[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Possible attack method?? Question..

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Possible attack method?? Question..
From: Max Berger <max@xxxxxxxxxxx>
Date: Fri, 11 Jan 2008 23:40:11 +0100
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Fri, 11 Jan 2008 17:40:24 -0500
In-reply-to: <593627.39301.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
References: <593627.39301.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

Am Freitag, den 11.01.2008, 09:44 -0800 schrieb Anon Mus:
> This question is for those with the knowhow.
> 
> A while back I got a number of emails from the same source where the 
> emails were sent in "pairs" a minute or less apart.
> 
> The first of each of the "email pair" were large (over 700characters), 
> the second were small (under 50 characters). On the face of it the 
> "email pairs"  appeared to be a genuine error ("oh yes I forgot to 
> mention" kind of thing) by the sender, so I took no notice at the time.

Perhaps someone isn't looking for an unknown IP-address, but just want
to prove that the owner if a given IP-address is the owner of the
Mailbox "green lantern at yahoo". 

If this one is able to do a traffic analysis on this IP-address and
knows the login time at the pop/imap-Server of yahoo, a well defined
pattern of mail sizes could help. 

But in this case I think it's not useful for him, to send these mails in
such short intervals, because you would fetch both mails at one login
and in one stream of data...



Max

References:
- Possible attack method?? Question..
  - From: Anon Mus

Prev by Author: Tor causing network lags?
Next by Author: Re: List Suggestion
Previous by thread: Re: Possible attack method?? Question..
Next by thread: Re: Possible attack method?? Question..
Index(es):
- Author
- Thread