headers di una fake mail

[john79]

SAlve .... voelvo chiedervi delle info a proposito del riconoscimento della provenienza di una email.
vi inoltro due header proveniente dalla stessa persona.
riconoscete le due tecniche utilizzate dall'inviante per anonimizzarsi


header mail 1

From: "ELECTRONIC BAZAR" <ik2gao@rome.com>
To: "Mark Robinson" <robbo.net@tiscali.co.uk>
Subject: Info New Sharp 30" LCD TV Built in "Freeview" Digital Tuner
Date: Thu, 28 Oct 2004 19:01:39 -0000
Message-ID: <20041028190140.3652116402F@ws1-4.us4.outblaze.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0000_01C4C11D.17F60CF0"
X-Mailer: MIME-tools 5.41 (Entity 5.404)
Thread-Index: AcS9IURC5LSCXqEAScStOo/D12QC6Q==
x-originating-ip: 172.187.102.20
x-originating-server: ws1-4.us4.outblaze.com
x-ob-received: from unknown (205.158.62.50) by wfilter.us4.outblaze.com; 28 Oct 2004 19:01:40 -0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180




header email 2

Received: from webmail-outgoing.us4.outblaze.com ([205.158.62.67]) by netserver.netforceteam.lan with Microsoft SMTPSVC(6.0.3790.211);
Mon, 1 Nov 2004 11:46:09 +0100
Received: from wfilter.us4.outblaze.com (wfilter.us4.outblaze.com [205.158.62.180])
by webmail-outgoing.us4.outblaze.com (Postfix) with QMQP id BD31F18001AE
for <g.darienzo@netforceteam.it>; Mon, 1 Nov 2004 10:50:58 +0000 (GMT)
X-OB-Received: from unknown (205.158.62.182)
by wfilter.us4.outblaze.com; 1 Nov 2004 10:50:58 -0000
Received: by ws1-6.us4.outblaze.com (Postfix, from userid 1001)
id A3FE71CE305; Mon, 1 Nov 2004 10:50:58 +0000 (GMT)
Content-Type: text/html; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailer: MIME-tools 5.41 (Entity 5.404)
Received: from [195.93.102.37] by ws1-6.us4.outblaze.com with http for
ik2gao@rome.com; Mon, 01 Nov 2004 05:50:58 -0500
From: "ELECTRONIC BAZAR" <ik2gao@rome.com>
To: "Giovanni D'Arienzo" <g.darienzo@netforceteam.it>
Date: Mon, 01 Nov 2004 05:50:58 -0500
Subject: INFO XDA2
X-Originating-Ip: 195.93.102.37
X-Originating-Server: ws1-6.us4.outblaze.com
Message-Id: <20041101105058.A3FE71CE305@ws1-6.us4.outblaze.com>
Return-Path: ik2gao@rome.com
X-OriginalArrivalTime: 01 Nov 2004 10:46:09.0812 (UTC) FILETIME=[FF8B9540:01C4BFFF]

[zello]

Bah. Vediamo:
1)
[nota: mi dispiace un po' perché l'abuse di outblaze so chi è, e so che loro sono seri. Però sti headers fanno schifo]

x-originating-ip: 172.187.102.20
x-originating-server: ws1-4.us4.outblaze.com
x-ob-received: from unknown (205.158.62.50) by wfilter.us4.outblaze.com; 28 Oct 2004 19:01:40 -0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180

Mi sembra che qualcuno ti abbia mollato lo schifo- usando la webmail di outblaze - da aol (172.187.102.20 è aol, whois riporta abuse<at>aol.net [si, net]). 205.158.62.50 è effettivamente ws1-4.us4.outblaze.com, e c'è effettivamente un server web (ma non un server di posta):

Codice: Seleziona tutto

get / HTTP/1.0

HTTP/1.0 200 OK
Date: Fri, 12 Nov 2004 15:17:39 GMT
Server: Apache
Vary: *
Cache-Control: no-cache
Pragma: no-cache
Last-Modified: Fri, 13 Aug 2004 10:07:45 GMT
ETag: "411c92f1"
Accept-Ranges: bytes
Content-Length: 2233
Content-Type: text/html
X-Cache: MISS from webserver
Connection: close


Passiamo al secondo. Togliendo la roba che non interessa, rimane

Codice: Seleziona tutto

Received: from [195.93.102.37] by ws1-6.us4.outblaze.com
X-Originating-Ip: 195.93.102.37


che a occhio è sempre aol.