Home > Ask the Microsoft Exchange Experts > Richard Luckett: Spam and Security Questions & Answers > How effective is tracking the IP address of an email hacker?
Ask The Exchange Expert: Questions & Answers
EMAIL THIS

How effective is tracking the IP address of an email hacker?

Richard Luckett EXPERT RESPONSE FROM: Richard Luckett

Pose a Question
Other Exchange Categories
Meet all Exchange Experts
Become an Expert for this site


Exchange Server tips, tutorials and expert advice
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


>
QUESTION POSED ON: 22 September 2008
Someone is accessing my Microsoft Outlook email account via the Exchange server. They are using my logon and password, which I have changed. Is there a way to track the IP address that they are using?


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google



RELATED CONTENT
Microsoft Exchange Server Monitoring and Logging
Analyzing Exchange ActiveSync data from .CSV report files
Top Exchange Server performance monitoring and troubleshooting tools
Extracting Exchange ActiveSync data from IIS log files
Error message: 'ID no: 8004100e Exchange System Manager'
How to generate HTML reports with the Exchange Management Shell (EMS)
IMAP list command only returns a list of Exchange public folders
A network connection problem or an offline server prevented delivery of the message
Monitor and search Exchange mailboxes for music and video files
How much bandwidth is required to send email in Exchange 2003?
Monitoring Outlook Web Access usage via IIS log files

Microsoft Outlook
Outlook 2007 shut-down problems and fixes
Microsoft Outlook and SharePoint calendar dos and don'ts
Free tools facilitate large-scale Outlook and SharePoint integrations
Exchange Mailbag: POP3 settings and Outlook issues
Pros and cons of Outlook 2007's storage engine redesign
Fix Outlook 2007 and SharePoint synchronization breaks
Email issues after configuring hosted Exchange server on laptop
Avoid Outlook 2007 performance issues during repairs
A behind-the-scenes look at Outlook 2007 and SharePoint integration
When to use a self-signed certificate with Exchange Server 2007
Microsoft Outlook Research

Richard Luckett: Spam and Security
Why can't I grant users permissions to an Exchange public folder?
How can I configure Exchange IMF to allow an IP address or DNS?
Connecting an Apple iPhone to Exchange Server on Windows SBS 2003
Tool helps identify inbound Exchange Server email flow issues
Exchange email sent to a domain using SPF authentication is returned
Why does a security alert pop up when accessing Outlook Web Access?
Configure SMTP relay restrictions in Exchange Server 2003 to stop spam
How to lock down an SMTP relay to prevent spam in Exchange Server 2003
Selectively set email permissions for Exchange groups
What event log tracks user access to Exchange Server?

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
bacn  (SearchExchange.com)
email bankruptcy  (SearchExchange.com)
offline folder file  (SearchExchange.com)
OST file  (SearchExchange.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


If the hacker is hijacking email from a Microsoft Outlook 2003 or Outlook 2002 client, it may be possible to determine a computer's IP address by using read receipts. The catch is that the Outlook email would have to have a read receipt, and the originator of the message would be the one that could tell you the source IP address listed in the header of the read receipt.

If the person reading your email is doing so with Outlook Web Access (OWA), then it is much harder to track. All communications can be tracked, but you will need to capture the traffic with a network monitoring tool (e.g., NetMon, Wireshark, etc.) during the time frame that the incident occurs. Reviewing the capture log could reveal the source IP address of your hacker.

The IP address is really only of value to you if it is coming from within your organization. If the connection is being established externally, then you will not be able to rely on the IP address in the capture as it will probably be coming from the external interface of a firewall that is performing network address translation (NAT).

Do you have comments on this Ask the Expert Q&A? Let us know.

Ask an Exchange Server question in our forum.



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice



Outlook Web Access (OWA) Tips and Advice
HomeNewsTopicsITKnowledge ExchangeTipsAsk the ExpertsMultimediaWhite PapersIT Downloads
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2004 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts