Firewalls: Re: Website to Fake email as a service

Firewalls
(August 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Website to Fake email as a service
From:	Jesse Brown <bextreme @ pobox . com>
Date:	Tue, 5 Aug 1997 23:53:47 -0700 (PDT)
To:	John Cross <jcross @ grtk . com>
Cc:	Firewalls @ GreatCircle . COM
In-reply-to:	<5743F218BEC0D011825C0060B01AC1F60AFDB8 @ challenger . grtk . com>

An easy way of doing it (if there ISP's DNS is configure correctly) is to
do a reverse lookup on the ip (on a unix system you can simply type host
<ip address>). Again using unix, you can then see who their ISP is by
looking at the second name to the left (for instance, if you got back
ak-4-23.ptw.com from host, then ptw.com is their ISP). You would then type
whois <their isp> to get the contact information and location for their
ISP. You could use DIG but it is more complex..

   I have duplicated these steps below... (on my linux workstation)

 1.  Do a Reverse Lookup (a random ip#)

   > host 207.212.176.4

   I get:

    Name: vader.ptw.com
    Address: 207.212.176.4
    Aliases:

  2. See who owns that domain.  

   > whois ptw.com

   I get:

   [rs.internic.net]
   Lancaster Internet (PTW-DOM)
   43619 17th St W. ste 201
   Lancaster, CA 93534

   Domain Name: PTW.COM

   Administrative Contact, Technical Contact, Zone Contact:
      Peugeot, Mark  (MP187)  mark @
 PTW .
 COM
      805-723-2700

   Record last updated on 21-Jan-97.
   Record created on 20-Jan-95.
   Database last updated on 5-Aug-97 04:30:09 EDT.

   Domain servers in listed order:

   GRIEF.PTW.COM                207.212.176.3
   VADER.PTW.COM                207.212.176.4

 As you can see from the above, just about any questions you could have
can be answered by Mark Peugeot (hopefully).

Hope this helped!

-J

On Tue, 5 Aug 1997, John Cross wrote:

> What will they think of next.  Yes, www.aprilfools.com will allow you to
> generate a fake email from anyone and send it to someone else as a
> "joke".  It has a preconfigured form for its standard 'smut surfer'
> alerts and so forth, but it is totally editable, so you can send
> anything you want.  My CFO received a message from the head of HR
> warning him about his Internet surfing habits.  Needless to say, the
> wording and so forth was not well received.
> 
> Well, for list content, how can I track who initiated the mail message?
> I tracked the headers back to the mail server of the www.aprilfools.com
> site, and contacted the administrator there.  He was actually helpful
> and gave me the IP address of the browser that initiated the mail form.
> Anyone know how I can take that IP address and trace it back to a source
> domain?  I can ping the address, but I don't know how to do a reverse
> lookup on IP to get a domain name so I can contact that administrator to
> track the address further.  (Someone mentioned DIG, but I have no idea
> what that is)
> 
> Also, anyone have suggestions for protecting my uneducated users from
> further spoofed mail?
> 
> 
> Thanks,
> John
>

Follow-Ups:

Re: Website to Fake email as a service
From: Ambrose Li <news-misc @ mingpaoxpress . com>

References:

Website to Fake email as a service
From: John Cross <jcross @ grtk . com>

Indexed By Date	Previous:	DETAILS From: AL-SARHAN <s929803 @ dpc . kfupm . edu . sa>
Indexed By Date	Next:	Re: Are firewalls for anyone on internet? From: Matt Stohr <acheron @ minn . net>
Indexed By Thread	Previous:	Website to Fake email as a service From: John Cross <jcross @ grtk . com>
Indexed By Thread	Next:	Re: Website to Fake email as a service From: Ambrose Li <news-misc @ mingpaoxpress . com>