[121367] in North American Network Operators' Group
Re: more news from Google
daemon@ATHENA.MIT.EDU (Gadi Evron)
Fri Jan 15 17:28:29 2010
Date: Sat, 16 Jan 2010 00:27:34 +0200
From: Gadi Evron <ge@linuxbox.org>
To: nanog@nanog.org
In-Reply-To: <6F4C2201-A75A-4F88-B108-3021058544CA@cs.columbia.edu>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 1/14/10 12:31 AM, Steven Bellovin wrote:
>
> On Jan 13, 2010, at 5:26 PM, msheldon@cox.net wrote:
>
>> From a single detection of one hostile email you can often expand the picture to many mail recipients. A little open source research identifies the common community the recipients belong to. It's pretty straight forward.
>>
>
> The magic phrase is "traffic analysis" -- look at the accounts of known targets of interest, and see the usernames, IP addresses, etc., of their correspondents. Recurse as needed.
I am unsure about the term straight-forward, as even the easy cases take
a lot of time.
Gadi
>
> --Steve Bellovin, http://www.cs.columbia.edu/~smb
>
>
>
>
>
>
>
--
Gadi Evron,
ge@linuxbox.org.
Blog: http://gevron.livejournal.com/
