Your browser does not seem to support CSS. If images appear below, please disregard them.
It appears that you're running an Ad-Blocker. This site is monetized by Advertising and by User Donations; we ask that if you find this site helpful that you whitelist us in your Ad-Blocker, or make a Donation to help aid in operating costs.
Previous Thread
Next Thread
Print Thread
Rate This Thread
#6308 - 10/03/03 02:53 AM mx1 - yahoo and mail bug  
Joined: Oct 2003
Posts: 59
bosky101 Offline
Junior Member
bosky101  Offline
Junior Member

Joined: Oct 2003
Posts: 59
india
hi im a newbie here...and the first thing i learned wa the
mx1.mail.hotmail.com
mx1.mail.yahoo.com
vulnerabilty...
So the Qestion is ...WHY arnt theydoing anything about it ...dont tell me they dont KNOW.. lol

anyway..is there anyway way i can get the ip of the person i send an wmail to / or get an email from ? using patches ..or remote exes.?


"it is the question ...that drives the answer..."
Keep Clicking,
Bosky
Sponsored Links
#6309 - 10/03/03 05:02 AM Re: mx1 - yahoo and mail bug  
Joined: Mar 2002
Posts: 815
sinetific Offline
nobody
sinetific  Offline
nobody

Joined: Mar 2002
Posts: 815
Ann Arbor
Are you refering to being able to forge fake from headers on an email? That is not a vulnerablity. It is the functionality of the POP3 protocol, that is why they dont do anything about it. You need to be able to specify who the letter is from and if you notice it doesnt matter if it's forged, you can still check the header and see the address of the sender. Places like yahoo and hotmail need to open these servers up to everyone because thier client base comes from everywhere. When it comes to ISP POP3 accounts the disable access to thier POP3 servers to everyone except clients on thier network or computers on thier netblock.

#6310 - 10/03/03 05:48 AM Re: mx1 - yahoo and mail bug  
Joined: Oct 2002
Posts: 955
jonconley Offline
UGN Super Poster
jonconley  Offline
UGN Super Poster

Joined: Oct 2002
Posts: 955
Merrill, IA, USA
You can get the IP of the person sending a mail from the mail headers themselves. I don't know the exact title of the header, but I answered a question like this before and SR was able to come along and give the details So for now, you will have to look yourself, but it shouldn't be too hard to figure out.

Didn't know if that is what sin was talking about in reference to the "address" or if he was referring to the email addy.

No, I won't search for it, I could but so could you.

#6311 - 10/03/03 05:57 AM Re: mx1 - yahoo and mail bug  
Joined: Mar 2002
Posts: 815
sinetific Offline
nobody
sinetific  Offline
nobody

Joined: Mar 2002
Posts: 815
Ann Arbor
Oh i was refering to seeing the IP address of the sender in the email header that you can view in the properties of the email or in other places depending on the client you use. But you will be able to tell if the IP corresponds to the 'from' address.

#6312 - 10/03/03 08:41 AM Re: mx1 - yahoo and mail bug  
Joined: Mar 2002
Posts: 1,273
SilentRage Offline
DollarDNS Owner
SilentRage  Offline
DollarDNS Owner

Joined: Mar 2002
Posts: 1,273
OH, USA
The last "Recieved" header (and consequently the first "Recieved" prepended to the email) in the email headers is information about the source of the email including the source IP address.


Domain Registration, Hosting, Management
http://www.dollardns.net
Sponsored Links
#6313 - 10/04/03 01:37 AM Re: mx1 - yahoo and mail bug  
Joined: Oct 2003
Posts: 59
bosky101 Offline
Junior Member
bosky101  Offline
Junior Member

Joined: Oct 2003
Posts: 59
india
thnx a lot guys... gee sinetific , guess i need to read more on protocols i guess ...

ok...i jus found that Outlook has an option to read email headers apart from the message properties . is this what SR is talking about...the checkbox with the "internet header ,show last recieved "

anyway..so ,reading the email headers reveal the ip address...hmmm intersting...but what if ,they use some "remailing" facility like :
A4proxy ( http://www.inetprivacy.com/a4proxy/ )
or some other proxy, which strips out all original email headers and info about your location and IP address, and then sends the message to its final destination...
and i guess realised that i guess i wont be able to send an email back to them coz ....itsNOT thier legitimate email anyway...so they cant check it rite...waht u think...ilemme try seraching on "how to mail to an ip adress instead " ..
thnx again


"it is the question ...that drives the answer..."
Keep Clicking,
Bosky

Member Spotlight
Gremelin
Gremelin
Portland, OR; USA
Posts: 7,195
Joined: February 2002
Show All Member Profiles 
Forum Statistics
Forums45
Topics46,798
Posts81,968
Average Daily Posts11
Members2,159
Most Online1,567
Apr 25th, 2010
Latest Postings
Top Posters(All Time)
UGN Security 39,962
Gremelin 7,195
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Top Liked Users (All Time)
§intå× Likes: 1
Cold Sunn Likes: 1
Crime Likes: 1
Cyrez Likes: 1
Ghost Likes: 1
Gremelin Likes: 4
Ice Likes: 1
unreal Likes: 1
Top Liked Users (30 Days)
Powered by UBB.threads™ PHP Forum Software 7.6.0
(Snapshot build 20160902)