I should have used AAA.BBB.CCC.DDD for the IP's. The IP range I used is private and doesn't get routed over the internet. I should have been clear that "munged" means I removed my IP range. I have had several people comment on the IP addresses....they are not real. Jason Lewis http://www.packetnexus.com "All you can do is manage the risks. There is no security." -----Original Message----- From: james.s.kahanat_private [mailto:james.s.kahanat_private] Sent: Thursday, May 17, 2001 12:14 PM To: incidentsat_private Subject: Re: Strange email The ip address in question, 192.168.x.x belong to Prodigy Internet. Their primary network hub is located in Reston, VA. The ip you see is probably a mail server. "mcoleman" <mcolemanat_private> 05/16/2001 07:01 PM AST To: <incidentsat_private> cc: Subject: Re: Strange email I have seen marketing attempts doing similiar things. First, by loading the image, they can tell that the email they sent you was actually read by someone (by looking in their logs of their web server for the specific image name that was sent to you, which is unique just for you). This makes spam much more valuable if you can prove it was actually read by someone. If you read the email, and your outlook pulls that image from their server, they now know the IP address of the client that read the email (from their logs). This image name will be slightly different for each email they send, so they can correspond the request name with specific request for the image. If the image loaded in your email, he now has your IP address, or your NATted equivelent therein. My personal firewall on my computer blocks port 80 attempts from outlook, preventing these attempts from working. ----- Original Message ----- From: "Jason Lewis" <jlewisat_private> To: <incidentsat_private> Sent: Tuesday, May 15, 2001 7:55 PM Subject: Strange email > I received this email today. The headers show it being sent from a machine > in Korea. Everything in the headers is forged, but I just can't figure out > what the motive is behind it. Also, at the end of the email, there was a > gif and I included the embedded html link. Has anyone else seen this? I > have munged the IP's. > > > > Hi my name is Sarah Pricer, a CS graduate student at UC Berkeley. I > obtained your email address from www.arin.net when searching for the IP > block(192.168.64.0 - 192.168.64.255 ) that you coordinate. > > I'm currently writing a thesis on the network topology and would very much > appreciate your cooperation. I am trying to draw out a map of how the IPs > are distributed geographically. I realize that the IP registration data > often times have country/state/city information that are different from the > actual physical location of where the IPs are used. > > Arin data currently shows that 192.168.64.0 - 192.168.64.255 is registered > to: > > Country: US > State: VA > City: MCLEAN > > Can you please tell me if this is the actual physical location of the IPs? > If not, can you please tell me the actual location? Again, thank you for > your cooperation. > > warm regards, > Sarah P. > > <http://211.33.122.158/icons/1/cal_1506.gif> > > > > > Jason Lewis > http://www.packetnexus.com > "All you can do is manage the risks. There is no security." > > > >
This archive was generated by hypermail 2b30 : Fri May 18 2001 - 12:29:23 PDT
