Spoofing, Packet Crafting

Hey guys, SRS NEWFAG here. Not a spammer, but curious. Irrespective of php or cgi scripts on websites, and of telnet to open-mail-server, what techniques are available for email spoofing? Again, reiterating the 'NEWFAG'ishness inherent to this inquiry, I have momentarily glanced over the RFC but need some help. Knowing little of the lower level shit involved in the concept, isn't it possible to merely craft a packet with all of the right parameters to quickly and effectively, albeit relatively anonymously spoof an email somewhere while making it look almost completely legit? Essentially the rub lies in that I have been receiving emails which are clearly spoofed. These emails contain hidden messages which are only semantically relevant to me, that is, because I 'get' the context. I am reasonably confident that I know who the individual on the other end of this is, and would like to do the same. However, almost all of the options out there seem to traceback to my ip address, or require my use of a shady server. Is there not a way to achieve the end with a script that crafts a packet, thereby bypassing interfacing directly with open mailservers? I get the impression that the adversary in this situation has written a program which achieves some end similar, and ever email that this entity sends to me, has changed parameters. i.e.- different routes of travel, different aliases, however the 'hidden messages' follow the semantic logic. Ya'll follow?

anything you can do in telnet can be done by a custom TCP connection, packet injection, etc

use a botnet

that would presuppose access to a botnet.

I can't help you since I'm not an EXPERT ANII HAXXOR but I'd really like to hear more details about your situation as it piqued my interest.

I would be willing to discuss this with you further.  Do you have an email address, or other channel of communication off the message board?

Post all of it here!!

Members of a particular organization are using increasingly a-typical techniques to recruit, coerce, harass, humiliate and occasionally just tease people.  One such method is to spoof emails which upon initial consideration by the unwitting appear only to be spam, but which will contain information semantically relevant to the intended target thereby maintaining a layer of deniability for the antagonist.

The semantically relevant article can range from a single word, to a whole paragraph.  This information can be hidden in the sender name, the sender's domain (i.e. honkeymouthed@hitthatshit.com), the body of the text, the subject line or the mailer information. 

The more particularly advanced examples of this also include a link to a server which corroborates the suggestion that the email is in fact legitimate spam, which however upon closer investigation, is actually a server meant to glean further system information and not actually sell illicit wares.

This is a permutation on the idea of phishing, with the actual intention being communication, harassment or recruitment.

The semantically relevant items/words encoded using techniques such as 'double-entendre', will often have been gleaned utilizing contemporary methods as technical as 'traffic analysis' to methods as old school as 'human asset intelligence collection'.

It is my belief that the aggressors in question are state-sponsored actors, at least in my case, but on a smaller scale this can also be useful for hackers.

>>8
Members of a particular organization
It is my belief that the aggressors in question are state-sponsored actors

OK bro this shit is too complex for me

Central Intelligence Agency

The Patriots

>>11

Good one.

^{Back to /b/, ``GNAA Faggot''}




1  Name: Anonymous : 2009-07-10 16:19 


Hey guys, SRS NEWFAG here. Not a spammer, but curious. Irrespective of php or cgi scripts on websites, and of telnet to open-mail-server, what techniques are available for email spoofing? Again, reiterating the 'NEWFAG'ishness inherent to this inquiry, I have momentarily glanced over the RFC but need some help. Knowing little of the lower level shit involved in the concept, isn't it possible to merely craft a packet with all of the right parameters to quickly and effectively, albeit relatively anonymously spoof an email somewhere while making it look almost completely legit? Essentially the rub lies in that I have been receiving emails which are clearly spoofed. These emails contain hidden messages which are only semantically relevant to me, that is, because I 'get' the context. I am reasonably confident that I know who the individual on the other end of this is, and would like to do the same. However, almost all of the options out there seem to traceback to my ip address, or require my use of a shady server. Is there not a way to achieve the end with a script that crafts a packet, thereby bypassing interfacing directly with open mailservers? I get the impression that the adversary in this situation has written a program which achieves some end similar, and ever email that this entity sends to me, has changed parameters. i.e.- different routes of travel, different aliases, however the 'hidden messages' follow the semantic logic. Ya'll follow?



2  Name: Anonymous : 2009-07-10 17:04 


anything you can do in telnet can be done by a custom TCP connection, packet injection, etc



3  Name: Anonymous : 2009-07-10 17:20 


use a botnet



4  Name: Anonymous : 2009-07-10 17:23 


that would presuppose access to a botnet.



5  Name: Anonymous : 2009-07-10 17:24 


I can't help you since I'm not an EXPERT ANII HAXXOR but I'd really like to hear more details about your situation as it piqued my interest.



6  Name: Anonymous : 2009-07-10 17:29 


I would be willing to discuss this with you further.  Do you have an email address, or other channel of communication off the message board?



7  Name: Anonymous : 2009-07-10 17:41 


Post all of it here!!



8  Name: Anonymous : 2009-07-10 17:58 


Members of a particular organization are using increasingly a-typical techniques to recruit, coerce, harass, humiliate and occasionally just tease people.  One such method is to spoof emails which upon initial consideration by the unwitting appear only to be spam, but which will contain information semantically relevant to the intended target thereby maintaining a layer of deniability for the antagonist.

The semantically relevant article can range from a single word, to a whole paragraph.  This information can be hidden in the sender name, the sender's domain (i.e. honkeymouthed@hitthatshit.com), the body of the text, the subject line or the mailer information. 

The more particularly advanced examples of this also include a link to a server which corroborates the suggestion that the email is in fact legitimate spam, which however upon closer investigation, is actually a server meant to glean further system information and not actually sell illicit wares.

This is a permutation on the idea of phishing, with the actual intention being communication, harassment or recruitment.

The semantically relevant items/words encoded using techniques such as 'double-entendre', will often have been gleaned utilizing contemporary methods as technical as 'traffic analysis' to methods as old school as 'human asset intelligence collection'.

It is my belief that the aggressors in question are state-sponsored actors, at least in my case, but on a smaller scale this can also be useful for hackers.



9  Name: Anonymous : 2009-07-10 18:04 


>>8
Members of a particular organization
It is my belief that the aggressors in question are state-sponsored actors

OK bro this shit is too complex for me



10  Name: Anonymous : 2009-07-10 18:09 


Central Intelligence Agency



11  Name: La-Li-Lu-Le-Lo : 2009-07-10 20:02 


The Patriots



12  Name: Anonymous : 2009-07-10 20:36 


>>11

Good one.



14  Name: Anonymous : 2010-12-06 09:26 


Back to /b/, ``GNAA Faggot''



15  Name: Anonymous : 2011-02-03 01:54

bampu pantsu