[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Email sent through Tor, Problem



Hello FQ,

These below are NOT the SMTP hops your email followed. These are IP hops, between your PC and the mail server of your friend in China. What is sure is that this information was not retrieved from the email you have sent directly, since no mail client or SMTP server would put the whole traceroute in the mail! Your mail didn't even follow this path, but the following:

- your PC
- lots of IP hops (one TPC connection) to the first Tor node
...
- lots of IP hops (one TPC connection) to the Tor exit node
- lots of IP hops (one TPC connection) to the Hotmail HTTP server

Till now you had your data sent through HTTP ....
Now comes the SMTP part

- Hotmail HTTP server putting your mail in a database
- I suppose another server sending out you email to the mail server of you friends mailbox (lots of IP hops again)
...
- your friend "viewing/downloading" the mail through SSH / HTTP / POP3 / IMAP (some IP hops again)

Of all this, in a mail, you have something like the following:

Received: from moria.seul.org (moria.csail.mit.edu [128.31.0.34])
	by mail0.unitn.it (Symantec Mail Security) with ESMTP id D366AD2DA7
	for <kiraly@xxxxxxxxxxxx>; Wed, 31 Oct 2007 04:28:42 +0100 (CET)
Received: by moria.seul.org (Postfix)
	id 3AC21140F3A7; Tue, 30 Oct 2007 23:28:40 -0400 (EDT)
Delivered-To: or-talk-outgoing@xxxxxxxx
Received: by moria.seul.org (Postfix, from userid 65534)
	id 3519A140F3F5; Tue, 30 Oct 2007 23:28:40 -0400 (EDT)
X-Original-To: or-talk@xxxxxxxxxxxxx
Delivered-To: or-talk@xxxxxxxx
Received: from bay0-omc1-s14.bay0.hotmail.com (bay0-omc1-s14.bay0.hotmail.com [65.54.246.86])
	by moria.seul.org (Postfix) with ESMTP id DF518140F3A7
	for <or-talk@xxxxxxxxxxxxx>; Tue, 30 Oct 2007 23:28:39 -0400 (EDT)
Received: from BAY116-W7 ([64.4.38.107]) by bay0-omc1-s14.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
	 Tue, 30 Oct 2007 20:28:38 -0700
Message-ID: <BAY116-W7AC92B38C7F79F59F0F0DAF930@xxxxxxx>
X-Originating-IP: [58.65.160.140]
From: Faqeer ALI <faqeerali@xxxxxxxxxxx>


If you have not used Tor, your IP appears in one of the last lines, as it is directly seen at the TCP endpoint of the HTTP server @ hotmail. If you use Tor, but there is some JavaScript sending your IP as data, and this is somehow not filtered, your IP could still appear .... but not the traceroot! So, the question is, what do you mean
by "i have traced the first ip"?

Regards,
Csaba

Faqeer ALI wrote:
Yeah i am pretty much sure, because i have traced the first ip ie my isp's.
it gives some information like this.

1     10.0.0.138

2.       PAKISTAN  ------------------> MY IP.

3.         PAKISTAN

4,    202.125.154.129   Islamabad, Pakistan

5.    202.125.159.209   Pakistan

6.    202.125.159.20    Pakistan

7.    202.125.128.161   Pakistan

8.    63.218.1.193      Herndor, USA

9.    63.218.61.190     Herndor, USA

10    202.97.60.165     China

11.   202.97.43.174     China

12.   202.97.43.171     China

13.   202.97.68.80      China

14.   125.123.1.242     China

15.   125.123.1.158     China

17.   125.123.1.138     China

End   125.123.40.183    China

Is there any trick to hide the header information while sending email through hotmail.
Any suggestion?

Regards
FQ


----------------------------------------> Date: Tue, 30 Oct 2007 19:39:49 -0400> From: phobos@xxxxxxxxxx> To: or-talk@xxxxxxxxxxxxx> Subject: Re: Email sent through Tor, Problem>> On Tue, Oct 30, 2007 at 04:22:38PM +0000, faqeerali@xxxxxxxxxxx wrote 1.8K bytes in 37 lines about:> :> : I have sent an email through web interface from hotmail adress to another hotmail adress.> : The reciver has used the following sofware "http://www.visualware.com/index.html"; and got the details of the routes and hopes that the email had followed.>> Are you sure the receiver traced it back to your internet connection and> not the tor exit server?>> EmailtrackerPro appears to just parse the mail headers and map whois> data of the hosts in the headers. It then draws pretty lines between> everything.>> As long as Hotmail is exposing your real IP, this will continue to work.> Can anyone else with a hotmail account verify that hotmail is indeed> getting the real IP for header insertion?>> --> Andrew

_________________________________________________________________
Help yourself to FREE treats served up daily at the Messenger Café. Stop by today.
http://www.cafemessenger.com/info/info_sweetstuff2.html?ocid=TXT_TAGLM_OctWLtagline