Ask the Expert

How effective is tracking the IP address of an email hacker?

Someone is accessing my Microsoft Outlook email account via the Exchange server. They are using my logon and password, which I have changed. Is there a way to track the IP address that they are using?

    Requires Free Membership to View

If the hacker is hijacking email from a Microsoft Outlook 2003 or Outlook 2002 client, it may be possible to determine a computer's IP address by using read receipts. The catch is that the Outlook email would have to have a read receipt, and the originator of the message would be the one that could tell you the source IP address listed in the header of the read receipt.

If the person reading your email is doing so with Outlook Web Access (OWA), then it is much harder to track. All communications can be tracked, but you will need to capture the traffic with a network monitoring tool (e.g., NetMon, Wireshark, etc.) during the time frame that the incident occurs. Reviewing the capture log could reveal the source IP address of your hacker.

The IP address is really only of value to you if it is coming from within your organization. If the connection is being established externally, then you will not be able to rely on the IP address in the capture as it will probably be coming from the external interface of a firewall that is performing network address translation (NAT).

Do you have comments on this Ask the Expert Q&A? Let us know.

Ask an Exchange Server question in our forum.

This was first published in September 2008

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: