Q

How effective is tracking the IP address of an email hacker?

Find out whether tracking the IP address of a hacker who has accessed your Microsoft Outlook email account will prevent future email security breaches.

Someone is accessing my Microsoft Outlook email account via the Exchange server. They are using my logon and password, which I have changed. Is there a way to track the IP address that they are using?
If the hacker is hijacking email from a Microsoft Outlook 2003 or Outlook 2002 client, it may be possible to determine a computer's IP address by using read receipts. The catch is that the Outlook email would have to have a read receipt, and the originator of the message would be the one that could tell you the source IP address listed in the header of the read receipt.

If the person reading your email is doing so with Outlook Web Access (OWA), then it is much harder to track. All communications can be tracked, but you will need to capture the traffic with a network monitoring tool (e.g., NetMon, Wireshark, etc.) during the time frame that the incident occurs. Reviewing the capture log could reveal the source IP address of your hacker.

The IP address is really only of value to you if it is coming from within your organization. If the connection is being established externally, then you will not be able to rely on the IP address in the capture as it will probably be coming from the external interface of a firewall that is performing network address translation (NAT).

Do you have comments on this Ask the Expert Q&A? Let us know.

Ask an Exchange Server question in our forum.

This was first published in September 2008

Dig deeper on Microsoft Exchange Server Monitoring and Logging

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchWindowsServer

SearchEnterpriseDesktop

SearchCloudComputing

SearchSQLServer

Close