Tracing Emails

Started by Slashe, February 09, 2005, 07:37:11 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 09, 2005, 07:37:11 PM
Hey i know a little about hacking and some stuff about computers. Some one has been sending emails from my email acount which is on a very secure server that would require a great hacker or someone who is already in the system to crack into. It is on outlook and the text shows that it is someone from inside the server. If anyone knows how to find out who got on to my account. it would be great to know thanks. ::)
February 09, 2005, 10:29:57 PM #1
Hey,

Haven't been around really, but thought I'd check tonight... I can't really recall the name of it, but I know there was some years back (probably longer than I actually remember) a decent article on tracing emails.

Try doing some googling a bit. Might find some things of use. But basically it's just a matter of reading email headers. Just remember that some things are of course harder to trace than others...

Hope that helps.

Met
"My Terminal is my Soul"
February 13, 2005, 05:42:49 PM #2
Well, there are a lot of big if's in your problem.

First, what type of mail server are we talking about. The product and version are key to helping figure this problem out. Knowing that will allow you to look up any known vulnerabilities that may narrow down how this is being done and allow you to stop it, maybe not catch the person, but you could always set up some sort of trap to catch them in the act if you cared enough.

Second, dont completely discount someone from being able to have broken into the server. Philosophy like that has landed many people in a bad spot and cause lots of companies and government organizations to become overconfident and open to attack.

Chances are your password to your account has leaked. More then likely changing it would probably fix it, hopefully you've tried this. The next possibility is that your mail server is incorrectly configured. This would allow "spoofing" to take place where it looks as though its being generated from your account.

If you could get a copy of the messages that were sent, in the headers of the message most mail servers log the IP or Hostname of the connecting workstation. This may help track down who it is. This can be spoofed as well, but thats a lot more difficult then doing this type of thing with a mail server in some ways.

There are some mail servers with inherent flaws in design that allow spoofing to take place regardless of permission or configuration (Exchange 5.5 is one) so again, we go back to my first point.

Hope this helps you out.
"A well known hacker is a good hacker, an unknown hacker is a great hacker..."

I don't care what your parents told you, you aren't special.
  • https://github.com/tazinator
February 19, 2005, 05:14:57 PM #3
Uhm... one thing JUMPS out at me right off the bat... he claims it's on a very secure server... blah blah blah... and then he mentions outlook... which I'm willing to bet logs in using smtp/pop3 in clear text... not very secure if that's the case... a small ethereal session will compromise that username/password combo in a jiffy...

Food for thought...
*** Sleep: A completely inadequate substitute for caffeine. ***
01010010010101000100011001001101
Print
Go Up Pages1
User actions
SMF spam blocked by CleanTalk