Support The Ethical Hacker !! - Click Here If You Like My Contents !!!

Showing posts with label MIME. Show all posts
Showing posts with label MIME. Show all posts

Wednesday, November 18, 2009

Email Header Finger Printing

When we send an Email, the SMTP server creates a header.Study of the Mail server name reveals the OS of the server. For all this ,we have to analyze the Email Header first. The email header reveals a lot of other sensitive information about the sender including his IP.We will discuss more on this topic on other posts.
Countermeasures :
Change the mail daemon settings 

A sample Email header is shown below :


Delivered-To:XXX @gmail.com
Received: by 10.142.100.4 with SMTP id x4cs39161wfb;
        Tue, 17 Nov 2009 22:37:56 -0800 (PST)
Received: by 10.90.17.29 with SMTP id 29mr1540839agq.79.1258526174775;
        Tue, 17 Nov 2009 22:36:14 -0800 (PST)
Return-Path: 
Received: from mail15-a-ac.linkedin.com (mail15-a-ac.linkedin.com [208.111.169.137])
        by mx.google.com with ESMTP id 30si16545010iwn.121.2009.11.17.22.36.13;
        Tue, 17 Nov 2009 22:36:13 -0800 (PST)
Received-SPF: pass (google.com: domain of s-qKShvR1E_bKJbE3KpcihvgYpqS5pjeiVFRKjniEn-5Sp4jYEI5tJj_@bounce.linkedin.com designates 208.111.169.137 as permitted sender) client-ip=208.111.169.137;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of s-qKShvR1E_bKJbE3KpcihvgYpqS5pjeiVFRKjniEn-5Sp4jYEI5tJj_@bounce.linkedin.com designates 208.111.169.137 as permitted sender) smtp.mail=s-qKShvR1E_bKJbE3KpcihvgYpqS5pjeiVFRKjniEn-5Sp4jYEI5tJj_@bounce.linkedin.com; dkim=pass header.i=communication@linkedin.com
DomainKey-Signature: s=prod; d=linkedin.com; c=nofws; q=dns;
  h=Sender:Date:From:To:Message-ID:Subject:MIME-Version:
   Content-Type:X-LinkedIn-fbl;
  b=LAlAw9S8qrGPLt6phtZNvQ37jeg3yvtYlApfNHApbwizFBIvNvk2D1H6
   r7PxLyDTGK5YmRBn84TgBPD5FB0gt90r9Khp4TnNFIHyM3Sy64uMytmRj
   N4agg6dfvT5H2mO;
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
  d=linkedin.com; i=communication@linkedin.com; q=dns/txt;
  s=proddkim; t=1258526173; x=1290062173;
  h=from:sender:reply-to:subject:date:message-id:to:cc:
   mime-version:content-transfer-encoding:content-id:
   content-description:resent-date:resent-from:resent-sender:
   resent-to:resent-cc:resent-message-id:in-reply-to:
   references:list-id:list-help:list-unsubscribe:
   list-subscribe:list-post:list-owner:list-archive;
  z=From:=20LinkedIn=20Communication=20
   in.com>|Sender:=20messages-noreply@bounce.linkedin.com
   |Subject:=20LinkedIn=20Messages,=2011/17/2009|Date:=20Tue
   ,=2017=20Nov=202009=2022:36:03=20-0800=20(PST)
   |Message-ID:=20<2138821644.368566.1258526163419.JavaMail.
   app@ech3-cdn09.prod>|To:=20"Mr.Swaroop=20Krishnan=20S"=20
   |MIME-Version:=201.0;
  bh=HFHniqCRWqBOKiU6PXUVuudYIJ3jsx+QLmyfTd3eFzU=;
  b=SDfsYwsz/HCedRw3aFZ2JkOkKrLzzK2R1gVWv2WDNXhKtr2kM0ioAlZi
   m230bpQm4ZzCi2fwM2yyYbY8GauwKPZav6r23wyGA4hTBwHKLheSmXFI5
   /+urlA2oJGJPlWR;
Sender: messages-noreply@bounce.linkedin.com
Date: Tue, 17 Nov 2009 22:36:03 -0800 (PST)
From: LinkedIn Communication 
To: "Mr.Swaroop Krishnan S" 
Message-ID: <2138821644.368566.1258526163419.JavaMail.app@ech3-cdn09.prod>
Subject: LinkedIn Messages, 11/17/2009
MIME-Version: 1.0
Content-Type: multipart/alternative; 
 boundary="----=_Part_368565_1338859.1258526163416"
X-LinkedIn-fbl: qKShvR1E_bKJbE3KpcihvgYpqS5pjeiVFRKjniEn-5Sp4jYEI5tJj_

------=_Part_368565_1338859.1258526163416
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Posted by Swaroop Krishnan S at 10:14 PM 1 comments
Labels: , , , ,
Subscribe to: Posts (Atom)