more news from Google
smb at cs.columbia.edu
Wed Jan 13 16:31:46 CST 2010
On Jan 13, 2010, at 5:26 PM, msheldon at cox.net wrote:
> From a single detection of one hostile email you can often expand the picture to many mail recipients. A little open source research identifies the common community the recipients belong to. It's pretty straight forward.
The magic phrase is "traffic analysis" -- look at the accounts of known targets of interest, and see the usernames, IP addresses, etc., of their correspondents. Recurse as needed.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
More information about the NANOG