[121261] in North American Network Operators' Group
Re: more news from Google
daemon@ATHENA.MIT.EDU (Steven Bellovin)
Wed Jan 13 17:32:28 2010
From: Steven Bellovin <smb@cs.columbia.edu>
In-Reply-To: <255275490-1263421495-cardhu_decombobulator_blackberry.rim.net-196880606-@bda062.bisx.prod.on.blackberry>
Date: Wed, 13 Jan 2010 17:31:46 -0500
To: msheldon@cox.net
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jan 13, 2010, at 5:26 PM, msheldon@cox.net wrote:
> =46rom a single detection of one hostile email you can often expand =
the picture to many mail recipients. A little open source research =
identifies the common community the recipients belong to. It's pretty =
straight forward.
>=20
The magic phrase is "traffic analysis" -- look at the accounts of known =
targets of interest, and see the usernames, IP addresses, etc., of their =
correspondents. Recurse as needed.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
