OT a question about email headers

[PA20Pilot]

Hi,

Sorry for the off topic, but this is where the knowledge is. I'm real
curious what information about me can be gathered from the header on
this posting? I know the feds could go through server logs and knock on
my door in an hour or so if they wanted, but what can you normal types
tell from them?

Can you tell what state I'm in?

What isp I'm using?

My dogs name?

Thanks!

 

[CreateWindow]

Hi PA20Pilot,

This is an NNTP header its different from an SMTP email header. Very
similar - but different.

Well, after 3 minutes of snooping I think:

You are using Firefox (Newsreader)
Your OS is the famous Windows 2000.
You *MAY* be an employee of:
Federal Aviation Administration
William J Hughes Technical Center
AJA-1423
Atlantic City Airport
NJ
08405
US
But that can be "spoofed" (falsified).

Someone else may do better.

Cheers,

CreateWindow
http://mymessagetaker.com
Stop using those paper phone message pads
make the computer work for you.
http://justpageprobe.com
The FREE Web page utility you always wanted.
Monitor your enterprise Web Servers.
Keep your router connected.
Email your IP to where you need it.

 

[Elmo]

Hi,

Sorry for the off topic, but this is where the knowledge is. I'm real
curious what information about me can be gathered from the header on
this posting? I know the feds could go through server logs and knock on
my door in an hour or so if they wanted, but what can you normal types
tell from them?

Can you tell what state I'm in?

What isp I'm using?

My dogs name?

Thanks!

What can you find in the data below? If your ip address was included, a
Whois, or other search utility would show what isp, or server you used.

Date: Wed, 09 May 2007 22:21:34 -0400
From: PA20Pilot <[email protected]>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12)
Gecko/20050915
X-Accept-Language: en-us, en
MIME-Version: 1.0
Subject: OT a question about email headers
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Message-ID: <[email protected]>
Newsgroups: microsoft.public.windowsxp.general
NNTP-Posting-Host: node54.206.100.208.1dial.com 208.100.206.54
Path: TK2MSFTNGP01.phx.gbl!TK2MSFTNGP06.phx.gbl
Lines: 1
Xref: TK2MSFTNGP01.phx.gbl microsoft.public.windowsxp.general:1709508
X-Antivirus: avast! (VPS 000739-0, 05/09/2007), Inbound message
X-Antivirus-Status: Clean

A tracert to 208.100.206.54 showed the following before it stopped
accepting the pings:

8 29 ms 35 ms 35 ms ae-2-52.bbr2.Chicago1.Level3.net
[4.68.101.33]
9 52 ms 47 ms 35 ms so-0-1-0.mp2.Detroit1.Level3.net
[64.159.0.198]

10 40 ms 35 ms 35 ms so-11-0.hsa1.Detroit1.Level3.net
[4.68.97.222]
11 40 ms 35 ms 47 ms unknown.Level3.net [63.209.134.18]
12 41 ms 47 ms 47 ms tnmi-10-74-255-64.ip.telnetww.com
[64.255.74.10]

With a whois search for the last ip address, I found this:

http://www.networksolutions.com/whois/results.jsp?ip=64.255.74.10

Are you near Troy Michigan?

 

[CreateWindow]

How about your ISP

Location: Pittsburgh (40.478N, 79.950W)
Network: AD-BASE-SYSTEMS
??
CreateWindow

Hi,

Sorry for the off topic, but this is where the knowledge is. I'm real
curious what information about me can be gathered from the header on this
posting? I know the feds could go through server logs and knock on my
door in an hour or so if they wanted, but what can you normal types tell
from them?

Can you tell what state I'm in?

What isp I'm using?

My dogs name?

Thanks!

What can you find in the data below? If your ip address was included, a
Whois, or other search utility would show what isp, or server you used.

Date: Wed, 09 May 2007 22:21:34 -0400
From: PA20Pilot <[email protected]>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12)
Gecko/20050915
X-Accept-Language: en-us, en
MIME-Version: 1.0
Subject: OT a question about email headers
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Message-ID: <[email protected]>
Newsgroups: microsoft.public.windowsxp.general
NNTP-Posting-Host: node54.206.100.208.1dial.com 208.100.206.54
Path: TK2MSFTNGP01.phx.gbl!TK2MSFTNGP06.phx.gbl
Lines: 1
X-Antivirus: avast! (VPS 000739-0, 05/09/2007), Inbound message
X-Antivirus-Status: Clean

A tracert to 208.100.206.54 showed the following before it stopped
accepting the pings:

8 29 ms 35 ms 35 ms ae-2-52.bbr2.Chicago1.Level3.net
[4.68.101.33]
9 52 ms 47 ms 35 ms so-0-1-0.mp2.Detroit1.Level3.net
[64.159.0.198]

10 40 ms 35 ms 35 ms so-11-0.hsa1.Detroit1.Level3.net
[4.68.97.222]
11 40 ms 35 ms 47 ms unknown.Level3.net [63.209.134.18]
12 41 ms 47 ms 47 ms tnmi-10-74-255-64.ip.telnetww.com
[64.255.74.10]

With a whois search for the last ip address, I found this:

http://www.networksolutions.com/whois/results.jsp?ip=64.255.74.10

Are you near Troy Michigan?

 

[Elmo]

Hi,

Sorry for the off topic, but this is where the knowledge is. I'm real
curious what information about me can be gathered from the header on
this posting? I know the feds could go through server logs and knock
on my door in an hour or so if they wanted, but what can you normal
types tell from them?

Can you tell what state I'm in?

What isp I'm using?

My dogs name?

Thanks!

What can you find in the data below? If your ip address was included, a
Whois, or other search utility would show what isp, or server you used.

Date: Wed, 09 May 2007 22:21:34 -0400
From: PA20Pilot <[email protected]>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12)
Gecko/20050915
X-Accept-Language: en-us, en
MIME-Version: 1.0
Subject: OT a question about email headers
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Message-ID: <[email protected]>
Newsgroups: microsoft.public.windowsxp.general
NNTP-Posting-Host: node54.206.100.208.1dial.com 208.100.206.54
Path: TK2MSFTNGP01.phx.gbl!TK2MSFTNGP06.phx.gbl
Lines: 1
Xref: TK2MSFTNGP01.phx.gbl microsoft.public.windowsxp.general:1709508
X-Antivirus: avast! (VPS 000739-0, 05/09/2007), Inbound message
X-Antivirus-Status: Clean

A tracert to 208.100.206.54 showed the following before it stopped
accepting the pings:

8 29 ms 35 ms 35 ms ae-2-52.bbr2.Chicago1.Level3.net
[4.68.101.33]
9 52 ms 47 ms 35 ms so-0-1-0.mp2.Detroit1.Level3.net
[64.159.0.198]

10 40 ms 35 ms 35 ms so-11-0.hsa1.Detroit1.Level3.net
[4.68.97.222]
11 40 ms 35 ms 47 ms unknown.Level3.net [63.209.134.18]
12 41 ms 47 ms 47 ms tnmi-10-74-255-64.ip.telnetww.com
[64.255.74.10]

With a whois search for the last ip address, I found this:

http://www.networksolutions.com/whois/results.jsp?ip=64.255.74.10

Are you near Troy Michigan?

Whoops! I should've done a Whois on ip address in the header information.

http://www.networksolutions.com/whois/results.jsp?ip=208.100.206.54

 

[PA20Pilot]

Hi Guys,

Thanks for taking the time to find things, however, you weren't even
close. The email address I use is fake for sure, that's a given, but all
the rest of the info is wrong too. I don't even know for sure where Troy
is and Pittsburg is at least 500 miles form here.

Thanks again,


---==X={}=X==---

Jim Self

AVIATION ANIMATION, the internet's largest depository.
http://avanimation.avsupport.com

Your only internet source for spiral staircase plans.
http://jself.com/stair/Stair.htm

Experimental Aircraft Association #140897
EAA Technical Counselor #4562

 

[CreateWindow]

OK,

1. You don't have a dog.
2. You are running Windows 2000.

Have a nice weekend!

CreateWindow