IP Addresses & All That Stuff

From RWDWiki

Revision as of 12:15, 29 April 2013 by SANDRO43 (Talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
A Mini-Tutorial contributed by Sandro43, Shadow, Dewed & Dan

A discussion occasionally arises in some RWD thread about IP addresses and E-mail Headers, usually when wondering about the possible origin of some dubious letter from an FSUW.

What follows aims at clarifying some basic aspects of the subject.


Contents

What's IP?

The IP acronym stands for Internet Protocol. A communications protocol is a set of conventions, rules, etc. governing the exchange of data between network entities, much like a language is - you have to share the same language to make yourself understood by someone else you are communicating with.

The Internet Protocol is the basis upon which all Internet communications occur, be they accessing an Internet website (TCP/IP), sending/receiving mail (SMTP/IP), making an Internet file transfer (FTP/IP), and so on.

An IP address is what uniquely identifies someone/something communicating over the Internet network, and has that weird-looking numerical form (like RWD's 67.222.30.14) that belies the actual antiquity of the Internet, born in the 1960s at the initiative of the US Department of Defense's Advanced Research Projects Agency (DARPA).

Who creates an IP address?

In order to access the Internet, first you have to obtain the services of an Internet Provider, usually through a paid subscription.

In order to operate, your Internet Provider in turn must have previously acquired the authorisation to use a unique set of IP addesses (IP range) from its 'regional' authority, one of the following depending on geographical location:

  • AfriNIC (Africa)
  • APNIC (Asia Pacific region)
  • ARIN (North America, a portion of the Caribbean and sub-Saharan Africa)
  • LACNIC (Latin American and Caribbean region)
  • RIPE (Europe, the Middle East and parts of Africa and Asia)

The Internet Provider will allocate one IP address from its 'pool' to a user requesting to log on to the Internet on a first-come/first-served basis - i.e. a dynamic IP address, which means that the next time you log on, your IP address will probably be different from the one you are using now - although one always comprised within your Provider's assigned IP range.

Image:Untitled-1.gif

Your PC needs this specific bit of numerical information because, in compliance with the IP Protocol, it HAS to be included into ANY packet that it will subsequently send out over the Internet, i.e. in any network activity. Once you log off the Internet and hence from your Provider, the same IP address that identified you may well be assigned to a different user now requesting to log on.

You could access RWD by giving your browser the address http://67.222.30.14. However, this is obviously too cumbersome to contemplate and you will normally use http://www.russianwomendiscussion.com instead. This is possible because your Provider relies on a Domain Name Server (DNS) that stores tables where one entry will read something like:


www.russianwomendiscussion.com67.222.30.14


The DNS allows your Provider to translate the RWD symbolic address that you wrote to its actual, physical IP address - which, incidentally, is a fixed IP address since RWD is its own only client - RWD member activity is managed at a higher, application level by the Forum SW.


All the above implies that the IP address which you can see in the header of an E-mail you received, may only help you identify your correspondent's Internet Provider and its location, NOT that of its specific but temporary user.


Furthermore, many hackers, spammers and some sophisticated scammers mask their identity/location by interposing a Proxy Server (see http://en.wikipedia.org/wiki/Proxy_server) between their PC and their Internet Provider.

Nevertheless, the information contained in a header may yet be of SOME use.

The E-mail Header

Sending/receiving electronic mail via the Internet involves additional participants - the Mail Servers that make electronic mailboxes available. These services may be offered by the Internet Providers themselves or by some independent entity, in which case they do not necessarily reside in the same geographical location - just to mention some examples, the Yahoo Mail and Google Mail servers are located in the USA but have mail clients from all over the world.

Image:Untitled-2.gif

An E-mail header contains information on ALL the HW participants to the exchange, as well as on the SW participants, i.e. the PC-resident Mail Programs - such as MS Outlook - and any installed anti-virus/anti-spam SW that may filter your E-mail.

The header is the 'service' part of an E-mail and therefore is not normally visible: use the Help function of your Mail Program to learn how it can be made to appear - in MS Outlook, for instance, use the View menu, click Layout and select an option of Preview Pane.

The following is the example of an E-mail that I received from a highly suspect FSU girl - with decidedly marginal English capabilities:

From: dinalove1977@rambler.ru
To: sanfloriani@alice.it Subject: <spam> Hollo the stranger!!
Hollo the stranger!!
I saw your profile on a site of acquaintances, and you very persistently it was pleasant to me,
and I carelessly saw yours Send by e-mail the address, and have decided to write you the letter,
and to send a photo and if I was pleasant To you That you can write to me,
and I will rejoice very much to it if you answer me, but my letter if you wish,
but to Look my profile, that he names in me Dina. I do not know,
that to you while to write and I to you I promise, whether you answer me my letter it in other
The letter is good??? To you I will write not so on more. I expect from you the letter
sincerely yours Dina!!
PS you can write me on this email dinalove1977@rambler.ru address.

And this is its header - in tabular form with comments (information in blue was obtained with the tools listed below):


X-Persona: ALICE My Mail Server (@alice.it). X is a time-honored acronym for message.
Received: from FBCMMI01B08.fbc.local [192.168.171.30] by FBCMST14V04.fbc.local with Microsoft SMTPSVC(6.0.3790.3959); Fri, 14 May 2010 03:34:26 +0200 My Mail Server is operated by my Internet Provider (Telecom Italia) through their own internal, private network using MS SMTP (Simple Mail Transfer Protocol) Services. IP addresses 192.168.171.30, 192.168.69.32 resolve to:

inetnum: 192.168.0.0 - 192.168.255.255
netname: IANA-CBLK-RESERVED1
descr: Class C address space for private internets
country: EU # Country is really world wide

Italy's Summer Time is +02:00 hours GMT.

Received: from FBCMMX01B03.fbc.local [192.168.69.32] by FBCMMI01B08.fbc.local with Microsoft SMTPSVC(6.0.3790.3959); Fri, 14 May 2010 03:34:27 +0200
Received: from maild.rambler.ru [81.19.66.33] by FBCMMX01B03.fbc.local with Microsoft SMTPSVC(6.0.3790.3959); Fri, 14 May 2010 03:34:24 +0200 My Mail Server received the E-mail from Dina's Mail Server (rambler.ru), whose 81.19.66.33 IP address resolves to:
inetnum: 81.19.64.0 - 81.19.66.255
netname: RAMTEL
descr: Rambler main network
country: RU
address: "Rambler Internet Holding" OJSC
address: 3 floor, Leninskaya Sloboda st., 19, Omega Plaza
address: Moscow, RU
Received: from max [unknown 77.40.33.85] Dina's Internet Provider, whose 77.40.33.85 IP address resolves to:
inetnum: 77.40.8.0 - 77.40.79.255
netname: MARI-VOLGATELECOM
address: VolgaTelecom Mari El branch
address: Sovetskaya 138
address: 424000 Yoshkar-Ola
ISP: XDSL DYNAMIC POOLS
Net Speed: DSL
(Authenticated sender: dinalove1977@rambler.ru) by maild.rambler.ru (Postfix) with ESMTP id 919608441E for <sanfloriani@alice.it>; Fri, 14 May 2010 05:34:22 +0400 (MSD)
Date: Thu, 13 May 2010 19:18:57 +0400
From: dinalove1977@rambler.ru 		Dina's Mail Server runs on an open-source Unix E-mail server (Postfix) using Extended SMTP.
Dina logged on correctly there on Thu, 13 May 2010 at 19:18:57 +0400
Her E-mail was sent out on Fri, 14 May 2010 at 05:34:22 +0400 (MSD)
MSD mean Moscow Summer Time, +04:00 hours GMT.
X-Mailer: The Bat! (v1.62r) UNREG / CD5BF9353B3B7091
Reply-To: dinalove1977@rambler.ru
X-Priority: 3 (Normal)
Message-ID: <1136748830.20100513191857@rambler.ru>
To: sanfloriani@alice.it
Subject: <spam] Hollo the stranger!!
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------119EE621096919"
Return-Path: dinalove1977@rambler.ru 		Dina's Mail Program (The Bat!)

The Bat! is the most popular FSU mail program, in this case an UNREGistered copy for personal use.

The registered copy allows for mass-mailing and is a favorite tool of spammers.

A MIME (Multipurpose Internet Mail Extensions) Content-Type: multipart/mixed means Dina's E-mail was text plus attachments - a photo:
Image:Dina.jpg
X-OriginalArrivalTime: 14 May 2010 01:34:25.0018 (UTC) FILETIME=<95FBE5A0:01CAF305]
X-Antivirus: AVG for E-mail 9.0.819 [271.1.1/2869]
X-Text-Classification: spam
X-POPFile-Link: http://127.0.0.1:8080/jump_to_message?view=131 		My Mail Server received Dina's E-mail 3 seconds later on 14 May 2010 at 01:34:25.0018 (UTC) - UTC or CUT is Coordinated Universal Time.
My anti-virus program (AVG)
and
my anti-spam program (POP File), which judiciously classified Dina's E-mail as spam.

Helpful Tools

To separate an E-mail header into more easily legible chunks:


To resolve an IP address:


Most of the above tools access the regional authority databases through the WHO IS function, which you can do directly yourself:


Another useful tool in this area is Tin Eye (http://www.tineye.com/) where you can submit a photo from your PC or some Internet website, and it will tell you where else on the Internet, to its not infinite knowledge, that photo also appears, be it a dating site, a scammer-listing site or elsewhere.


Conclusions

What have we learned from decoding Dina's E-mail header information?

  • Dina uses a PC, and probably lives, in Yoshkar-Ola, a city as famous for scammers as Lugansk.
  • Her Internet Provider is the local VolgaTelecom, Mari-El branch, giving her a DSL connection with a dynamic IP address (77.40.33.85). Given that private DSL is not as widely available in Russia as in the West, it MAY mean that Dina wrote her E-mail from a PC installed at some public facility (Internet Café, school, office, etc.)
  • Her Mail Server is Moscow's Rambler.ru.
  • Her Mail Program is The Bat!.


The above, and most of all her E-mail text, warrant further investigation.

Google can be a great aid in this - Dina's E-mail address dinalove1977@rambler.ru produces a page on the Zoqy Net blog (http://zoqy.net/?p=1734) written by a French wine lover who also received the SAME letter and photo a week earlier on May 10 through Yahoo Mail.

Therefore, Dina is very likely a scammer with a penchant for European Latins :-))

Further hints on how to spot a scammer can be obtained from RWD's Scammer Score Card (Scam Card: http://www.russianwomendiscussion.com/index.php?pid=34).

Retrieved from "http://www.russianwomendiscussion.com/mwiki/index.php/IP_Addresses_%26_All_That_Stuff"
Personal tools