Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Tracking down anonymous user

from [Mike Erne] Network Security [Permanent Link]
Subject: RE: Tracking down anonymous user
Date: Wed, 27 Dec 2006 16:24:32 -0800 
Open the e-mail and under the view menu, select options.  It will show
you where and how it got to the manager.

Thanks,
 
Mike Erne
SOC Analyst 1
INX, Inc.
Phone: 541-349-2769
 

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of mikef@everfast.com
Sent: Tuesday, December 26, 2006 1:07 PM
To: security-basics@securityfocus.com
Subject: Tracking down anonymous user

I'm trying to track down an internal user who is sending email under a
different user account to hide his/her identity. 
Scenario:
I have a domain user account that about 15 people know the password to.
Someone logged on using this account and sent a message to a manager and
because of the content of the message I'm 100% certain that it's an
internal user; not someone spoofing. As a matter of fact it's definitely
someone in the IT department.
Is there a way to track down what computer (IP address) was used to send
the messages? 
The incident occurred a couple of days ago so I'm hoping I can still
track down the user. I'm using exchange server 2003.

I've check the exchange log files, SMTP files from my SQL servers, and
checked the recipient header (there was no header info), but I'm not
getting anywhere. If I can't get them this time what can I do to catch
them the next time.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Fwd: Print Server Log Analyzer, Ryan Buena
Next by Date:  RE: Benchmarking security posture, Tony UcedaVélez
Previous by Thread:  Tracking down anonymous user, mikef
Next by Thread:  Re: Tracking down anonymous user, intel96
Indexes:  [Date] [Thread] [Top] [All Lists]