
	Home > Ask the Microsoft Exchange Experts > Richard Luckett: Spam and Security Questions & Answers > How effective is tracking the IP address of an email hacker?

Ask The Exchange Expert: Questions & Answers

EMAIL THIS

How effective is tracking the IP address of an email hacker?

EXPERT RESPONSE FROM: Richard Luckett

		Pose a Question

		Other Exchange Categories

		Meet all Exchange Experts
		Become an Expert for this site

Exchange Server tips, tutorials and expert advice

Digg This! StumbleUpon Del.icio.us

QUESTION POSED ON: 22 September 2008
Someone is accessing my Microsoft Outlook email account via the Exchange server. They are using my logon and password, which I have changed. Is there a way to track the IP address that they are using?

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Microsoft Exchange Server Monitoring and Logging
	Analyzing Exchange ActiveSync data from .CSV report files
	Top Exchange Server performance monitoring and troubleshooting tools
	Extracting Exchange ActiveSync data from IIS log files
	Error message: 'ID no: 8004100e Exchange System Manager'
	How to generate HTML reports with the Exchange Management Shell (EMS)
	IMAP list command only returns a list of Exchange public folders
	A network connection problem or an offline server prevented delivery of the message
	Monitor and search Exchange mailboxes for music and video files
	How much bandwidth is required to send email in Exchange 2003?
	Monitoring Outlook Web Access usage via IIS log files

Antivirus Software and Virus Protection

How file-level antivirus software can harm your Exchange Server

Troubleshooting Outlook Web Access issues on a 64-bit system

Microsoft Exchange Server security dos and don'ts

Minimize remote and mobile Outlook Web Access (OWA) security risks

Secure Edge Transport servers using the Security Configuration Wizard

The six-layered secret of effective Exchange Server email filtering

Microsoft Outlook and Exchange Server 2003 Email Security Guide

How to install and configure an Edge Transport server for Exchange 2007

Process, compress and block Microsoft Outlook email attachments

How to configure attachment blocking in Outlook Web Access

Microsoft Outlook

Stop personal calendar appointments from showing on Exchange Server

Relocating Outlook email messages on a hosted Exchange 2007 server

Creating Meeting Workspaces in MOSS 2007 and Outlook 2007

Control Outlook 2007 in cached mode settings with group policies

Sending poll questions through Exchange to non-Outlook users

Sort Microsoft Outlook email messages by original date

Performing advanced search queries in Microsoft Outlook 2007

Synchronized Exchange mobile device showing deleted appointment

Group policy settings for Outlook 2007 in cached mode

Problems creating Microsoft Outlook profile in Windows Vista

Microsoft Outlook Research

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

greylist (SearchExchange.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

If the hacker is hijacking email from a Microsoft Outlook 2003 or Outlook 2002 client, it may be possible to determine a computer's IP address by using read receipts. The catch is that the Outlook email would have to have a read receipt, and the originator of the message would be the one that could tell you the source IP address listed in the header of the read receipt.

If the person reading your email is doing so with Outlook Web Access (OWA), then it is much harder to track. All communications can be tracked, but you will need to capture the traffic with a network monitoring tool (e.g., NetMon, Wireshark, etc.) during the time frame that the incident occurs. Reviewing the capture log could reveal the source IP address of your hacker.

The IP address is really only of value to you if it is coming from within your organization. If the connection is being established externally, then you will not be able to rely on the IP address in the capture as it will probably be coming from the external interface of a firewall that is performing network address translation (NAT).

Do you have comments on this Ask the Expert Q&A? Let us know.

Ask an Exchange Server question in our forum.

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Outlook Web Access (OWA) Tips and Advice

SEARCH

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2004 - 2009, TechTarget \| Read our Privacy Policy