netsend spam captured packet

Post by **ayu** » 21 Jul 2007, 08:27

So guys, i finally got the damn packet. I captured the incoming spam with wireshark.

I also identified how it came in, there was a port open in the router (1026) that i use for my torrents that hadn't been turned off. So that part was just me beeing clumsy kinda.

Anyway, the first capture came from the address 122.104.219.117 so i whoised it an checked it a bit to get the ISP and the report abuse address....i then contacted them about it....havent gotten any answer yet... then i started to think....what are the odds of the packet beeing spoofed? i mean...they wouldnt need an answer from my computer so spoofing would just be good for them.

So i waited half an hour for another packet....and...the address was now..193.231.172.205

ofc there is a possibility that the spam is beeing sent from different computers, but they are very seperated, also one of them isn't even online it seems, and they would have to synchronize the times the message is beeing sent.

Anyway here is the spam, took a screenshot of it

EDIT: Due to router MAC translation, the MAC address could NOT be achieved, so this little "tracking" project will be shutdown until i can fix it ;/... mission fail

Chaos1986 · Post by **Chaos1986** » 21 Jul 2007, 09:53

I'm Glad To Hear The Great News Neo!

You Said

I also identified how it came in, there was a port open in the router (1026) that i use for my torrents that hadn't been turned off.

I Was Wondering What Is Port 1026 For

But All In All Congratulation's On Your Success.

Post by **ayu** » 21 Jul 2007, 09:59

Well i read before that the messenger service uses some ports above 1024 ^^ and since i wasnt using my torrent client at a time, the port was available for the messenger service when it was started.

TheKingOfHearts · Post by **TheKingOfHearts** » 31 Aug 2007, 18:13

spammers infect a lot of computers with adware
and after that some of those computers might be used to send more spam

so i woudnt be suprised

you gotta be careful with opening ports in your router

i currently have none open....so if you nmap me you get nothing

and thats what i like about the router
its like my guard against bullshit like that

Wireshark was Ethernet right?

Post by **computathug** » 31 Aug 2007, 19:50

wrong, surely if you can access suck-o there must be at least one port open. whether it is secure is another thing

[/code]

but you gotta admit it, its this shit that makes us want to learn

Lyecdevf · Post by **Lyecdevf** » 01 Sep 2007, 01:56

TheKingOfHearts wrote:Wireshark was Ethernet right?

Wrong!

Wireshark was never Ethernet!

Ethernet is a large, diverse family of frame-based computer networking technologies that operates at many speeds for local area networks (LANs). The name comes from the physical concept of the ether. It defines a number of wiring and signaling standards for the physical layer, through means of network access at the Media Access Control (MAC)/Data Link Layer, and a common addressing format.

I think you meant ethereal. Ethereal is a network protocol analyzer for Unix and Windows.

So yes. Wireshark was once ethereal!

Post by **bad_brain** » 01 Sep 2007, 04:02

Wireshark IS Ethereal. the developer that had the copyright for the name Ethereal joined a big company and the company politics say he's not allowed to stay a member of the developer group for Ethereal...so he had to leave and take the copyright with him...so only the name of the project changed.