[imp] X-Originating-IP

Clive McDowell c.mcdowell@qub.ac.uk
Mon, 12 Feb 2001 17:08:32 +0000

Previous message: [imp] X-Originating-IP
Next message: [imp] X-Originating-IP
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Message-ID: <EXECMAIL.1010212170832.P@cmcd1.fujin.qub.ac.uk>
Priority: NORMAL
X-Mailer: Execmail for Win32 5.1.1 Build (10) 
MIME-Version: 1.0
Content-Type: Text/Plain; charset="us-ascii"

On Mon, 12 Feb 2001 11:51:25 -0500 Rich Lafferty <rich@horde.org> 
wrote:

> If you get the "client address" by any method other than looking at
> the address from which the http connection originated, then you're
> looking at information provided *by* the client, which is to say,
> entirely untrustable.

I was interested in this from the point of view of tracing the source
of malicious messages. I have traced mail sent via e.g. hotmail back 
to particular machines on site here using the proxy cache logs - 
abit time consuming. I have even successfully traced a message sent 
using hotmail via a cache machine in England from a different site in 
England but this required the cooperation of the cache manager. In 
these cases the source IPs were reliable as the origins were at UK 
academic sites which are generally pretty good at keeping tabs on 
things. I realise that the true source IP might not be genuine but 
not everyone is clever enough to hide their tracks that well.

> > The Queen's University of Belfast
> 
> Wow, we're all *over* the place! Neat. :-)

Hey - we're not the third world here! (with apologies to the third 
world).

Clive McDowell

Information Services
The Queen's University of Belfast

Previous message: [imp] X-Originating-IP
Next message: [imp] X-Originating-IP
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]