tracking scammers by IP number

Edward Lewis Ed.Lewis at neustar.biz
Thu Dec 28 16:48:32 UTC 2006 

This is the first time I've responded to something involving Russian 
princesses, I swear. ;)

At 22:53 +0800 12/28/06, Alexander Harvey wrote:

>For the last few days I have been corresponding with a person who calls
>him/herself 'Natalya,' uses a yahoo email address, claims to be in Omsk,
>Russia, but whose email headers show in fact his/her messages are coming
>from various servers in the US.
>
>My question is this: beyond collecting IP numbers for my own curiosity &
>watching on a map the various originating locations of these messages, what
>can I do to have these people actually put into a lovely US prison?

Well, it is a bit hard for me to grok the situation, and this is the 
bind-users list.  So I'll say something generic.  (I wonder if you 
are doing this to collect more IP addresses from members on the list.)

First, you can't always trust the data you are handed.  Headers can 
be forged, mail can be bounced around, etc.  As the Internet has 
evolved, I've learned that you can tell less and less remotely about 
a configuration than you used to be able to.  For example, anycast of 
DNS makes what once looked like a weak set up much more robust.

Second, the best way to get information about something on the other 
side if the network is to plain ask the other side.  If you suspect 
that the other side is playing maliciously, you have to be stealthy 
in getting a confession.  For "how to do this" watch a lot of Columbo 
TV mysteries (http://en.wikipedia.org/wiki/Columbo) (yes there is a 
Wiki for everything).  In 1988-1989 I caught a hacker by playing 
"dumb."

The hacker story - a kid was phoning folks (before the days of caller 
ID) claiming to be the sys admin at the college and asking for 
passwords (which he got).  Eventually he called me, I pretended not 
to know my password and that I had it written at home.  I asked him 
if I could call him back - and he gave me his phone number.  Once he 
realized what he had done, the game was over.

The best recommendation is to leave law enforcement to the experts. 
They not only will have access to data you will never get (through 
court orders), they have experience in doing this, and especially, 
they know how to handle the evidence they collect.  If you try this 
and botch something, it could come back to haunt you by labelling you 
a stalker.  And that's if you were on the right track.

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis                                                +1-571-434-5468
NeuStar

Dessert - aka Service Pack 1 for lunch.

More information about the bind-users mailing list