Re[2]: Distressing, possibly life threatening emails from free accou nts (yahoo, hotmail

[Street <streetseeker () mail ru>]

Hello Sonja,

Friday, May 30, 2003, 5:56:43 PM, you wrote:

RS> 1. Save the e-mail in all its entirety.  Make sure ALL headers are saved.
RS> 2. perform header traceback as far as possible ensuring that the e-mail
RS> address is not spoofed.  If it is traceback to proper ISP.
RS> 3.  Once this is performed take it to the users local/county PD and have
RS> them subpoena the ISP for the user records.
RS> 4.  If you provide me with a geographic location of the user I will help you
RS> find a contact there.  

RS> Sonja Robinson, CISA
RS> Network Security Analyst
RS> HIP Health Plans
RS> Office:  212-806-4125
RS> Pager: 8884238615



RS> -----Original Message-----
RS> From: steve baker [mailto:stephenbbaker () hotmail com] 
RS> Sent: Tuesday, May 27, 2003 12:39 PM
RS> To: 
RS> Subject: Distressing, possibly life threatening emails from free accounts
RS> (yahoo, hotmail


RS> One of our users has received questionable and possibly life threatening
RS> emails from a yahoo account that was created recently.  They have approached
RS> us to find out as much as we can pertaining to the person sending it.

RS> Of course, we are not YAHOO so we cannot determine anything about the mail
RS> other than the content.

RS> How can we find out who sent this?

You see, if the "terrorist" is smart enough, there is no way to detect
his identity. If the attacker will use a chain of proxies and will
combine the letter via Telnet-session, even the log-files of mail
server will not help you in any way.

-- 
Best regards,
 Street                            mailto:streetseeker () mail ru


---------------------------------------------------------------------------
----------------------------------------------------------------------------