So guys, i finally got the damn packet. I captured the incoming spam with wireshark.
I also identified how it came in, there was a port open in the router (1026) that i use for my torrents that hadn't been turned off. So that part was just me beeing clumsy kinda.
Anyway, the first capture came from the address 122.104.219.117 so i whoised it an checked it a bit to get the ISP and the report abuse address....i then contacted them about it....havent gotten any answer yet... then i started to think....what are the odds of the packet beeing spoofed? i mean...they wouldnt need an answer from my computer so spoofing would just be good for them.
So i waited half an hour for another packet....and...the address was now..193.231.172.205
ofc there is a possibility that the spam is beeing sent from different computers, but they are very seperated, also one of them isn't even online it seems, and they would have to synchronize the times the message is beeing sent.
Anyway here is the spam, took a screenshot of it
EDIT: Due to router MAC translation, the MAC address could NOT be achieved, so this little "tracking" project will be shutdown until i can fix it ;/... mission fail
netsend spam captured packet
netsend spam captured packet
Last edited by ayu on 21 Jul 2007, 13:34, edited 2 times in total.
"The best place to hide a tree, is in a forest"
-
- Fame ! Where are the chicks?!
- Posts: 412
- Joined: 03 May 2006, 16:00
- 17
- Location: United States Of America
- Contact:
I'm Glad To Hear The Great News Neo! You Said
I Was Wondering What Is Port 1026 For But All In All Congratulation's On Your Success.I also identified how it came in, there was a port open in the router (1026) that i use for my torrents that hadn't been turned off.
If Man Made It Man Can Crack Or Hack It & If You Want To Be A True Hacker You Need To Keep Your Mind Open And Always Be Willing To Learn
[img]http://img384.imageshack.us/img384/9996/chaos19862ub.png[/img]
[img]http://img384.imageshack.us/img384/9996/chaos19862ub.png[/img]
-
- Moderator
- Posts: 901
- Joined: 18 Sep 2006, 16:00
- 17
- Location: on my Throne
- Contact:
spammers infect a lot of computers with adware
and after that some of those computers might be used to send more spam
so i woudnt be suprised
you gotta be careful with opening ports in your router
i currently have none open....so if you nmap me you get nothing
and thats what i like about the router
its like my guard against bullshit like that
Wireshark was Ethernet right?
and after that some of those computers might be used to send more spam
so i woudnt be suprised
you gotta be careful with opening ports in your router
i currently have none open....so if you nmap me you get nothing
and thats what i like about the router
its like my guard against bullshit like that
Wireshark was Ethernet right?
[url=http://img338.imageshack.us/img338/2034/oopsrg8.gif]/sig[/url]
- computathug
- Administrator
- Posts: 2693
- Joined: 29 Mar 2007, 16:00
- 17
- Location: UK
- Contact:
- Lyecdevf
- cyber Idi Amin
- Posts: 1222
- Joined: 16 Mar 2006, 17:00
- 18
- Location: In between life and death.
- Contact:
Wrong! Wireshark was never Ethernet!TheKingOfHearts wrote:Wireshark was Ethernet right?
Ethernet is a large, diverse family of frame-based computer networking technologies that operates at many speeds for local area networks (LANs). The name comes from the physical concept of the ether. It defines a number of wiring and signaling standards for the physical layer, through means of network access at the Media Access Control (MAC)/Data Link Layer, and a common addressing format.
I think you meant ethereal. Ethereal is a network protocol analyzer for Unix and Windows.
So yes. Wireshark was once ethereal!
We will either find a way, or make one.
- Hannibal
- Hannibal