></font></i> instead. This is possible because your Provider relies on a <b>Domain Name Server</b> (DNS) that stores tables where one entry will read something like: | You <i>could</i> access RWD by giving your browser the address <i><font color=blue><nowiki>http://67.222.30.14</nowiki></font></i>. However, this is obviously too cumbersome to contemplate and you will normally use <i><font color=blue><nowiki>http://www.russianwomendiscussion.com</nowiki></font></i> instead. This is possible because your Provider relies on a <b>Domain Name Server</b> (DNS) that stores tables where one entry will read something like: | ||
| Line 39: | Line 39: | ||
| - | The DNS allows your Provider to translate the RWD <i>symbolic</i> address that you wrote to its actual, <i>physical</i> IP address - which, incidentally, is a <b>fixed</b> IP address since RWD is its own only client - RWD member activity is | + | The DNS allows your Provider to translate the RWD <i>symbolic</i> address that you wrote to its actual, <i>physical</i> IP address - which, incidentally, is a <b>fixed</b> IP address since RWD is its own only client - RWD member activity is managed at a higher, application level by the Forum SW. |
'''All the above implies that the IP address which you can see in the header of an E-mail you received, may only help you identify <u>your correspondent's Internet Provider and its location</u>, NOT that of its specific but temporary user.''' | '''All the above implies that the IP address which you can see in the header of an E-mail you received, may only help you identify <u>your correspondent's Internet Provider and its location</u>, NOT that of its specific but temporary user.''' | ||
| + | |||
| + | Furthermore, many hackers, spammers and some sophisticated scammers mask their identity/location by interposing a <b>Proxy Server</b> (see http://en.wikipedia.org/wiki/Proxy_server) between their PC and their Internet Provider. | ||
Nevertheless, the information contained in a header may yet be of SOME use. | Nevertheless, the information contained in a header may yet be of SOME use. | ||
| Line 50: | Line 52: | ||
Sending/receiving electronic mail via the Internet involves additional participants - the <b>Mail Servers</b> that make electronic <i>mailboxes</i> available. These services may be offered by the Internet Providers themselves or by some independent entity, in which case they do not necessarily reside in the same geographical location - just to mention some examples, the <i>Yahoo Mail</i> and <i>Google Mail</i> servers are located in the USA but have mail clients from all over the world. | Sending/receiving electronic mail via the Internet involves additional participants - the <b>Mail Servers</b> that make electronic <i>mailboxes</i> available. These services may be offered by the Internet Providers themselves or by some independent entity, in which case they do not necessarily reside in the same geographical location - just to mention some examples, the <i>Yahoo Mail</i> and <i>Google Mail</i> servers are located in the USA but have mail clients from all over the world. | ||
| - | <CENTER>[Image: | + | <CENTER>[[Image:Untitled-2.gif]]</CENTER> |
An E-mail header contains information on ALL the HW participants to the exchange, as well as on the SW participants, i.e. the PC-resident <b>Mail Programs</b> - such as <i>MS Outlook</i> - and any installed <i>anti-virus/anti-spam</i> SW that may filter your E-mail. | An E-mail header contains information on ALL the HW participants to the exchange, as well as on the SW participants, i.e. the PC-resident <b>Mail Programs</b> - such as <i>MS Outlook</i> - and any installed <i>anti-virus/anti-spam</i> SW that may filter your E-mail. | ||
| Line 88: | Line 90: | ||
<td VALIGN=TOP><font size=2>Dina's <b> Mail Program</b> (The Bat!) | <td VALIGN=TOP><font size=2>Dina's <b> Mail Program</b> (The Bat!) | ||
The Bat! is the most popular FSU mail program, in this case an UNREGistered copy for personal use. | The Bat! is the most popular FSU mail program, in this case an UNREGistered copy for personal use. | ||
| - | The registered copy allows for mass-mailing and is a favorite tool of spammers. | + | The registered copy allows for mass-mailing and is a favorite tool of spammers.<br><br>A MIME (Multipurpose Internet Mail Extensions) <I>Content-Type: multipart/mixed</I> means Dina's E-mail was text plus attachments - a photo:<br><CENTER>[[Image:Dina.jpg]]</CENTER> |
<tr> | <tr> | ||
| - | <td VALIGN=TOP><font size=2>X-OriginalArrivalTime: 14 May 2010 01:34:25.0018 (UTC) FILETIME=<95FBE5A0:01CAF305]<br>X-Antivirus: AVG for E-mail 9.0.819 [271.1.1/2869]<BR>X-Text-Classification: spam<BR>X-POPFile-Link: <nowiki>http://127.0.0.1:8080/jump_to_message?view=131</nowiki> | + | <td VALIGN=TOP><font size=2>X-OriginalArrivalTime: 14 May 2010 01:34:25.0018 (UTC) FILETIME=<95FBE5A0:01CAF305]<br><font color=red>X-Antivirus: AVG for E-mail 9.0.819</font> [271.1.1/2869]<BR>X-Text-Classification: spam<BR><font color=red>X-POPFile</font>-Link: <nowiki>http://127.0.0.1:8080/jump_to_message?view=131</nowiki> |
<td VALIGN=TOP><font size=2>My Mail Server received Dina's E-mail 3 seconds later on 14 May 2010 at 01:34:25.0018 (UTC) - UTC or CUT is Coordinated Universal Time.<br>My anti-virus program (AVG)<BR>and<BR>my anti-spam program (POP File), which judiciously classified Dina's E-mail as spam. | <td VALIGN=TOP><font size=2>My Mail Server received Dina's E-mail 3 seconds later on 14 May 2010 at 01:34:25.0018 (UTC) - UTC or CUT is Coordinated Universal Time.<br>My anti-virus program (AVG)<BR>and<BR>my anti-spam program (POP File), which judiciously classified Dina's E-mail as spam. | ||
| Line 110: | Line 112: | ||
<li>Next Web Security: http://www.nextwebsecurity.com/HeaderTool2-pub.asp | <li>Next Web Security: http://www.nextwebsecurity.com/HeaderTool2-pub.asp | ||
<li>IP 2 Location: http://www.ip2location.com/demo.aspx | <li>IP 2 Location: http://www.ip2location.com/demo.aspx | ||
| + | <li>Arul's Tech Info: http://aruljohn.com/info/howtofindipaddress/ | ||
</ul> | </ul> | ||
| Line 121: | Line 124: | ||
<li>RIPE: http://www.db.ripe.net/whois | <li>RIPE: http://www.db.ripe.net/whois | ||
</ul> | </ul> | ||
| + | |||
| + | |||
| + | Another useful tool in this area is <b>Tin Eye</b> (http://www.tineye.com/) where you can submit a photo from your PC or some Internet website, and it will tell you where else on the Internet, to its not infinite knowledge, that photo also appears, be it a dating site, a scammer-listing site or elsewhere. | ||
| + | |||
<tr><td colspan=2> | <tr><td colspan=2> | ||
| Line 129: | Line 136: | ||
<ul> | <ul> | ||
<li>Dina uses a PC, and probably lives, in <b>Yoshkar-Ola</b>, a city as famous for scammers as Lugansk. | <li>Dina uses a PC, and probably lives, in <b>Yoshkar-Ola</b>, a city as famous for scammers as Lugansk. | ||
| - | <li>Her Internet Provider is the local <b>VolgaTelecom, Mari-El branch</b>, giving her a DSL connection with a dynamic IP address (<b>77.40.33.85</b>). Given that private DSL is not as widely available in Russia as in the West, it MAY mean that Dina wrote her E-mail from | + | <li>Her Internet Provider is the local <b>VolgaTelecom, Mari-El branch</b>, giving her a DSL connection with a dynamic IP address (<b>77.40.33.85</b>). Given that private DSL is not as widely available in Russia as in the West, it MAY mean that Dina wrote her E-mail from a PC installed at some public facility (Internet Café, school, office, etc.) |
| - | <li>Her Mail Server is Moscow's <b>Rambler.ru</b> | + | <li>Her Mail Server is Moscow's <b>Rambler.ru</b>. |
| - | <li>Her Mail Program is <b>The Bat!</b> | + | <li>Her Mail Program is <b>The Bat!</b>. |
</ul> | </ul> | ||
| Line 137: | Line 144: | ||
The above, and most of all her E-mail text, warrant further investigation. | The above, and most of all her E-mail text, warrant further investigation. | ||
| - | <b>Google</b> can be a great aid in this - | + | <b>Google</b> can be a great aid in this - Dina's E-mail address <b>dinalove1977@rambler.ru</b> produces a page on the Zoqy Net blog (http://zoqy.net/?p=1734) written by a French wine lover who also received the SAME letter and photo a week earlier on May 10 through Yahoo Mail. |
| + | |||
| + | Therefore, Dina is very likely a scammer with a penchant for European Latins :-)) | ||
| + | |||
| + | Further hints on how to spot a scammer can be obtained from RWD's <b>Scammer Score Card</b> (Scam Card: http://www.russianwomendiscussion.com/index.php?pid=34). | ||
Latest revision as of 12:15, 29 April 2013
A discussion occasionally arises in some RWD thread about IP addresses and E-mail Headers, usually when wondering about the possible origin of some dubious letter from an FSUW.
What follows aims at clarifying some basic aspects of the subject.
Contents |
What's IP?
The IP acronym stands for Internet Protocol. A communications protocol is a set of conventions, rules, etc. governing the exchange of data between network entities, much like a language is - you have to share the same language to make yourself understood by someone else you are communicating with.
The Internet Protocol is the basis upon which all Internet communications occur, be they accessing an Internet website (TCP/IP), sending/receiving mail (SMTP/IP), making an Internet file transfer (FTP/IP), and so on.
An IP address is what uniquely identifies someone/something communicating over the Internet network, and has that weird-looking numerical form (like RWD's 67.222.30.14) that belies the actual antiquity of the Internet, born in the 1960s at the initiative of the US Department of Defense's Advanced Research Projects Agency (DARPA).
Who creates an IP address?
In order to access the Internet, first you have to obtain the services of an Internet Provider, usually through a paid subscription.
In order to operate, your Internet Provider in turn must have previously acquired the authorisation to use a unique set of IP addesses (IP range) from its 'regional' authority, one of the following depending on geographical location:
- AfriNIC (Africa)
- APNIC (Asia Pacific region)
- ARIN (North America, a portion of the Caribbean and sub-Saharan Africa)
- LACNIC (Latin American and Caribbean region)
- RIPE (Europe, the Middle East and parts of Africa and Asia)
The Internet Provider will allocate one IP address from its 'pool' to a user requesting to log on to the Internet on a first-come/first-served basis - i.e. a dynamic IP address, which means that the next time you log on, your IP address will probably be different from the one you are using now - although one always comprised within your Provider's assigned IP range.
Your PC needs this specific bit of numerical information because, in compliance with the IP Protocol, it HAS to be included into ANY packet that it will subsequently send out over the Internet, i.e. in any network activity. Once you log off the Internet and hence from your Provider, the same IP address that identified you may well be assigned to a different user now requesting to log on.
You could access RWD by giving your browser the address http://67.222.30.14. However, this is obviously too cumbersome to contemplate and you will normally use http://www.russianwomendiscussion.com instead. This is possible because your Provider relies on a Domain Name Server (DNS) that stores tables where one entry will read something like:
| www.russianwomendiscussion.com | 67.222.30.14 |
The DNS allows your Provider to translate the RWD symbolic address that you wrote to its actual, physical IP address - which, incidentally, is a fixed IP address since RWD is its own only client - RWD member activity is managed at a higher, application level by the Forum SW.
All the above implies that the IP address which you can see in the header of an E-mail you received, may only help you identify your correspondent's Internet Provider and its location, NOT that of its specific but temporary user.
Furthermore, many hackers, spammers and some sophisticated scammers mask their identity/location by interposing a Proxy Server (see http://en.wikipedia.org/wiki/Proxy_server) between their PC and their Internet Provider.
Nevertheless, the information contained in a header may yet be of SOME use.
The E-mail Header
Sending/receiving electronic mail via the Internet involves additional participants - the Mail Servers that make electronic mailboxes available. These services may be offered by the Internet Providers themselves or by some independent entity, in which case they do not necessarily reside in the same geographical location - just to mention some examples, the Yahoo Mail and Google Mail servers are located in the USA but have mail clients from all over the world.
An E-mail header contains information on ALL the HW participants to the exchange, as well as on the SW participants, i.e. the PC-resident Mail Programs - such as MS Outlook - and any installed anti-virus/anti-spam SW that may filter your E-mail.
The header is the 'service' part of an E-mail and therefore is not normally visible: use the Help function of your Mail Program to learn how it can be made to appear - in MS Outlook, for instance, use the View menu, click Layout and select an option of Preview Pane.
The following is the example of an E-mail that I received from a highly suspect FSU girl - with decidedly marginal English capabilities:
| From: dinalove1977@rambler.ru To: sanfloriani@alice.it Subject: <spam> Hollo the stranger!! Hollo the stranger!! I saw your profile on a site of acquaintances, and you very persistently it was pleasant to me, and I carelessly saw yours Send by e-mail the address, and have decided to write you the letter, and to send a photo and if I was pleasant To you That you can write to me, and I will rejoice very much to it if you answer me, but my letter if you wish, but to Look my profile, that he names in me Dina. I do not know, that to you while to write and I to you I promise, whether you answer me my letter it in other The letter is good??? To you I will write not so on more. I expect from you the letter sincerely yours Dina!! PS you can write me on this email dinalove1977@rambler.ru address. |
And this is its header - in tabular form with comments (information in blue was obtained with the tools listed below):
| X-Persona: ALICE | My Mail Server (@alice.it). X is a time-honored acronym for message. |
| Received: from FBCMMI01B08.fbc.local [192.168.171.30] by FBCMST14V04.fbc.local with Microsoft SMTPSVC(6.0.3790.3959); Fri, 14 May 2010 03:34:26 +0200 | My Mail Server is operated by my Internet Provider (Telecom Italia) through their own internal, private network using MS SMTP (Simple Mail Transfer Protocol) Services. IP addresses 192.168.171.30, 192.168.69.32 resolve to:
inetnum: 192.168.0.0 - 192.168.255.255 Italy's Summer Time is +02:00 hours GMT. |
| Received: from FBCMMX01B03.fbc.local [192.168.69.32] by FBCMMI01B08.fbc.local with Microsoft SMTPSVC(6.0.3790.3959); Fri, 14 May 2010 03:34:27 +0200 | |
| Received: from maild.rambler.ru [81.19.66.33] by FBCMMX01B03.fbc.local with Microsoft SMTPSVC(6.0.3790.3959); Fri, 14 May 2010 03:34:24 +0200 | My Mail Server received the E-mail from Dina's Mail Server (rambler.ru), whose 81.19.66.33 IP address resolves to: inetnum: 81.19.64.0 - 81.19.66.255 netname: RAMTEL descr: Rambler main network country: RU address: "Rambler Internet Holding" OJSC address: 3 floor, Leninskaya Sloboda st., 19, Omega Plaza address: Moscow, RU |
| Received: from max [unknown 77.40.33.85] | Dina's Internet Provider, whose 77.40.33.85 IP address resolves to: inetnum: 77.40.8.0 - 77.40.79.255 netname: MARI-VOLGATELECOM address: VolgaTelecom Mari El branch address: Sovetskaya 138 address: 424000 Yoshkar-Ola ISP: XDSL DYNAMIC POOLS Net Speed: DSL |
| (Authenticated sender: dinalove1977@rambler.ru) by maild.rambler.ru (Postfix) with ESMTP id 919608441E for <sanfloriani@alice.it>; Fri, 14 May 2010 05:34:22 +0400 (MSD) Date: Thu, 13 May 2010 19:18:57 +0400 From: dinalove1977@rambler.ru | Dina's Mail Server runs on an open-source Unix E-mail server (Postfix) using Extended SMTP. Dina logged on correctly there on Thu, 13 May 2010 at 19:18:57 +0400 Her E-mail was sent out on Fri, 14 May 2010 at 05:34:22 +0400 (MSD) MSD mean Moscow Summer Time, +04:00 hours GMT. |
| X-Mailer: The Bat! (v1.62r) UNREG / CD5BF9353B3B7091 Reply-To: dinalove1977@rambler.ru X-Priority: 3 (Normal) Message-ID: <1136748830.20100513191857@rambler.ru> To: sanfloriani@alice.it Subject: <spam] Hollo the stranger!! MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----------119EE621096919" Return-Path: dinalove1977@rambler.ru | Dina's Mail Program (The Bat!)
The Bat! is the most popular FSU mail program, in this case an UNREGistered copy for personal use. The registered copy allows for mass-mailing and is a favorite tool of spammers.A MIME (Multipurpose Internet Mail Extensions) Content-Type: multipart/mixed means Dina's E-mail was text plus attachments - a photo:  |
| X-OriginalArrivalTime: 14 May 2010 01:34:25.0018 (UTC) FILETIME=<95FBE5A0:01CAF305] X-Antivirus: AVG for E-mail 9.0.819 [271.1.1/2869] X-Text-Classification: spam X-POPFile-Link: http://127.0.0.1:8080/jump_to_message?view=131 | My Mail Server received Dina's E-mail 3 seconds later on 14 May 2010 at 01:34:25.0018 (UTC) - UTC or CUT is Coordinated Universal Time. My anti-virus program (AVG) and my anti-spam program (POP File), which judiciously classified Dina's E-mail as spam. |
Helpful ToolsTo separate an E-mail header into more easily legible chunks:
| |
ConclusionsWhat have we learned from decoding Dina's E-mail header information?
Google can be a great aid in this - Dina's E-mail address dinalove1977@rambler.ru produces a page on the Zoqy Net blog (http://zoqy.net/?p=1734) written by a French wine lover who also received the SAME letter and photo a week earlier on May 10 through Yahoo Mail. Therefore, Dina is very likely a scammer with a penchant for European Latins :-)) Further hints on how to spot a scammer can be obtained from RWD's Scammer Score Card (Scam Card: http://www.russianwomendiscussion.com/index.php?pid=34).
|
|
