1 Tracking an Offender
2 Communication Between Layers in Different Hosts sender receiver data AH data PH data SH data TH data NH data DH DT data BITS Physical Presentation Session Transport Network Data link Application Physical Presentation Session Transport Network Data link Application
3 TCP/IP Family
4 Network Class
5 IP Address
6 Subnetting Add another level to address/routing hierarchy: subnet Subnet masks define variable partition of host part Subnets visible only within site
7 Basic Concepts and Tools Media Access Control ARP TCP/IP, UDP DHCP DNS ping, traceroute, dig, nslookup, ipconfig/ifconfig whois
8 Investigating s Increasing volume of fraudulent Virus propagation Spam in the workplace Increased successful prosecution of spammers Deleting
9 System One example open source system: –
10 Analyzing Message Headers Envelope header information –Added by sender –Often forged Message header –Added by receiver –Use these for analysis Sample message header – Abuse -> headerhttp://
11 Spam Tools Robomail: mass mailer – harvester – CAN-SPAM Act: Requirements for Commercial ers
12 Phishing Serious threat of financial loss Newest, most damaging type of spam Rely on “Social Engineering”
13 URL Obfuscation What is the format of a URL? If we are accessing a web site… –Protocol is http –User is blank and port number is blank (defaults to 80) Therefore, we get something like: – Hide real destination inside the URL: rg
14 Fighting Spam Spam Filter
15 CAN-SPAM Do’s Accurate Header –From –Subject –Origin, routing, destination Include Opt-Out Method Include real business address Clearly note that the is advertisement