IP 추적 1. 메일 이용하기 메일 사이트에서 제공하는 원본보기 기능 메일헤더(전송 시작부터 거쳐간 장치정보) + 메일바디(최초 송신자, 최종수신자 + 메일내용) 4차메일서버 : 최종 목적지(delivered) 3차메일서버 : 최종 목적지 바로 전 (x-receive) 2차메일서버 : 스팸인지를 분류(상대방 서버) => 대분류 서버 received-SPF : 주요 메일서버와 IP를 등록해두고 확인 후 스팸인지 검사하는 장치 값 : None, Natural, Pass, Fail, Softfail, TempError, PermError 1차 메일서버 : 최초서버 2. P2P 사이트 이용하기 3. 웹 게시판(웹 서버의 로그)이용하기 로깅 기록 필드에 클라이언트 IP를 기록하라고 명령 : c-ip 4. 자동화 툴 이용하기 1) traceroute : 패킷이 목적지까지 도달하는 동안 거쳐가는 라우터의 IP를 추적하는 툴 : UDP ICM IP의 TTL 값을 이용 : 상대방의 인터넷 구성을 짐작하는 용도로 쓰임 : traceroute를 수행할 때 보통 경로가 매번 다르게 설정됨 => 하나로 고정된다면 역추적 당하고 있다는 것을 알 수 있음 Open Visual TraceRoute : 패킷흐름을 그려서 패킷의 지리적인 위치를 확인 Delivered-To: sunj9906@gmail.com Received: by 2002:ac2:5a02:0:0:0:0:0 with SMTP id q2csp7824104lfn; Mon, 30 Sep 2019 17:12:46 -0700 (PDT) X-Received: by 2002:a81:b619:: with SMTP id u25mr14355293ywh.407.1569888766338; Mon, 30 Sep 2019 17:12:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1569888766; cv=none; d=google.com; s=arc-20160816; b=XWufu0yvzF1iz9OnI0JT23V5Iojmg70/f98tX3lAblfMXUQZTh4pFPFXCnpUNJLhnp hfZVOEqDxuMJtwpIh/9FAqqvYg/ySCKjSRNYv487Aq/lsaoHfJh2fdeZq27TEX+c+Fjx uHcuuntiY++FXA2NFdj+a7H1ahrjNcJyZkPo8buEGGkuIL9L2blpb1ppaHJEQnV7v2+e bvsJ1bAD8e9wabZg7TYMnlBsz9p62S4XcVIgGnA+dRJSwcUfYk+fvO34ajyZ5k53FIXq wzmpbaJXTVj9dW9VtgBnBpdIxdUx9eP2/OQkN56/zwdEF+NaDjnaYg+gsS+xL9u/Sn/Y b6tw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=to:subject:message-id:date:from:mime-version:dkim-signature; bh=FFg3L1dG+xoQKTDysgx/GZcpB6DW7ctlFwNbdOPVe4Y=; b=oVBe/4KhsmVsNc9Q7vYUgoiZ7UiV42sbM13mqNUihbpeWmRoz523KZxyY4iXumWG6X WcHOq7xKY/wD3zObc3nev+N/eXs8XdOBjEkqt2uWf8ExUcTW+1F+TQppP5qdY4gi9HqK XhD228/ZR6jsWunYW5cXhaLB6CPadXCGZ0rlu8DU+h4E+d3wfQldh/LlMOEnXLYyYKMc kmXYztg8qOTyqDtK6pkjAAf+nzUkPjyGhxOdmo2c1Qd+ZWADtloUjgjCv8kJB69tXyXM +0GfVjKNWBSI29CQTlHIX+ydP0+XfB1+mw3sI4StENvI9AVsEbiV2IydsgHPnqd3Yhwz r31g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=PxccKWSo; spf=pass (google.com: domain of i20182226@gmail.com designates 209.85.220.41 as permitted sender) smtp.mailfrom=i20182226@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from mail-sor-f41.google.com (mail-sor-f41.google.com. [209.85.220.41]) - 1차 메일서버 by mx.google.com with SMTPS id s204sor7367430ywb.19.2019.09.30.17.12.45 for (Google Transport Security); Mon, 30 Sep 2019 17:12:46 -0700 (PDT) Received-SPF: pass (google.com: domain of i20182226@gmail.com designates 209.85.220.41 as permitted sender) client-ip=209.85.220.41; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=PxccKWSo; spf=pass (google.com: domain of i20182226@gmail.com designates 209.85.220.41 as permitted sender) smtp.mailfrom=i20182226@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=FFg3L1dG+xoQKTDysgx/GZcpB6DW7ctlFwNbdOPVe4Y=; b=PxccKWSo8v/56B82aEMX2o+NPChycs0bOzyvcPQ6aHO9VjpqwzyU1m/YyQDMSnK6er B9WJ3xmSQpZOH/wpJO+u0X5fHELM8+vD4p7iMC8ZPQz0nPWJ+ZKdCnEjlaAF4ecYrXqq LF9G2CWQKatSHGbVSaJsUDhREA0Fh8WEgPoQtezvQeKbajt/hKSSGidLuSgGnyZ/dzI2 m92WK+jN0BdlE8z0TahW8Ye22q4IxfCfLY+rZ0UvE87IFJokOquFBbgBMV3pfs4oBIJi sskJX4NuLM5mQyXugMMK39PoM1FA/Jl4bf+HQ7ExiNMJWo2FYNjoBFY4MSnwhRoD4l9H /ZKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=FFg3L1dG+xoQKTDysgx/GZcpB6DW7ctlFwNbdOPVe4Y=; b=SM4nyke1CuIac1+RAmcWyqIo2Jj0wS1JPaCw6zJjLzsYMnUibSodqKqL6xng7WRhmz F6hAGuLpy4TLBw/lIBw7nw6idlD/onM5Zjc11m90jHCRsr7YbgbckNqWddzt7FLcMTB7 oCKcz7o7/DnJniN8UgKG6u1G40yDrdCI9i3YAm25nZbDXf5ZgIbm0hQGRZ5HRnXscuej G2IH9J4K4PqM/H/I0gzFk0ZpvfKGwx1YnFkqbwgxozXzg8flUpdkUR1PgPe62Jm3Q022 XVMQlqUsA5W1gjnyOrsOXTa/WwmxjFgmd+sbuTpXu2HYcRNDNsf329JVGhwSC0oTlpwm LCyw== X-Gm-Message-State: APjAAAU57Myds03kh3uyneeM7j8GxJaN+uQjk4EH+kbGlPNYLS7qFTz6 cwzF1DLDtELQYVjvXodCwbkS06yO9m+5OfZFjm+zZ7B1 X-Google-Smtp-Source: APXvYqz/1720lsrBGb2cdk9+wR/B3zYFT7dmRUYREukkIOZSbcuXB+9gUd+NIoNC2b7jSXXS39r/39yO3Zt6PsYTVrU= X-Received: by 2002:a81:414:: with SMTP id 20mr15176355ywe.91.1569888765549; Mon, 30 Sep 2019 17:12:45 -0700 (PDT) MIME-Version: 1.0 From: "김동하" Date: Tue, 1 Oct 2019 09:12:36 +0900