±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 36595
New Yesterday: 4 Visitors: 139

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Checkmate Zine

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

debaser_
Senior Member
 

Checkmate Zine

Post Posted: Mar 01, 06 01:34

I found this on securityfocus forum. It looks to be fairly well put together from what ive read. I think it may be worth checking out.

www.niiconsulting.com/checkmate/  
 
  

keydet89
Senior Member
 

Re: Checkmate Zine

Post Posted: Mar 01, 06 02:44

Hhhmmm...no new articles or editions since I blogged about it...

Harlan  
 
  

youcefb9
Member
 

Re: Checkmate Zine

Post Posted: Mar 01, 06 03:39

The email tracing article is not accurate. The author claims that the email originated from the Gateway (because this is the first box that shows an IP address, but in fact the email was bounced to the gateway from a possibly internal mail server (thus the localhost).

Indeed the internal mail server looks to be properly hardened not to emit any tracing information that could help in network mapping (like showing the intenal - non routable - IP addresses used in the corporate).  
 
  

debaser_
Senior Member
 

Re: Checkmate Zine

Post Posted: Mar 01, 06 07:40

- youcefb9
The email tracing article is not accurate. The author claims that the email originated from the Gateway (because this is the first box that shows an IP address, but in fact the email was bounced to the gateway from a possibly internal mail server (thus the localhost).

Indeed the internal mail server looks to be properly hardened not to emit any tracing information that could help in network mapping (like showing the intenal - non routable - IP addresses used in the corporate).


I guess I should have read them all before posting. I just skimmed through them and it seemed worth a shot. Sorry.  
 
  

keydet89
Senior Member
 

Re: Checkmate Zine

Post Posted: Mar 01, 06 17:01

Don't be sorry...it's good that you pointed it out, for two reasons. One is that you wouldn't want someone quoting that as gospel. The other is that now someone like youcefb9 has a chance to do a better job...

Harlan  
 
  

cinux
Member
 

Re: Checkmate Zine

Post Posted: Mar 08, 06 14:16

Hi everybody,
Thanks for the feedback. You are indeed right in pointing out that the IP is the not the real IP of the sender but the IP of mail gateway i.e gateway1.verisign.com [65.205.251.51] which is running a sendmail program v8.12.8. It has been mentioned in the conclusion that most often while tracing, the investigator would be able to reach the first hop the email's journey which could be a corporate mail server, an open proxy or a dial-up port of an ISP. Still, I would make appropriate changes so that the concept is not misunderstood! In any caes, an update to the article is in the line where we discuss about anonymous networks, open proxy servers and the email headers in details.
We are ready with the next issue of checkmate which should be out in a few days. Any critical feedback/suggestion is keenly awaited.
"Checkmate" is an initiative by NII to spread awareness about the domain of Computer Forensics. if you would like to contribute to the magazine in any way, you are most welcome.
Thanks again for your support and time.
Chetan Gupta
Forensic Analyst, NII Consulting
_________________
Chetan Gupta
ENCE, GCFA, GCIA, CEH, CCNA, CIW Sec. Analyst
Forensic Analyst 
 

Page 1 of 1