[SpamCop-List] Re: (Very Very OT) Tracing Terrorist E-Mail
michael.spamcop at michaellefevre.com
Sat Mar 13 13:22:40 EST 2004
> On Fri, 12 Mar 2004 16:15:29 +0100, "Philippe Verdy"
> <verdy_p at wanadoo.fr> wrote:
>>> Not if it was sent through a open proxy or hijacked machine or some
>>> mixmaster etc...........
>>Exactly. Unless all the IP traffic from the hijacked machine was logged by
>>its ISP (very unlikely if the hijacked machine was one of a user in a free
>>country. Even the spying Big Ears wouldn't have logged the whole proxy
>>traffic if that traffic was using some basic encryption or steganogrpahy,
>>decyphered by the hijacked machine.
> I would say that *if* persons wanted to they could track the email to
> the source as ISP's do record traffic through their servers.
But open proxy traffic wouldn't touch the ISP's servers - for the ISP to
have logs, they've have to be tracking all the traffic through their
routers. For a reasonable sized ISP, that would generate terabytes of
logs each day, and ISPs don't generally do it - they might log some
specific stuff at some specific times for diagnostics or whatever, but
they wouldn't (and almost certainly couldn't) log everything.
Unless the open proxy has logs (which most don't), there's no way of
tracing stuff unless you can follow it while it's happening.
More information about the SpamCop-List