[H-GEN] Re: [H-DSIG] Looking for a Boyfriend.

Russell Stuart russell-humbug at stuart.id.au
Sun Jul 17 20:01:23 EDT 2005 

On Sun, 2005-07-17 at 21:20, Michael Anthon wrote:
> Curious to know how you came to the conclusion it originated from
> Japan.  I can't see anything in the headers that would indicate this.

I didn't keep the original email, so I can't quote the headers.
It was sent from a Yahoo account.  Emails that originate from
Yahoo web mail accounts contain a header show the IP of the
WWW Browser (or perhaps the proxy) that composed the email.
The tools you can find on the web placed that IP in different
countries, depending on which you asked - some said Japan,
some said Milton, NSW, Australia, and some said other
countries.   In the end they were not of much use.  So I ran
traceroute to the IP address.  I still have the command in
my shell history, so I can reproduce that.  This is its
output:

traceroute to 219.112.197.72 (219.112.197.72), 30 hops max, 38 byte packets
 1  bneadsl.brisbane.lube (10.7.0.2)  0.394 ms  0.333 ms  0.233 ms
 2  lns1.Brisbane.netspace.net.au (203.17.101.83)  23.253 ms  33.094 ms  30.740 ms
 3  core1-fastether-0-0-23.Brisbane.netspace.net.au (203.17.102.89)  39.200 ms  32.446 ms  29.516 ms
 4  FastEthernet3-0-0.GW1.BNE1.ALTER.NET (210.80.144.181)  42.839 ms  30.680 ms  29.583 ms
 5  23.so-3-2-0.XR2.BNE1.ALTER.NET (210.80.32.125)  41.977 ms  22.915 ms  28.166 ms
 6  0.so-0-0-3.XR2.SYD2.Alter.Net (210.80.33.73)  56.915 ms  48.096 ms  42.860 ms
 7  12.so-7-0-0.BR2.SYD2.ALTER.NET (210.80.33.238)  50.963 ms  120.092 ms  114.090 ms
 8  203.103.244.206 (203.103.244.206)  43.474 ms  44.864 ms  43.533 ms
 9  129.250.4.137 (129.250.4.137)  334.339 ms p1-0-2-2.r01.tokyjp01.jp.bb.verio.net (129.250.4.173)  159.988 ms p1-1-2-0.r01.tokyjp01.jp.bb.verio.net (129.250.4.137)  158.214 ms
10  ge-7-0-3.r20.tokyjp01.jp.bb.verio.net (129.250.3.177)  156.125 ms  157.210 ms ge-7-0-2.r21.tokyjp01.jp.bb.verio.net (129.250.3.181)  152.964 ms
11  xe-1-0-0.a21.tokyjp01.jp.ra.verio.net (61.213.162.230)  155.990 ms xe-1-0-0.a20.tokyjp01.jp.ra.verio.net (61.213.162.234)  154.625 ms *
12  ge-3-0-0.a13.tokyjp01.jp.ra.verio.net (61.213.162.79)  157.764 ms ge-2-0-0.7.a13.tokyjp01.jp.ra.verio.net (61.200.92.47)  155.376 ms  155.306 ms
13  61.120.146.170 (61.120.146.170)  157.384 ms  152.642 ms  158.822 ms
14  218.219.82.29 (218.219.82.29)  164.509 ms  151.733 ms  152.200 ms
15  218.219.82.174 (218.219.82.174)  158.011 ms  164.716 ms  232.811 ms
16  219.112.192.146 (219.112.192.146)  159.760 ms  163.494 ms  157.174 ms

All the latter addresses are in Japan.  Ergo, the most
likely scenario is the email was sent from Japan.  There
are other possible explanations, such as Maria is logging
into an ISP in Japan, or is using an web anonymiser in
Japan, or has a shell account in Japan.  These don't seem
very likely.

More information about the General mailing list