go to apnic, do a whois on the ip.
That will tell you which ISP owns the address and who to mail for abuse.
> -----Original Message-----
> From: Philip S Tellis [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, April 20, 2000 6:08 PM
> To: [EMAIL PROTECTED]
> Subject: [ILUG-BOM] How many of you've recd something like this?
>
>
> Check out this message I just recd. Probably from someone who knows me...
> Then again, it might be considered spam what?? I have included headers as
> well - one of them is particularly interesting. Read on...
>
> ---------- Forwarded message ----------
> Return-Path: <[EMAIL PROTECTED]>
> Received: from mcfs.whowhere.com (mcfs.whowhere.com [209.1.236.44])
> by smv18.iname.net (8.9.3/8.9.1SMV2) with SMTP id HAA06928
> for <[EMAIL PROTECTED]> sent by <[EMAIL PROTECTED]>; Thu,
> 20 Apr 2000 07:37:25 -0400 (EDT)
> Received: from Unknown/Local ([?.?.?.?]) by shared3.whowhere.com;
> Thu Apr 20
> 04:36:35 2000
> To: [EMAIL PROTECTED]
> Date: Thu, 20 Apr 2000 04:36:35 -0700
> From: "Linus Torvalds" <[EMAIL PROTECTED]>
> X-Sent-Mail: off
> X-Mailer: MailCity Service
> Subject: Invitation...
>
> X-Sender-Ip: 202.141.151.74
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> hi philip,
>
> i read your postings on ilug (bombay edition) and am impressed by your
> interest and knowledge in linux.
>
> i invite you to come an join my company.
> ^^
> damn spellings...
>
> linus.
> www.tranmeta.com
>
> reply back soon.
>
>
> -------------End Forwarded message-------
>
>
> Now, two things:
>
> 1. I definitely think Linus' grammar and spellings are better than here.
> He even capitalises his sentences correctly - check out
> /usr/src/linux/Documentation
>
> 2. Given the sender's IP address: 202.141.151.74
> and mail time: Thu Apr 20 04:36:35 2000
>
> Wouldn't it be possible to trace this back to the actual sender? In
> principle...
>
> Look at the IP address. 202.141.151.* should belong to some ISP. Check
> their dhcp.leases file for all leases for 202.141.151.74 active at
> 04:36:35 on Apr 20. That would tell us a client host name (that you enter
> in windows or unix) and a uid. I'm assuming no hardware address (which
> would uniquely id any machine in the world) cause the user would most
> likely be using a modem.
>
> If the ISP has dial-in log files, we could then find out the number of the
> origin phone. The phone number would uniquely identify a particular
> house at least ... unless the person has gone to lengths to spoof his
> phone number or something like that. I don't think anyone would go to
> that much trouble to send me junk.
>
> So, what are your thoughts on tracing this mail back to the sender. Is is
> possible, and how would you do it?
>
> Philip
>
> PS: I am not really interested in tracing it back. It just seems
> interesting to figure out how it would be done.
>
> ===========
> Nice guys don't finish nice.
>
>
> To subscribe / unsubscribe goto the site www.ilug-bom.org .,
> click on the mailing list button and fill the appropriate information
> and submit. For any other queries contact the ML maintener
To subscribe / unsubscribe goto the site www.ilug-bom.org ., click on the mailing list
button and fill the appropriate information
and submit. For any other queries contact the ML maintener
