ydoaPs Posted February 24, 2006 Posted February 24, 2006 I have taken a new attitude to these kinda emails: Get their IP' date=' find out their ISP, find out any other info I can on them (ie. whereabouts they live) and just send them an email back telling them their own IP, ISP, area they live in etc. and tell them to stop [insert rude word']ing spamming. Sadly none of these people have ever written back to me, I'd love to hear one of their replies! how would one do this?
Phi for All Posted February 24, 2006 Posted February 24, 2006 how would one do this?I've used an ARIN whois search on some of the jerks we occasionally get here, but I already know their IP.
1veedo Posted February 24, 2006 Posted February 24, 2006 It only tells where the ISP is located. You can install a program called whois that'll do it in a terminal; much faster then using a web service. http://www.die.net/doc/linux/man/man1/whois.1.html azevedo@tux /files/www $ whois 38.118.74.97Performance Systems International Inc. PSINETA (NET-38-0-0-0-1) 38.0.0.0 - 38.255.255.255 Performance Systems International Inc. COGENT-NB-0002 (NET-38-112-0-0-1) 38.112.0.0 - 38.119.255.255 # ARIN WHOIS database, last updated 2006-02-23 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database. I'm not sure about the exact location of the user, though. I know I found a website once that would take an IP address and tell you where the person lived but I think it was just giving the address of the ISP. 5614 would probably know
Cap'n Refsmmat Posted February 24, 2006 Posted February 24, 2006 If you use this in combination with the ARIN link Phi posted, you can get a location and ISP. And the IP locator is based upon the user's location, not the location of the ISP.
CanadaAotS Posted February 25, 2006 Posted February 25, 2006 how do get a spammers ip in the first place though? I know how to find out all that information with the IP address first... I did a little survey with shareaza, lots of german people like starcraft apparently lol
Cap'n Refsmmat Posted February 25, 2006 Posted February 25, 2006 It's relatively simple with email messages. Emails come with headers that give the address of the servers involved in sending the email (you can view them in some email programs if you know where to look). Unfortunately, most spammers send emails through open proxies that don't give the IP of the original sender, so the best way to catch them is to make a honeypot.
Cap'n Refsmmat Posted February 25, 2006 Posted February 25, 2006 A trap. You set up what appears to be an open proxy, but it actually logs all access attempts and such and prepares reports to be sent to the ISP of the offender.
5614 Posted February 25, 2006 Posted February 25, 2006 I don't know if I still need to answer this... Basically you can get the IP of where the email originated from the email headers. In Yahoo! if you view an email and scroll to the bottom of the page look on the right, there's a link which says full headers/brief headers (it will say one or the other,) click on it. For hotmail it is in the Options page, click on Mail (left menu) and then Mail Display Settings, set Message Headers to Advanced. Once you have the IP then something like Visual Route: http://download.visualware.com/networkmonitoring/index.html will trace the IP and show it visually, so you will get the location of the IP. Visual Route will also display the ISP name in the final Node Name value. To know the ISP go to DOS or command prompt and use the tracert command which is essentially what Visual Route does, although obviously the DOS version only displays text. So for example get your IP from http://www.whatismyip.com/ and then go to DOS and type in: tracert [insert IP] so an example would be: tracert 12.345.678.912 at this point it will say: "Tracing route to _________ [your IP] over a maximum of 30 hops:" look at the text (which I wrote as ____) and your ISP should be written in there somewhere. For me the ____ reads myIP.dsl.pipex.com (my ISP is Pipex) and my friend who is on AOL reads stuff.mx.aol.com http://www.arin.net/whois/ Can give you the ISP. If I search for a friend's IP on it says: "OrgName: America Online, Inc." because she is with AOL. Although for me it just says: "OrgName: RIPE Network Coordination Centre" which is fairly useless. Although some of the above could be incorrect, it all depends on what IP you have. You might have the IP of the computer where the email originated from, in which case traces will lead to the guy's house. You might have the ISP's in which case all traces will lead to the ISP. Or you might have the IP given to your by some proxy which is effectively useless. (Although in Yahoo! with the X-Originating-IP, Authentication-Results, Received & Message-ID headers some proxys seemingly do not fully hide the real IP.)
1veedo Posted February 26, 2006 Posted February 26, 2006 If you use web bassed email, such as Yahoo, your IP isn't in the header. Instead the orig IP shows up as Yahoo. Cap'n Refsmmat, that link is what I was talking about before. The "location" is not the user of the IP. I calculated this yesterday but I was on my XP computer, which lost what I typed in the quick reply. My dad said it was off 3 miles north and 6 miles east. (each degree latitude is 60 - 70 miles???) Anyway, it says my lattitude and longitude are 38.3515 -81.6320 In reality, those are the coordinants of downtown Charleston, WV. http://www.topozone.com/map.asp?lat=38.3515&lon=-81.632&datum=NAD83&u=5 I live north east or Chaleston The difference was + .15 and -3. Something like 38.49, -81.34. I'll double check when I find the GPS edit: My IP, for referense: 24.179.92.84.
Cap'n Refsmmat Posted February 26, 2006 Posted February 26, 2006 Cap'n Refsmmat, that link is what I was talking about before. The "location" is not the user of the IP. I calculated this yesterday but I was on my XP computer, which lost what I typed in the quick reply. My dad said it was off 3 miles north and 6 miles east. (each degree latitude is 60 - 70 miles???) I believe that what happens is the IPs are allocated to the ISPs routing centers (or whatever they're called) and the locators give you the location of the routing center you are connected to. Typically users aren't very far from these, so the locators should be fairly accurate.
doG Posted February 26, 2006 Posted February 26, 2006 I am amazed by the number of spammers that actually have open $hares on their box
Klaynos Posted February 26, 2006 Posted February 26, 2006 Alot of spam atm seems to originate from virus ridden windows machines And is one of the big uses for rooted *nix boxes :|
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now