Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Alter the originating IP address

35 views
Skip to first unread message

purus...@gmail.com

unread,
Dec 27, 2008, 3:59:49 AM12/27/08
to
Is it possible to hack and alter the originating IP address of an
email in the email header?

In other words, could some one in a different physical location send
an email and put my IP address in that email so that it would appear
to be sent by me?

Thanks in advance,
Purus

Barry Margolin

unread,
Dec 27, 2008, 4:11:42 AM12/27/08
to
In article
<05d5626a-6604-4df8...@e10g2000vbe.googlegroups.com>,
purus...@gmail.com wrote:

They can't alter the "from" clause of the "Received:" line that the
receiving server adds. But they can put their own "Received:" line in
the message before sending it, to make it look like it was sent from
your IP to their server.

Basically, you can't trust anything in a "Received:" line unless you
trust the receiving machine that added it.

--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***

Sam

unread,
Dec 27, 2008, 5:21:18 AM12/27/08
to
purus...@gmail.com writes:

1) Each Received: header gets recorded by the mail server when it receives
the email. On the modern Internet, presuming that a mail server is running a
modern O/S, it is not possible to connect and have a successfull SMTP
dialogue with a faked IP address.

2) Unless your mail server is compromised and hacked, and unless your mail
server is running on some ancient O/S whose TCP sequence numbers can be
predicted, the IP address recorded by your mail server is authentic and
cannot be altered.

3) If your mail server received a message from some other mail server,
whether the previous mail server's Received: header recorded the correct IP
address is determined by statement #2, as applied to the previous mail
server. If you have sufficient knowledge to form sufficient conclusion of
statement #2 as it relates to the previous mail server, the IP address
recorded by the previous mail server could not have been altered.

4) If you do not have sufficient personal knowledge that the mail server you
received the message from has not been compromised, and that it is running a
modern O/S that uses random TCP sequence numbers, then you cannot be certain
that the IP address recorded by the previous mail server is authentic.

5) Lather, rinse, and repeat for all the previous mail servers.

6) If your Internet provider has informed you that you're spamming or that
you're sending viruses, and provided a copy of some sample spam/virus whose
headers claim that the spam/virus originated from you, and if you are
running Microsoft Windows, that it is very likely that your PC has been
compromised or infected by any one of thousands of knowns viruses/trojans
that have taken advantage of any number of known security holes in
Microsoft's shitware, and have commandeered your PC into a bot army, without
your knowledge.

0 new messages