Security Basics mailing list archives
Re[2]: Distressing, possibly life threatening emails from free accou nts (yahoo, hotmail
From: Street <streetseeker () mail ru>
Date: Sat, 31 May 2003 21:30:12 +0400
Hello Sonja, Friday, May 30, 2003, 5:56:43 PM, you wrote: RS> 1. Save the e-mail in all its entirety. Make sure ALL headers are saved. RS> 2. perform header traceback as far as possible ensuring that the e-mail RS> address is not spoofed. If it is traceback to proper ISP. RS> 3. Once this is performed take it to the users local/county PD and have RS> them subpoena the ISP for the user records. RS> 4. If you provide me with a geographic location of the user I will help you RS> find a contact there. RS> Sonja Robinson, CISA RS> Network Security Analyst RS> HIP Health Plans RS> Office: 212-806-4125 RS> Pager: 8884238615 RS> -----Original Message----- RS> From: steve baker [mailto:stephenbbaker () hotmail com] RS> Sent: Tuesday, May 27, 2003 12:39 PM RS> To: RS> Subject: Distressing, possibly life threatening emails from free accounts RS> (yahoo, hotmail RS> One of our users has received questionable and possibly life threatening RS> emails from a yahoo account that was created recently. They have approached RS> us to find out as much as we can pertaining to the person sending it. RS> Of course, we are not YAHOO so we cannot determine anything about the mail RS> other than the content. RS> How can we find out who sent this? You see, if the "terrorist" is smart enough, there is no way to detect his identity. If the attacker will use a chain of proxies and will combine the letter via Telnet-session, even the log-files of mail server will not help you in any way. -- Best regards, Street mailto:streetseeker () mail ru --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re[2]: Distressing, possibly life threatening emails from free accou nts (yahoo, hotmail Street (Jun 02)