Re: forging headers

[Adam Shostack <adam@lighthouse.homeport.org>]

You need to send the entire headers, including such things as recieved
lines.  Looking over those lines carefully will probably provide some
clues.

eg:
>From owner-cypherpunks@toad.com  Sun Sep 24 20:14:32 1995
>Return-Path: owner-cypherpunks@toad.com
>Received: from relay3.UU.NET (relay3.UU.NET [192.48.96.8]) by
>homeport.org (8.6.9/8.6.9) with ESMTP id UAA18842 for
><adam@homeport.org>; Sun, 24 Sep 1995 20:14:30 -0400
>Received: from toad.com by relay3.UU.NET with SMTP 
>        id QQziqi14036; Sun, 24 Sep 1995 20:10:07 -0400
>Received: by toad.com id AA02191; Sun, 24 Sep 95 17:05:32 PDT
>Received: from crypto.com by toad.com id AA02182; Sun, 24 Sep 95
>17:05:26 PDT
>Received: from tpc.crypto.com by crypto.com Sun, 24 Sep 1995 20:16:16
>-0400
>Message-Id: <199509250016.UAA19204@crypto.com>


| So I got this message.  How would someone identify the sender of this
| message?  I'm writing an article on anonymity, with some discussion of
| remailers, and want to argue that forging already permits people to raise
| the costs of tracing significantly, anonymous remailers or no.  
| 
| Lee
| 
| >From: freeh@fbi.gov
| >Date: Tue, 24 Oct 95 16:07:08 -0400
| >Apparently-To: tien@well.sf.ca.us
| >X-UIDL: 814570964.056
| >
| >> How difficult is it to forge headers?  How difficult is it to trace a
| >> message to the actual sender if the header is forged?
| >
| >Not very difficult at all (to forge, that is).  This is a quick and dirty
| >example that should be somewhat traceable.  If you want pointers on how to
| >trace it, post the whole thing, including headers, to cypherpunks.



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume