Re: TECH: Accountability et al, Part III

["Karen G. Schneider" <kgs@INTAC.COM>]

The plot thickens.  I spoke today with the principal and an administrator
from the school the nastygram apparently came from, and they were quite
cooperative, particularly as I emphasized I wasn't really sure where the
email originated; we had a beneficial discussion about Netscape and other
security issues.  However, they didn't know any more than I did, and though
they were fairly new to security issues (REALLY new, actually) the more we
talked the less it sounded as if their server was the source.
 
I turned back to the IP address reported at the bottom of the original
message.  I had trouble identifying the address I had with the lookup tools
I'm familiar with--nslookup, traceroute, ping, host--so I asked Chris
Peckham for assistance; he works for Intac, my local Internet Service
Provider.  I still don't know if Chris used these tools more effectively
than I did , if he was able to peel more information from the header of the
original nastygram, or if he has yet more tricks up his sleeve. [Last
minute update: he used a tool called "whois" with a couple of switches I
wasn't familiar with.]  At any rate, Chris found the host site and emailed
me with the name of the (apparent) originating machine, aas well as the
maintainer of this site and the maintainer's email address AND real phone
number!  Get down, Chris!
 
So I have now emailed the site Chris located.  Below I've included my
message to this site, with incriminating info X'ed out.  I'll keep you all
posted.  Again, I'm not pro-censorship--I'm pro-accountability and
responsibility.  I plan to find out who did this and make sure they don't
do it again if I have to track that message to Timbuktoo.  I believe in
free will but I also believe in the Fall.  ;-)
 
>Date: Tue, 2 May 1995 19:47:53 -0500
>To:X
>From:kgs@intac.com (Karen G. Schneider)
>Subject:Re: help/2232: can you help me trace this?
>Cc:X
>
>Mr. X:
>
>I received an email yesterday that apparently came from a machine on your
>network.  It was "spoofed" to look as if it came from a school in X,X, and I
>had a little trouble using the lookup tools with the IP #, which is
>XXXXXXXXXXXX, but with my provider's help we have identified what appears to
>be the origin.  I would appreciate your prompt response on this issue.  You
>may reach me by email or voice (XXXXXXXXX).  The email and my provider's
>research follows my signature file.  I have also carboned in the administrator
>of the site whose URL was implicated in the email.  I will also be contacting
>your site by phone.
>
[sig file and earlier messages were attached]
 
 
=============================================================
Karen G. Schneider, Blue Highways Internet Services   kgs@intac.com
Cybrarian/Internet Trainer  "Have Powerbook, Will Travel!"
Need a NJ provider?  Free referrals.
Visit Karen's Kitchen at http://www.intac.com/~kgs/
=============================================================