A conversation between me and an anonymous hacker

You showed how you traced the email headers to an ISP.Is it possible that the person merely acccessed his inbox using a proxy like proxy.cjb.net and then sent you an email.I attempted this and when I looked the IP in the email(I used the above proxy) in http://www.dnsstuff.com/ it said that the IP was in someplace which was not even in the same continent as I live! Here's how you can tell if an IP address is a proxy: Look at the last two items in a traceroute to see what kinds of computers they are. Use a port scan such as nmap to see what servers they run. With home computers, usually you will see that the second to last IP address is a router and the last IP address doesn't have a webserver. Also, if the last IP address is either a DSL or dialup IP address, that is a sign it is a home computer. Anyhow, I thought your ideas about problems of tracking IP addresses were so good that I updated the website at http://happyhacker.org/sucks/sucks11-13-03.shtml. I mention your name but don't give your email address. If you would like to remove your name, let me know. If you would like to add your email address so other hackers can contact you, I'll be happy to do that, too. Carolyn Meinel http://techbroker.com 505-281-9675 "FBI agents could walk the halls of the Capitol and pay surprise visits to K Street offices and Beltway fundraisers, getting to know the model citizens and the perps, trolling for tips about which senator is living beyond his means and which lobbyist has set up a bogus think tank, checking out disclosure forms for red flags.... Criminologist Timothy D. Crowe, the author of "Crime Prevention Through Environmental Design," suggests that congressional offices should have open layouts, avoiding the indoor equivalent of dead-end alleys. Good design can also allow gatekeepers to control access to potential crime spots, or at least find out who's there for what purpose. " -- Michael Grunwald, The Washington Post, Feb. 12, 2006 -- Bye, Me. You have lots of good ideas. Perhaps I should just go ahead and write a full guide on how to tell what kinds of computers are represented in any email header. Now that nmap works as well on Windows as Unix-type systems, it should be easier to show the readers of Happyhacker what to do since I won't have to give different instructions for each class of operating system. The biggest problem I see is that the headers can be entirely forged, in which case you need to have a sniffer running on your email server to identify the real computer that sent the email. That computer, in turn, could have relayed it from elsewhere. Since most readers don't own their own email server, they can't do this. At 10:37 AM 4/26/2006, you wrote: >I really don't mind my name put up on your website.I infact consider >it to be an honour.Please don't give my email ID to other hackers as I >am really just an average hacker.They being able to contact me would >not serve them much.All I did was find a possibility which might have >been overlooked. > >I still have one doubt though. > >"Look at the last two items in your traceroute to see what kinds of >computers they are. The first and easiest test is to enter the IP >address in the location window of your browser like this: >http://213.153.175.62/ . If it brings up the website of a proxy >server, you'll know the person you are trying to track was using that >proxy. In that case you can't track down him or her." > > >This statement is indeed true for a HTTP proxy but in case the person >was using an email client which was configured to send its data using >another proxy which was nothing but a tunnel(not necessarily tunnel) >of computer proxies which were not HTTP based but simply sent the >packets directed at it to the desired location,then typing the proxy's >IP in the browser would send the request to port 80 or 8080 which >might not be running and if closed the browser would simply return >nothing but an error implying that the proxy if it existed was not >HTTP based. > >In this persons case whatever you said is true but if the mailer had >been more careful he might have tried something else. > >Also if someone had installed a remote login server of any sort in a >cybercafe(Lots of Cybercafes don't have any protection against such >attacks.I don't know about US cafes though) and sent that email after >connecting to a proxy from his computer through that cafe.He might >have just setup dummy servers in that computer to fool anyone running >trying to nmap it and putting up some good looking banner convincing >most people to believe that it really is some large company's 24 * 7 >server and displaying connected to ISP.net or something like that and >then put some login: password: message and then printing wrong >username and password irrespective of what is typed and then killing >the connection made to it convincing people that it was not some >dummy server and after spending lots of time to trace that computer >they would end up in nothing but a public computer!! > >I don't know but it is just a view point. Carolyn Meinel 505-281-9675 http://techbroker.com "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Benjamin Franklin, 1759 -- Bye, Me.