[Air-l] distracting puzzlement

jeremy hunsinger jhuns at vt.edu
Sat Apr 20 07:19:05 PDT 2002 

I would also inspect your institutions appropriate use policy.  Also 
there is usually, and abuse e-mail address for reporting abuse of all 
kinds of networking resources.

as for the teaching part, my approach would be to use it as an example 
in class, with the student you know's permission, iow, play hamlet, and 
see who the uncle might be.  If nothing else, it will show that you 
generally disapprove of such things.  You could also speak about 
appropriate use policies, the ability to discern who a user is from the 
internet, etc.  it is amazing what you can do with just an ip number and 
logs, the ip number might be had from msn, but could be any number for 
demonstration purposes, and from there with the proper connections in 
the right places, you can track even things as miniscule as the stream 
of addressed packets along the backbone with tools like 
http://eyeball.sourceforge.net/  (written by an old philosophy 
colleague, who moved into IT during the boom).  This would go far  to 
remove the individuals assumptions of anonymous nature of the internet.

To me, this seems not to be a major problem, it seems harmless, but for 
me the problem lies in the assumptions that the person has involving 
risk, anonymity, identity, etc.   So, i think it is important to get him 
or her to think about their actions, even if they never admit to what 
they did, they at least might begin to realize that things might not be 
as they thought they were and that next time it might not be a wise 
thing to pursue.

on another note, it is quite easy to spoof a hotmail address without 
ever applying for that address.  Most people who are inclined to do 
things like this, could do this through open relays and/or broken 
scripts, or other exploits without ever touching a hotmail server. The 
majority of the spam that I get have hotmail or yahoo send addresses, 
but did not originate from that domain.  In this case though, it would 
be interesting to know how the postcard sending system works.  Does one 
have to have an account to send a postcard from it, or can one type in 
any address?  If the latter, then the address may be entirely spurious, 
though you can still check the webserver or application logs and 
retrieve the connection information which would allow you to find the 
host that connected to the server, though that might be a dead end.  If 
the former, then you have a closer link that could be traced.  In any 
case, one rule of thumb for this type of forensic work or really for 
nearly anything related to identity is never to 'trust' an e-mail 
address for a wide variety of reasons.  This is why we have digital 
signatures, public keys, etc. for establishing identities for many 
processes.






jeremy hunsinger
jhuns at vt.edu
on the ibook
www.cddc.vt.edu
www.cddc.vt.edu/jeremy
www.dromocracy.com

More information about the Air-L mailing list